|
Log-Analyse und Auswertung: Myfilestore.com Virus eingefangen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.03.2017, 22:58 | #1 |
| Myfilestore.com Virus eingefangen? Guten Abend, meine Frau hat heute in Google eine Anleitung für den Spielzeug-Traktor unseres Sohnes gesucht. Sie hat dann auf einen Link zu einem Forum geklickt (www.modelltruck.net) und wurde auf Myfilestore weitergeleitet. Die Seite kam ihr komisch vor und sie weiß nicht genau was sie dann angeklickt hat. Im Verlauf habe ich die folgenden beiden (auffälligen?) Links gefunden: hxxp://myfilestore.com/download.php?id=57352d56 hxxp://nv.msghbsuasively.download/9557/1035/anl1/j5wcey/1225 Ich habe dann gegoogelt und gelesen, dass es sich um einen Virus handeln könnte und habe den Firefox wieder zurückgesetzt (der Verlauf blieb aber erhalten). Wie kann ich feststellen, ob der PC von einem Virus befallen wurde, bislang hat sich das Verhalten von Firefox nicht verändert bzw. der Virenscanner Bitdefender hat auch keinen Virus gefunden (habe aber auch gelesen, dass der Virus die Virenscanner usw. ausschalten kann). Vielen Dank schon mal für Eure Hilfe! Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017 durchgeführt von Silvia (Administrator) auf SILVIA-PC (09-03-2017 22:38:16) Gestartet von C:\Users\Silvia\Downloads Geladene Profile: Silvia (Verfügbare Profile: Silvia & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AMD) C:\Windows\System32\atieclxx.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\Dropbox.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\Dropbox.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-20] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Run: [Dropbox Update] => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) HKU\S-1-5-21-983883370-204824152-491102941-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll -> Keine Datei ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll -> Keine Datei ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll -> Keine Datei Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-12-26] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-04-13] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-25] ShortcutTarget: Dropbox.lnk -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{d96e33c9-9c49-41b5-9ccb-f54ed90cc9d8}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-983883370-204824152-491102941-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> {0CD413A5-25C0-4513-A268-CED8EFAF18A8} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-25] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-25] (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) Toolbar: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei Toolbar: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> Kein Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - Keine Datei Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\270o59bb.default-1489091303183 [2017-03-09] FF NewTab: Mozilla\Firefox\Profiles\270o59bb.default-1489091303183 -> chrome://unitedtb/content/newtab/newtab-page.xhtml FF Extension: (WEB.DE MailCheck) - C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\270o59bb.default-1489091303183\Extensions\toolbar@web.de [2017-03-09] [ist nicht signiert] FF Extension: (UITBAutoInstaller) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-02] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-26] [ist nicht signiert] FF HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-23] () FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll [2013-07-28] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-23] () FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-25] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-09-09] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3883544 2016-12-22] (devolo AG) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [Datei ist nicht signiert] R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [111320 2016-01-22] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1574744 2016-01-29] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1622512 2016-01-22] (BitDefender) R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [806344 2016-01-22] (BitDefender) S3 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-12-03] (BitDefender LLC) R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2015-09-28] (Riverbed Technology, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-02-09] (Windows (R) 2003 DDK 3790 provider) R2 SGDrv; C:\WINDOWS\System32\drivers\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-03-09 22:40 - 2017-03-09 22:39 - 00003574 _____ C:\Users\Silvia\Desktop\Bitdefender 1489095559_1_01.xml 2017-03-09 22:38 - 2017-03-09 22:39 - 00018214 _____ C:\Users\Silvia\Downloads\FRST.txt 2017-03-09 22:38 - 2017-03-09 22:38 - 00000000 ____D C:\FRST 2017-03-09 22:37 - 2017-03-09 22:37 - 02423808 _____ (Farbar) C:\Users\Silvia\Downloads\FRST64.exe 2017-03-09 21:33 - 2017-03-09 21:33 - 00097882 _____ C:\ProgramData\1489091590.bdinstall.bin 2017-03-09 21:28 - 2017-03-09 21:28 - 00000000 ____D C:\Users\Silvia\Desktop\Alte Firefox-Daten 2017-03-03 11:11 - 2017-03-03 11:11 - 00032740 _____ C:\Users\Silvia\Downloads\Dinkel Pizzateig - 2016-09-10.pdf 2017-02-25 09:20 - 2017-02-25 09:20 - 00000000 ____D C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-23 20:17 - 2017-02-23 20:48 - 00000000 ____D C:\Users\Silvia\Desktop\Igel Fotostick 2017-02-15 10:14 - 2017-02-15 10:14 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-15 10:14 - 2017-02-15 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-03-09 22:34 - 2016-03-25 17:32 - 00000000 ____D C:\Program Files\Bitdefender Agent 2017-03-09 22:04 - 2016-10-14 23:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-09 20:36 - 2013-09-18 18:17 - 00000000 ___RD C:\Users\Silvia\Dropbox 2017-03-09 15:16 - 2012-08-19 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-09 15:15 - 2016-11-24 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-03-09 15:07 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-09 15:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-09 15:05 - 2013-05-20 16:16 - 02426440 _____ C:\Users\Silvia\Desktop\bitdefender_antivirus2013.exe 2017-03-09 10:17 - 2015-06-12 22:02 - 00000000 ____D C:\Users\Silvia\AppData\Local\Dropbox 2017-03-01 12:03 - 2016-10-14 23:52 - 00000000 ____D C:\Users\Silvia 2017-03-01 11:23 - 2016-07-16 07:04 - 00131072 _____ C:\WINDOWS\system32\config\ELAM 2017-03-01 11:20 - 2016-10-15 00:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-01 11:20 - 2012-08-19 11:26 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-25 09:41 - 2013-09-18 18:15 - 00000000 ____D C:\Users\Silvia\AppData\Roaming\Dropbox 2017-02-24 09:05 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-24 09:01 - 2013-07-28 21:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-23 22:07 - 2012-08-22 20:49 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-23 20:49 - 2014-08-18 15:46 - 00000000 ____D C:\Users\Silvia\AppData\Local\Adobe 2017-02-23 20:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-23 20:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-18 11:09 - 2016-12-07 07:42 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-18 11:08 - 2016-03-06 13:22 - 00002421 _____ C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-02-18 11:08 - 2016-03-06 13:22 - 00000000 ___RD C:\Users\Silvia\OneDrive 2017-02-15 10:14 - 2012-08-19 07:37 - 00000000 ____D C:\Program Files (x86)\Google 2017-02-09 13:42 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-08 11:13 - 2015-10-23 20:04 - 00000000 ____D C:\Users\Silvia\AppData\Local\Nero ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-04-19 08:08 - 2012-04-19 08:08 - 141590843 _____ () C:\Program Files\openofficeorg1.cab 2012-04-19 07:59 - 2012-04-19 07:59 - 3125248 _____ () C:\Program Files\openofficeorg34.msi 2012-04-19 07:59 - 2012-04-19 07:59 - 0473600 _____ () C:\Program Files\setup.exe 2012-04-19 07:59 - 2012-04-19 07:59 - 0000290 _____ () C:\Program Files\setup.ini 2016-05-23 20:52 - 2016-05-23 20:52 - 0000385 _____ () C:\Users\Silvia\AppData\Roaming\user_gensett.xml 2012-10-07 17:24 - 2012-10-07 17:24 - 0000393 _____ () C:\Users\Silvia\AppData\Local\HamsterVideoConverterSettings.cfg 2016-04-14 18:41 - 2016-04-14 18:41 - 0627349 _____ () C:\ProgramData\1460653227.bdinstall.bin 2016-06-15 06:33 - 2016-06-15 06:33 - 0026781 _____ () C:\ProgramData\1465968770.bdinstall.bin 2017-03-09 21:33 - 2017-03-09 21:33 - 0097882 _____ () C:\ProgramData\1489091590.bdinstall.bin 2016-09-20 11:32 - 2016-09-20 11:32 - 0026838 _____ () C:\ProgramData\agent.1474367523.bdinstall.bin 2016-11-02 14:41 - 2016-11-02 14:41 - 0028759 _____ () C:\ProgramData\agent.1478094058.bdinstall.bin 2016-10-14 23:48 - 2016-10-14 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-12-26 18:49 - 2014-12-26 21:42 - 0000836 _____ () C:\ProgramData\hpzinstall.log 2011-11-03 19:44 - 2011-11-03 19:45 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-11-03 19:37 - 2011-11-03 19:37 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2011-11-03 19:41 - 2011-11-03 19:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-11-03 19:38 - 2011-11-03 19:41 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-11-03 19:42 - 2011-11-03 19:44 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-03-09 10:39 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-03-2017 durchgeführt von Silvia (09-03-2017 22:40:45) Gestartet von C:\Users\Silvia\Downloads Windows 10 Home Version 1607 (X64) (2016-10-14 23:30:32) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-983883370-204824152-491102941-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-983883370-204824152-491102941-503 - Limited - Disabled) Gast (S-1-5-21-983883370-204824152-491102941-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-983883370-204824152-491102941-1002 - Limited - Enabled) Silvia (S-1-5-21-983883370-204824152-491102941-1000 - Administrator - Enabled) => C:\Users\Silvia ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Bitdefender-Virenschutz (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} AS: Bitdefender-Spyware-Schutz (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden 4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Albelli Fotobücher (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli) ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1423 - Bitdefender) Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 19.6.0.326 - Bitdefender) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.2.0 - devolo AG) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG) DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.44 - Samsung) ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.2.19144 - Landesfinanzdirektion Thüringen) Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Finanzplaner PRO (HKLM-x32\...\Finanzplaner PRO) (Version: - FinanzPortal24 GmbH) FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden fotokasten comfort 5.0 (HKLM-x32\...\fotokasten comfort_is1) (Version: - ) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.8.0.6273 - Mozilla) Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 2016 (HKLM-x32\...\{049045D5-0C46-4E78-A83F-83E993D91A7F}) (Version: 17.0.02300 - Nero AG) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org) Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung) SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) Wajam (HKLM-x32\...\Wajam Web Enhancer) (Version: 1.3.0.94 (i1.0) - Wajam) <==== ACHTUNG WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent) WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{E47A3570-59A0-4948-A678-A930FEE8AAC7}) (Version: 21.00.8480 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{B999EF65-7140-47E1-BED0-6A32E64A0D7D}) (Version: 22.00.8811 - Buhl Data Service GmbH) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Keine Datei CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {07DA5524-FFB1-4CE3-B07B-BBE2C29E5385} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {1399D005-9179-4EB0-B62B-C71085F1CB81} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000Core1d238be2862dc7c => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {1B0CAC01-78B1-46EA-AAD0-A5C0C9A9EEBD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {1BBE6E19-EAC8-48F9-A650-29AC264EC91B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {1C267C23-B5F9-41FF-A4D5-92C4B112F598} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {1ED078EF-C616-449A-9E71-3FF7CE79AF8D} - System32\Tasks\{877C8A6D-9FA5-41CA-8842-83A5F8A9F7E0} => pcalua.exe -a C:\Users\Silvia\Documents\dbgview\DBGVIEW.EXE -d C:\Users\Silvia\Documents\dbgview Task: {27018021-93D3-4181-A414-70E233096DA8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {2E4CFDEB-63DC-4061-BBED-999970D6C986} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2013\bdproductdata.exe Task: {2F0D4068-C9FA-4B45-A7FC-625D0F57B02A} - System32\Tasks\{EE305C4B-2645-4AD4-AB31-8774E0D9EF4D} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Ahead\Nero StartSmart\NeroStartSmart.exe" Task: {2FFC7E9B-A48E-4878-86E7-5B5FD9C7CFF1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {34185101-2D74-4011-908B-B1FC4B4C4BE7} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Easy Support Center\SSCKbdHk.exe Task: {3F0C9060-E8B5-4D4D-B60B-15ED2B085296} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG Task: {40CA2C1C-8985-452E-B5F1-23E374E19F48} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {43C4CCEB-42BC-4680-93D3-1C620439C826} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {44EF540E-C6D8-4717-9B55-5525DA621CDE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {4A1A75AC-E505-48A8-ACAD-2FB594C0BB58} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {4BD94884-E059-4F7C-8455-62E2AA5A3DBE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23] (Adobe Systems Incorporated) Task: {54D5411A-538D-4D2E-B0C2-D79A683DEEF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {5996EC8B-1C65-4C80-84F9-96E88B7A1A86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {5BC2FF85-E692-4FA0-B1F6-0F38E6B98D34} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {6300AB21-F4AE-4D28-97B2-6921A3833149} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {6F6E5A96-BEC4-4BEF-BEE2-47968000AD22} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG Task: {73CC6AD6-7914-402D-B519-52F325732A2B} - System32\Tasks\{C7DA0173-A309-4F90-B5F2-89918793E3A1} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.0.105.411/de/abandoninstall?page=tsProgressBar Task: {7556EB99-AC76-4EE7-9CB3-0B4CCE2DCDB0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {75B74FA7-121A-45AF-A58F-CE8474E83919} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {850E9F07-2096-4FE9-A733-FE077D4AABE5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {85E7851F-6507-45F7-B071-77F75A503F5B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {8748D2C8-7B61-46D6-8560-B806F3E45DC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG Task: {881323E1-6913-4B08-9348-3BBEDA2FED8C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {8B334E28-4173-4E7B-B70D-2239A7897ADC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {8C128A29-BC22-409A-B3B4-B6A225FC4454} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink) Task: {9A651807-3F5E-4BD4-AAAF-938487ACD279} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {9C7B57B7-F799-4A6C-929D-59D86F528183} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {9D3B18C5-480C-4532-A960-D319D34E5EE7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {9FED81DA-52A7-4C9D-8AB0-16EFCF8E0626} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {A2A0F0F1-0AD4-4693-9963-A68C0DEBC0CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {AB30CF4B-78EE-43C6-84AF-18B9600D7A09} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {AC2B6A0D-936A-493E-AEBC-22346C4B382D} - System32\Tasks\{9DC4673D-89F6-4667-8059-6A8D8FCCA84B} => pcalua.exe -a C:\Users\Silvia\Downloads\p-std.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {AF8E0C35-0478-480E-AB08-8B82E504A785} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {B24C4704-4B41-438C-A0D8-EB1B1B19B584} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {BCF1F663-95A5-46DA-A8D2-EEE34805A0B3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {C491C115-391E-4D12-8322-67457D3CA592} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000UA1d238be289e236d => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {CB902C20-D63C-4BA9-ABDC-BF90E0F37791} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D00A0671-354F-4F46-90B3-CE483FFBB1D6} - System32\Tasks\{8E26E545-7CEE-4E2D-B6A1-5E627B7BAF4A} => pcalua.exe -a C:\Users\Silvia\Downloads\NeroClassic\nero60023.exe -d C:\Users\Silvia\Downloads\NeroClassic Task: {D1A7B405-6102-4350-8033-19B49D45750C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D1E76148-5778-4CFB-BA87-2269DB3D4FD9} - \CCleanerSkipUAC -> Keine Datei <==== ACHTUNG Task: {D64C454A-E02D-4972-99F7-BF6AEF595F22} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {D89CE4B1-DC7B-42F9-98E6-F9C8DE7003A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {DC02FBDE-D986-497A-9492-9186C3C240E6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {DEF7D778-88F3-48E0-8236-1247220EDAA7} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {EE38C2DC-835A-47AA-83A0-1A102876D107} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {F1B6F95C-CAB2-4BFF-AA66-C6BB1E217B19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {F31AABE0-BE26-427E-8159-BF36BA8A0C32} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Silvia\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {F645E1B5-0C8C-49DE-8DF7-045D7C9C022E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender) Task: {FB5C8F08-3D93-43D7-9E1F-FB95C61673F9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {FC32A813-B554-47A0-B581-AD88FB648F7B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000Core1d238be2862dc7c.job => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000UA1d238be289e236d.job => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-04-14 18:19 - 2015-11-04 13:06 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll 2016-04-14 18:18 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll 2016-04-14 18:19 - 2016-03-02 15:08 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui 2017-02-07 16:40 - 2017-02-07 16:40 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpbr.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpdsp.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpph.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttprbl.mdl 2015-08-21 21:09 - 2015-08-21 21:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2015-08-21 21:09 - 2015-08-21 21:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2011-11-03 19:41 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-15 00:32 - 2016-10-15 00:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-16 11:07 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2014-04-13 08:41 - 2015-04-14 10:05 - 01428760 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe 2015-08-21 21:09 - 2015-08-21 21:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-02-28 11:15 - 2017-03-01 10:04 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2016-06-03 15:18 - 2016-06-03 19:59 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-03-09 23:19 - 2016-03-09 23:21 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2017-01-16 11:05 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-16 11:05 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 09741592 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll 2014-04-13 08:35 - 2015-04-14 10:06 - 03929880 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02872600 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02136856 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01960728 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 04463896 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01593624 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 05308184 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02392344 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01171224 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01633560 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01341720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 07374616 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01296664 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll 2017-02-25 09:19 - 2017-02-21 19:58 - 00802112 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\dropbox_watchdog.dll 2017-02-25 09:20 - 2017-01-25 22:03 - 00035792 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\_multiprocessing.pyd 2017-02-25 09:20 - 2017-01-25 22:03 - 00100296 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\_ctypes.pyd 2017-02-25 09:20 - 2017-01-25 22:03 - 00018888 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\select.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00019776 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\tornado.speedups.pyd 2017-02-25 09:20 - 2017-01-25 22:03 - 00694224 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\unicodedata.pyd 2017-02-25 09:19 - 2017-02-21 20:01 - 00020824 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\cryptography.hazmat.bindings._constant_time.pyd 2017-02-25 09:20 - 2017-01-25 22:04 - 00123856 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\_cffi_backend.pyd 2017-02-25 09:19 - 2017-02-21 20:01 - 01682768 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\cryptography.hazmat.bindings._openssl.pyd 2017-02-25 09:19 - 2017-02-21 20:01 - 00020816 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\cryptography.hazmat.bindings._padding.pyd 2017-02-25 09:20 - 2017-01-25 22:03 - 00145864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\pyexpat.pyd 2017-02-25 09:19 - 2017-01-25 22:04 - 00019408 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\faulthandler.pyd 2017-02-25 09:20 - 2017-01-25 22:03 - 00116688 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\pywintypes27.dll 2017-02-25 09:20 - 2017-01-25 22:06 - 00105928 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32api.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00022864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\winffi.crt.compiled._winffi_crt.pyd 2017-02-25 09:19 - 2017-02-21 20:01 - 00038712 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\fastpath.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00052544 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\psutil._psutil_windows.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00024528 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32event.pyd 2017-02-25 09:20 - 2017-01-25 22:03 - 00392144 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\pythoncom27.dll 2017-02-25 09:20 - 2017-01-25 22:06 - 00020936 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\mmapfile.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00116176 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32security.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00381760 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32com.shell.shell.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00124880 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32file.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00026456 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00024016 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32clipboard.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00175560 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32gui.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00030160 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32pipe.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00043472 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32process.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00048592 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32service.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00057808 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32evtlog.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00024016 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32profile.pyd 2017-02-25 09:19 - 2017-02-21 20:01 - 00246608 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\breakpad.client.windows.handler.pyd 2017-02-25 09:19 - 2017-02-21 20:01 - 00027488 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-02-25 09:20 - 2017-01-25 22:05 - 00241104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\_jpegtran.pyd 2017-02-25 09:19 - 2017-02-21 20:01 - 00022336 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\cpuid.compiled._cpuid.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00028616 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32ts.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 01826104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtCore.pyd 2017-02-25 09:20 - 2017-01-25 22:04 - 00083912 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\sip.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 01972536 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtGui.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 03928896 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtWidgets.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00531264 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtNetwork.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00053072 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\winrpcserver.compiled._RPCServer.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00025432 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00133432 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtWebKit.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00224064 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtWebKitWidgets.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00207680 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtPrintSupport.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00022864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\winffi.user32.compiled._winffi_user32.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00069968 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\windisplaytoast.compiled._DisplayToast.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00022872 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00021848 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\winffi.winerror.compiled._winffi_winerror.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00022872 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\winffi.wininet.compiled._winffi_wininet.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00350152 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\winxpgui.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00103232 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtWinExtras.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00023896 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\winverifysignature.compiled._VerifySignature.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00025936 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\librsyncffi.compiled._librsyncffi.pyd 2017-02-25 09:20 - 2017-01-25 22:01 - 00036296 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\librsync.dll 2017-02-25 09:19 - 2017-02-21 20:01 - 00033112 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\enterprise_data.compiled._enterprise_data.pyd 2017-02-25 09:19 - 2017-01-27 03:02 - 00293392 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\EnterpriseDataAdapter.dll 2017-02-25 09:19 - 2017-02-21 20:01 - 00084288 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\dropbox_sqlite_ext.DLL 2017-02-25 09:20 - 2017-01-25 22:11 - 00017864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\libEGL.dll 2017-02-25 09:20 - 2017-01-25 22:11 - 01631184 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\libGLESv2.dll 2017-02-25 09:20 - 2017-02-21 20:01 - 00042816 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtWebChannel.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00171336 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtWebEngineWidgets.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00357688 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtQml.pyd 2017-02-25 09:20 - 2017-01-25 22:06 - 00060880 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\win32print.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00026456 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-02-25 09:20 - 2017-02-21 20:01 - 00546104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\OldBinaries\bin_ou8vvt\bin\PyQt5.QtQuick.pyd 2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ALDI Bestellsoftware Setup.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Barchart-windows64-online.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ccsetup402_slim.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\devolo-cockpit-v4-3-2.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Dropbox 2.0.26.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-14.3.20130522u.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.0.20150113k.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.1.20150309u(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.1.20150309u.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\flvplayer_setup20_25.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-0-6(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-0-6.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-3-13(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-3-13.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-4-8(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-4-8.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer15x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer16x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer17x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jre-7u25-windows-x64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(2).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(3).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(4).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(5).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(6).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Nero Burning ROM Classic - CHIP-Installer.exe:BDU [1] AlternateDataStreams: C:\Users\Silvia\Downloads\Nero2016-17.09.2015_stub_trial.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\OJ4500vG510a-f_Full_13.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\SkypeSetup.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\SuperTuxKart - CHIP-Installer.exe:BDU [0] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-983883370-204824152-491102941-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Silvia\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{bbeb6448-8619-4f01-847d-26d45d85e6ac}.JPG DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [UDP Query User{A16D0D75-C1D3-4A9C-897C-F38B6B7C302C}C:\users\silvia\appdata\local\temp\rarsfx2\x64\pcsftool.exe] => (Allow) C:\users\silvia\appdata\local\temp\rarsfx2\x64\pcsftool.exe FirewallRules: [TCP Query User{98E7D470-75B0-4BB0-BE29-C28E75AEB3DE}C:\users\silvia\appdata\local\temp\rarsfx2\x64\pcsftool.exe] => (Allow) C:\users\silvia\appdata\local\temp\rarsfx2\x64\pcsftool.exe FirewallRules: [UDP Query User{AFE7F784-2B6E-48F6-BFE6-1968B18CC041}C:\users\silvia\appdata\local\temp\rarsfx2\x32\pcsftool.exe] => (Allow) C:\users\silvia\appdata\local\temp\rarsfx2\x32\pcsftool.exe FirewallRules: [TCP Query User{E7F1EFFC-6FBA-447A-BF70-0265D3DC85C6}C:\users\silvia\appdata\local\temp\rarsfx2\x32\pcsftool.exe] => (Allow) C:\users\silvia\appdata\local\temp\rarsfx2\x32\pcsftool.exe FirewallRules: [{3DE67F7C-1488-4DB3-8A2A-45192F3C651A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D3A12754-2A57-4885-842D-8AA3ED44C871}] => (Allow) LPort=2869 FirewallRules: [{8CB8640B-5C1D-444A-B969-A40FEEF028E5}] => (Allow) LPort=1900 FirewallRules: [{B643C5E9-D117-47DF-89E0-DC8BD5C27470}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{27897909-3333-4AB8-8321-4ED5F0AB237E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{D2BB4FB1-3B6F-4E99-96DC-654F3AC31DD7}] => (Allow) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10.exe FirewallRules: [{6B62A0E8-45BC-49F9-BE74-CA06218D7D13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE FirewallRules: [{F75725D7-C713-4B7A-A979-7AC3FD886125}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AF38764D-0E9B-4084-9CF7-D1E41BEFEF7C}] => (Allow) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{8A8D2863-ABB3-42AE-9AF9-B0FC317B9A85}] => (Allow) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{6F44C9FA-6900-4321-A40C-71E5F3DB4229}C:\users\silvia\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\silvia\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{7353BFF7-2E8E-4604-A87C-628D1E18F507}C:\users\silvia\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\silvia\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{BB3CDDFB-E575-40E3-AF96-EC124AB8C478}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{5052DC34-BEE9-46AB-BC41-0D6B6F3B846A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{EAE81B79-64EC-438E-A279-0A664CF0C0D9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{86ED9D49-92A7-4795-8D83-91E5ACCB5421}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{CBE5E590-C360-4CB0-8591-6BC691AB48C2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{40FA4886-B709-4285-8700-D20A7C899841}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{A7715B9B-E135-4400-B655-AF23B91BEBF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{790121A4-D0C5-40FC-B4AB-9059390D3A99}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{D9903537-FE85-4551-B81A-0FBE70F225DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{61B662C9-1F70-4783-B60D-F237E452A5EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{92B05612-90E6-4B02-B1C6-C10FCE2412B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{44B923AA-F630-4A7E-B14F-81087372D9FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{432836EF-DB58-46EA-9A8B-90E59020A33A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{A3E06F3E-E1F8-4C7C-83E8-27E4EB22A92D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{54E57F93-0567-445C-8DBB-B0058587755D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{D10B9EFF-85DE-4FF1-ABC2-F35CA80134F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{EA26F5D1-A803-4CFB-AAFD-836AB0F952A3}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{34663BF6-BB6C-4F3D-84B3-677582D5C4BF}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{DE3C447D-EA6C-4A34-8249-984D573D6C9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{17A526AA-66AE-4A46-B440-773E6F9EC345}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{02781F3E-E8F8-43B7-8A1F-45F972297ED2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{E8296320-6604-4439-9EFD-3F63642BC566}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{85D703B9-2D95-4D9C-BA1B-1CF974F4EBF4}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe FirewallRules: [{E3AC5DB4-4351-4F61-8C01-4547B18AF1F5}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe FirewallRules: [{00E90E81-6EB7-4406-B084-4819A7E6CC17}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe FirewallRules: [{E3D334F6-4CEE-4F33-B199-9C4921992BF3}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe ==================== Wiederherstellungspunkte ========================= 13-02-2017 12:24:37 Geplanter Prüfpunkt 23-02-2017 22:00:27 Windows Update 01-03-2017 20:02:06 Windows-Sicherung ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (03/09/2017 10:53:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/02/2017 12:01:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/01/2017 08:04:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:16 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:16 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 10:23:12 AM) (Source: ATIeRecord) (EventID: 16391) (User: ) Description: ATI EEU maximum number of session has been surpassed Error: (02/28/2017 11:20:24 AM) (Source: ATIeRecord) (EventID: 16391) (User: ) Description: ATI EEU maximum number of session has been surpassed Systemfehler: ============= Error: (03/09/2017 08:34:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/09/2017 03:14:18 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/09/2017 03:11:00 PM) (Source: DCOM) (EventID: 10010) (User: Silvia-PC) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/09/2017 03:11:00 PM) (Source: DCOM) (EventID: 10010) (User: Silvia-PC) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/09/2017 03:11:00 PM) (Source: DCOM) (EventID: 10010) (User: Silvia-PC) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/09/2017 03:10:59 PM) (Source: DCOM) (EventID: 10010) (User: Silvia-PC) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/09/2017 02:50:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/09/2017 10:16:38 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/08/2017 11:54:02 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/07/2017 08:58:10 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. ==================== Speicherinformationen =========================== Prozessor: AMD A4-3305M APU with Radeon(tm) HD Graphics Prozentuale Nutzung des RAM: 59% Installierter physikalischer RAM: 3563.8 MB Verfügbarer physikalischer RAM: 1439 MB Summe virtueller Speicher: 7147.8 MB Verfügbarer virtueller Speicher: 4336.94 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:178 GB) (Free:87.26 GB) NTFS Drive d: () (Fixed) (Total:266.26 GB) (Free:72.32 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 933609DD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=266.3 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=21.4 GB) - (Type=27) ==================== Ende von Addition.txt ============================ Geändert von cosinus (10.03.2017 um 14:17 Uhr) Grund: CODE-Tags |
11.03.2017, 15:52 | #2 |
/// TB-Ausbilder | Myfilestore.com Virus eingefangen?Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
11.03.2017, 20:40 | #3 |
| Myfilestore.com Virus eingefangen? Hallo Matthias,
__________________vielen Dank schon einmal für Deine Hilfe! FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01 durchgeführt von Silvia (Administrator) auf SILVIA-PC (11-03-2017 20:04:50) Gestartet von C:\Users\Silvia\Desktop Geladene Profile: Silvia (Verfügbare Profile: Silvia & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AMD) C:\Windows\System32\atieclxx.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-20] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Run: [Dropbox Update] => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) HKU\S-1-5-21-983883370-204824152-491102941-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-12-26] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-04-13] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-11] ShortcutTarget: Dropbox.lnk -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{d96e33c9-9c49-41b5-9ccb-f54ed90cc9d8}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-983883370-204824152-491102941-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> {0CD413A5-25C0-4513-A268-CED8EFAF18A8} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-25] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-25] (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) Toolbar: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei Toolbar: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> Kein Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - Keine Datei Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\270o59bb.default-1489091303183 [2017-03-11] FF NewTab: Mozilla\Firefox\Profiles\270o59bb.default-1489091303183 -> chrome://unitedtb/content/newtab/newtab-page.xhtml FF Extension: (WEB.DE MailCheck) - C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\270o59bb.default-1489091303183\Extensions\toolbar@web.de [2017-03-09] [ist nicht signiert] FF Extension: (UITBAutoInstaller) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-02] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-26] [ist nicht signiert] FF HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-23] () FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll [2013-07-28] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-23] () FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-25] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-09-09] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3883544 2016-12-22] (devolo AG) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [Datei ist nicht signiert] R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [111320 2016-01-22] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1574744 2016-01-29] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1622512 2016-01-22] (BitDefender) R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [806344 2016-01-22] (BitDefender) S3 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-12-03] (BitDefender LLC) R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2015-09-28] (Riverbed Technology, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-02-09] (Windows (R) 2003 DDK 3790 provider) R2 SGDrv; C:\WINDOWS\System32\drivers\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-03-11 20:03 - 2017-03-11 20:04 - 02424320 _____ (Farbar) C:\Users\Silvia\Desktop\FRST64.exe 2017-03-11 19:45 - 2017-03-11 19:45 - 00000000 ____D C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-03-09 23:05 - 2017-03-11 20:06 - 00018332 _____ C:\Users\Silvia\Desktop\FRST.txt 2017-03-09 23:05 - 2017-03-09 23:05 - 00066911 _____ C:\Users\Silvia\Desktop\Addition.txt 2017-03-09 22:40 - 2017-03-10 02:34 - 00099443 _____ C:\Users\Silvia\Desktop\Bitdefender 1489095559_1_01.xml 2017-03-09 22:40 - 2017-03-09 22:42 - 00066908 _____ C:\Users\Silvia\Downloads\Addition.txt 2017-03-09 22:38 - 2017-03-11 20:04 - 00000000 ____D C:\FRST 2017-03-09 22:38 - 2017-03-09 22:42 - 00025098 _____ C:\Users\Silvia\Downloads\FRST.txt 2017-03-09 22:37 - 2017-03-09 22:37 - 02423808 _____ (Farbar) C:\Users\Silvia\Downloads\FRST64.exe 2017-03-09 21:33 - 2017-03-09 21:33 - 00097882 _____ C:\ProgramData\1489091590.bdinstall.bin 2017-03-09 21:28 - 2017-03-09 21:28 - 00000000 ____D C:\Users\Silvia\Desktop\Alte Firefox-Daten 2017-03-03 11:11 - 2017-03-03 11:11 - 00032740 _____ C:\Users\Silvia\Downloads\Dinkel Pizzateig - 2016-09-10.pdf 2017-02-23 20:17 - 2017-02-23 20:48 - 00000000 ____D C:\Users\Silvia\Desktop\Igel Fotostick 2017-02-15 10:14 - 2017-02-15 10:14 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-15 10:14 - 2017-02-15 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-03-11 19:58 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-11 19:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-11 19:55 - 2016-10-14 23:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-11 19:46 - 2013-09-18 18:17 - 00000000 ___RD C:\Users\Silvia\Dropbox 2017-03-11 19:46 - 2013-09-18 18:15 - 00000000 ____D C:\Users\Silvia\AppData\Roaming\Dropbox 2017-03-11 19:28 - 2016-03-25 17:32 - 00000000 ____D C:\Program Files\Bitdefender Agent 2017-03-09 22:42 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-03-09 15:16 - 2012-08-19 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-09 15:15 - 2016-11-24 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-03-09 15:05 - 2013-05-20 16:16 - 02426440 _____ C:\Users\Silvia\Desktop\bitdefender_antivirus2013.exe 2017-03-09 10:17 - 2015-06-12 22:02 - 00000000 ____D C:\Users\Silvia\AppData\Local\Dropbox 2017-03-01 12:03 - 2016-10-14 23:52 - 00000000 ____D C:\Users\Silvia 2017-03-01 11:23 - 2016-07-16 07:04 - 00131072 _____ C:\WINDOWS\system32\config\ELAM 2017-03-01 11:20 - 2016-10-15 00:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-01 11:20 - 2012-08-19 11:26 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-24 09:05 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-24 09:01 - 2013-07-28 21:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-23 22:07 - 2012-08-22 20:49 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-23 20:49 - 2014-08-18 15:46 - 00000000 ____D C:\Users\Silvia\AppData\Local\Adobe 2017-02-23 20:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-23 20:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-18 11:09 - 2016-12-07 07:42 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-18 11:08 - 2016-03-06 13:22 - 00002421 _____ C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-02-18 11:08 - 2016-03-06 13:22 - 00000000 ___RD C:\Users\Silvia\OneDrive 2017-02-15 10:14 - 2012-08-19 07:37 - 00000000 ____D C:\Program Files (x86)\Google ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-04-19 08:08 - 2012-04-19 08:08 - 141590843 _____ () C:\Program Files\openofficeorg1.cab 2012-04-19 07:59 - 2012-04-19 07:59 - 3125248 _____ () C:\Program Files\openofficeorg34.msi 2012-04-19 07:59 - 2012-04-19 07:59 - 0473600 _____ () C:\Program Files\setup.exe 2012-04-19 07:59 - 2012-04-19 07:59 - 0000290 _____ () C:\Program Files\setup.ini 2016-05-23 20:52 - 2016-05-23 20:52 - 0000385 _____ () C:\Users\Silvia\AppData\Roaming\user_gensett.xml 2012-10-07 17:24 - 2012-10-07 17:24 - 0000393 _____ () C:\Users\Silvia\AppData\Local\HamsterVideoConverterSettings.cfg 2016-04-14 18:41 - 2016-04-14 18:41 - 0627349 _____ () C:\ProgramData\1460653227.bdinstall.bin 2016-06-15 06:33 - 2016-06-15 06:33 - 0026781 _____ () C:\ProgramData\1465968770.bdinstall.bin 2017-03-09 21:33 - 2017-03-09 21:33 - 0097882 _____ () C:\ProgramData\1489091590.bdinstall.bin 2016-09-20 11:32 - 2016-09-20 11:32 - 0026838 _____ () C:\ProgramData\agent.1474367523.bdinstall.bin 2016-11-02 14:41 - 2016-11-02 14:41 - 0028759 _____ () C:\ProgramData\agent.1478094058.bdinstall.bin 2016-10-14 23:48 - 2016-10-14 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-12-26 18:49 - 2014-12-26 21:42 - 0000836 _____ () C:\ProgramData\hpzinstall.log 2011-11-03 19:44 - 2011-11-03 19:45 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-11-03 19:37 - 2011-11-03 19:37 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2011-11-03 19:41 - 2011-11-03 19:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-11-03 19:38 - 2011-11-03 19:41 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-11-03 19:42 - 2011-11-03 19:44 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-03-09 10:39 ==================== Ende von FRST.txt ============================ Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01 durchgeführt von Silvia (11-03-2017 20:07:18) Gestartet von C:\Users\Silvia\Desktop Windows 10 Home Version 1607 (X64) (2016-10-14 23:30:32) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-983883370-204824152-491102941-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-983883370-204824152-491102941-503 - Limited - Disabled) Gast (S-1-5-21-983883370-204824152-491102941-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-983883370-204824152-491102941-1002 - Limited - Enabled) Silvia (S-1-5-21-983883370-204824152-491102941-1000 - Administrator - Enabled) => C:\Users\Silvia ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Bitdefender-Virenschutz (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} AS: Bitdefender-Spyware-Schutz (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden 4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Albelli Fotobücher (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli) ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1423 - Bitdefender) Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 19.6.0.326 - Bitdefender) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.2.0 - devolo AG) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG) DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.44 - Samsung) ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.2.19144 - Landesfinanzdirektion Thüringen) Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Finanzplaner PRO (HKLM-x32\...\Finanzplaner PRO) (Version: - FinanzPortal24 GmbH) FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden fotokasten comfort 5.0 (HKLM-x32\...\fotokasten comfort_is1) (Version: - ) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.8.0.6273 - Mozilla) Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 2016 (HKLM-x32\...\{049045D5-0C46-4E78-A83F-83E993D91A7F}) (Version: 17.0.02300 - Nero AG) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org) Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung) SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) Wajam (HKLM-x32\...\Wajam Web Enhancer) (Version: 1.3.0.94 (i1.0) - Wajam) <==== ACHTUNG WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent) WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{E47A3570-59A0-4948-A678-A930FEE8AAC7}) (Version: 21.00.8480 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{B999EF65-7140-47E1-BED0-6A32E64A0D7D}) (Version: 22.00.8811 - Buhl Data Service GmbH) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {07DA5524-FFB1-4CE3-B07B-BBE2C29E5385} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {1399D005-9179-4EB0-B62B-C71085F1CB81} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000Core1d238be2862dc7c => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {1B0CAC01-78B1-46EA-AAD0-A5C0C9A9EEBD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {1BBE6E19-EAC8-48F9-A650-29AC264EC91B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {1C267C23-B5F9-41FF-A4D5-92C4B112F598} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {1ED078EF-C616-449A-9E71-3FF7CE79AF8D} - System32\Tasks\{877C8A6D-9FA5-41CA-8842-83A5F8A9F7E0} => pcalua.exe -a C:\Users\Silvia\Documents\dbgview\DBGVIEW.EXE -d C:\Users\Silvia\Documents\dbgview Task: {27018021-93D3-4181-A414-70E233096DA8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {2E4CFDEB-63DC-4061-BBED-999970D6C986} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2013\bdproductdata.exe Task: {2F0D4068-C9FA-4B45-A7FC-625D0F57B02A} - System32\Tasks\{EE305C4B-2645-4AD4-AB31-8774E0D9EF4D} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Ahead\Nero StartSmart\NeroStartSmart.exe" Task: {2FFC7E9B-A48E-4878-86E7-5B5FD9C7CFF1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {34185101-2D74-4011-908B-B1FC4B4C4BE7} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Easy Support Center\SSCKbdHk.exe Task: {3F0C9060-E8B5-4D4D-B60B-15ED2B085296} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG Task: {40CA2C1C-8985-452E-B5F1-23E374E19F48} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {43C4CCEB-42BC-4680-93D3-1C620439C826} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {44EF540E-C6D8-4717-9B55-5525DA621CDE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {4A1A75AC-E505-48A8-ACAD-2FB594C0BB58} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {4BD94884-E059-4F7C-8455-62E2AA5A3DBE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23] (Adobe Systems Incorporated) Task: {54D5411A-538D-4D2E-B0C2-D79A683DEEF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {5996EC8B-1C65-4C80-84F9-96E88B7A1A86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {5BC2FF85-E692-4FA0-B1F6-0F38E6B98D34} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {6300AB21-F4AE-4D28-97B2-6921A3833149} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {6F6E5A96-BEC4-4BEF-BEE2-47968000AD22} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG Task: {73CC6AD6-7914-402D-B519-52F325732A2B} - System32\Tasks\{C7DA0173-A309-4F90-B5F2-89918793E3A1} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.0.105.411/de/abandoninstall?page=tsProgressBar Task: {7556EB99-AC76-4EE7-9CB3-0B4CCE2DCDB0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {75B74FA7-121A-45AF-A58F-CE8474E83919} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {850E9F07-2096-4FE9-A733-FE077D4AABE5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {85E7851F-6507-45F7-B071-77F75A503F5B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {8748D2C8-7B61-46D6-8560-B806F3E45DC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG Task: {881323E1-6913-4B08-9348-3BBEDA2FED8C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {8B334E28-4173-4E7B-B70D-2239A7897ADC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {8C128A29-BC22-409A-B3B4-B6A225FC4454} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink) Task: {9A651807-3F5E-4BD4-AAAF-938487ACD279} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {9C7B57B7-F799-4A6C-929D-59D86F528183} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {9D3B18C5-480C-4532-A960-D319D34E5EE7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {9FED81DA-52A7-4C9D-8AB0-16EFCF8E0626} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {A2A0F0F1-0AD4-4693-9963-A68C0DEBC0CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {AB30CF4B-78EE-43C6-84AF-18B9600D7A09} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {AC2B6A0D-936A-493E-AEBC-22346C4B382D} - System32\Tasks\{9DC4673D-89F6-4667-8059-6A8D8FCCA84B} => pcalua.exe -a C:\Users\Silvia\Downloads\p-std.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {AF8E0C35-0478-480E-AB08-8B82E504A785} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {B24C4704-4B41-438C-A0D8-EB1B1B19B584} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {BCF1F663-95A5-46DA-A8D2-EEE34805A0B3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {C491C115-391E-4D12-8322-67457D3CA592} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000UA1d238be289e236d => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {CB902C20-D63C-4BA9-ABDC-BF90E0F37791} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D00A0671-354F-4F46-90B3-CE483FFBB1D6} - System32\Tasks\{8E26E545-7CEE-4E2D-B6A1-5E627B7BAF4A} => pcalua.exe -a C:\Users\Silvia\Downloads\NeroClassic\nero60023.exe -d C:\Users\Silvia\Downloads\NeroClassic Task: {D1A7B405-6102-4350-8033-19B49D45750C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D1E76148-5778-4CFB-BA87-2269DB3D4FD9} - \CCleanerSkipUAC -> Keine Datei <==== ACHTUNG Task: {D64C454A-E02D-4972-99F7-BF6AEF595F22} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {D89CE4B1-DC7B-42F9-98E6-F9C8DE7003A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {DC02FBDE-D986-497A-9492-9186C3C240E6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {DEF7D778-88F3-48E0-8236-1247220EDAA7} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {EE38C2DC-835A-47AA-83A0-1A102876D107} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {F1B6F95C-CAB2-4BFF-AA66-C6BB1E217B19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {F31AABE0-BE26-427E-8159-BF36BA8A0C32} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Silvia\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {F645E1B5-0C8C-49DE-8DF7-045D7C9C022E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender) Task: {FB5C8F08-3D93-43D7-9E1F-FB95C61673F9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {FC32A813-B554-47A0-B581-AD88FB648F7B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000Core1d238be2862dc7c.job => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000UA1d238be289e236d.job => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-04-14 18:19 - 2015-11-04 13:06 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll 2016-04-14 18:18 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll 2016-04-14 18:19 - 2016-03-02 15:08 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui 2017-02-07 16:40 - 2017-02-07 16:40 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpbr.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpdsp.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpph.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttprbl.mdl 2015-08-21 21:09 - 2015-08-21 21:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2015-08-21 21:09 - 2015-08-21 21:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2011-11-03 19:41 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-15 00:32 - 2016-10-15 00:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-16 11:07 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-16 11:05 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-16 11:05 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-04-13 08:41 - 2015-04-14 10:05 - 01428760 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe 2015-08-21 21:09 - 2015-08-21 21:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2017-02-25 09:22 - 2017-02-25 09:33 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-25 09:22 - 2017-02-25 09:33 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-25 09:22 - 2017-02-25 09:33 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-08 10:11 - 2017-02-08 10:48 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-02-28 11:15 - 2017-03-01 10:04 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2016-06-03 15:18 - 2016-06-03 19:59 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-03-09 23:19 - 2016-03-09 23:21 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 09741592 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll 2014-04-13 08:35 - 2015-04-14 10:06 - 03929880 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02872600 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02136856 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01960728 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 04463896 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01593624 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 05308184 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02392344 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01171224 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01633560 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01341720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 07374616 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01296664 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll 2017-03-11 19:44 - 2017-03-06 21:59 - 00807232 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll 2017-03-11 19:45 - 2017-02-09 03:19 - 00035792 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00100296 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00018888 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\select.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00019776 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00694224 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00020824 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2017-03-11 19:45 - 2017-02-09 03:20 - 00123856 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 01682768 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00020816 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00145864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2017-03-11 19:44 - 2017-02-09 03:20 - 00019408 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00116688 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2017-03-11 19:45 - 2017-02-09 03:22 - 00105928 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32api.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00038712 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\fastpath.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00060736 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024528 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32event.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00175560 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32gui.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00392144 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2017-03-11 19:44 - 2017-02-09 03:22 - 00020936 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00116176 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32security.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00381760 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00124880 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32file.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00026456 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024016 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00030160 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00043472 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32process.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00048592 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32service.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00057808 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024016 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32profile.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00246608 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00027488 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-03-11 19:45 - 2017-02-09 03:21 - 00241104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_jpegtran.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00022336 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00025432 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00028616 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32ts.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 01826104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2017-03-11 19:45 - 2017-02-09 03:20 - 00083912 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\sip.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 01972536 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 03928896 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00531264 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00053072 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00133432 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00224064 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00207680 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00069968 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022872 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00021848 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022872 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00350152 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00103232 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00023896 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00025936 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2017-03-11 19:44 - 2017-02-09 03:17 - 00036296 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\librsync.dll 2017-03-11 19:44 - 2017-03-06 22:01 - 00033112 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd 2017-03-11 19:44 - 2016-12-02 22:44 - 00293392 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll 2017-03-11 19:44 - 2017-03-06 22:01 - 00084288 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2017-03-11 19:44 - 2017-02-09 03:27 - 00017864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\libEGL.dll 2017-03-11 19:44 - 2017-02-09 03:27 - 01631184 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2017-03-11 19:45 - 2017-03-06 22:01 - 00042816 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00171336 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00357688 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00060880 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32print.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00026456 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00546104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ALDI Bestellsoftware Setup.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Barchart-windows64-online.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ccsetup402_slim.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\devolo-cockpit-v4-3-2.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Dropbox 2.0.26.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-14.3.20130522u.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.0.20150113k.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.1.20150309u(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.1.20150309u.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\flvplayer_setup20_25.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-0-6(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-0-6.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-3-13(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-3-13.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-4-8(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-4-8.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer15x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer16x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer17x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jre-7u25-windows-x64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(2).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(3).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(4).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(5).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(6).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Nero Burning ROM Classic - CHIP-Installer.exe:BDU [1] AlternateDataStreams: C:\Users\Silvia\Downloads\Nero2016-17.09.2015_stub_trial.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\OJ4500vG510a-f_Full_13.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\SkypeSetup.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\SuperTuxKart - CHIP-Installer.exe:BDU [0] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-983883370-204824152-491102941-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Silvia\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{bbeb6448-8619-4f01-847d-26d45d85e6ac}.JPG DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [UDP Query User{A16D0D75-C1D3-4A9C-897C-F38B6B7C302C}C:\users\silvia\appdata\local\temp\rarsfx2\x64\pcsftool.exe] => (Allow) C:\users\silvia\appdata\local\temp\rarsfx2\x64\pcsftool.exe FirewallRules: [TCP Query User{98E7D470-75B0-4BB0-BE29-C28E75AEB3DE}C:\users\silvia\appdata\local\temp\rarsfx2\x64\pcsftool.exe] => (Allow) C:\users\silvia\appdata\local\temp\rarsfx2\x64\pcsftool.exe FirewallRules: [UDP Query User{AFE7F784-2B6E-48F6-BFE6-1968B18CC041}C:\users\silvia\appdata\local\temp\rarsfx2\x32\pcsftool.exe] => (Allow) C:\users\silvia\appdata\local\temp\rarsfx2\x32\pcsftool.exe FirewallRules: [TCP Query User{E7F1EFFC-6FBA-447A-BF70-0265D3DC85C6}C:\users\silvia\appdata\local\temp\rarsfx2\x32\pcsftool.exe] => (Allow) C:\users\silvia\appdata\local\temp\rarsfx2\x32\pcsftool.exe FirewallRules: [{3DE67F7C-1488-4DB3-8A2A-45192F3C651A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D3A12754-2A57-4885-842D-8AA3ED44C871}] => (Allow) LPort=2869 FirewallRules: [{8CB8640B-5C1D-444A-B969-A40FEEF028E5}] => (Allow) LPort=1900 FirewallRules: [{B643C5E9-D117-47DF-89E0-DC8BD5C27470}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{27897909-3333-4AB8-8321-4ED5F0AB237E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{D2BB4FB1-3B6F-4E99-96DC-654F3AC31DD7}] => (Allow) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10.exe FirewallRules: [{6B62A0E8-45BC-49F9-BE74-CA06218D7D13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE FirewallRules: [{F75725D7-C713-4B7A-A979-7AC3FD886125}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AF38764D-0E9B-4084-9CF7-D1E41BEFEF7C}] => (Allow) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{8A8D2863-ABB3-42AE-9AF9-B0FC317B9A85}] => (Allow) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{6F44C9FA-6900-4321-A40C-71E5F3DB4229}C:\users\silvia\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\silvia\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{7353BFF7-2E8E-4604-A87C-628D1E18F507}C:\users\silvia\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\silvia\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{BB3CDDFB-E575-40E3-AF96-EC124AB8C478}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{5052DC34-BEE9-46AB-BC41-0D6B6F3B846A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{EAE81B79-64EC-438E-A279-0A664CF0C0D9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{86ED9D49-92A7-4795-8D83-91E5ACCB5421}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{CBE5E590-C360-4CB0-8591-6BC691AB48C2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{40FA4886-B709-4285-8700-D20A7C899841}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{A7715B9B-E135-4400-B655-AF23B91BEBF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{790121A4-D0C5-40FC-B4AB-9059390D3A99}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{D9903537-FE85-4551-B81A-0FBE70F225DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{61B662C9-1F70-4783-B60D-F237E452A5EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{92B05612-90E6-4B02-B1C6-C10FCE2412B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{44B923AA-F630-4A7E-B14F-81087372D9FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{432836EF-DB58-46EA-9A8B-90E59020A33A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{A3E06F3E-E1F8-4C7C-83E8-27E4EB22A92D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{54E57F93-0567-445C-8DBB-B0058587755D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{D10B9EFF-85DE-4FF1-ABC2-F35CA80134F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{EA26F5D1-A803-4CFB-AAFD-836AB0F952A3}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{34663BF6-BB6C-4F3D-84B3-677582D5C4BF}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{DE3C447D-EA6C-4A34-8249-984D573D6C9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{17A526AA-66AE-4A46-B440-773E6F9EC345}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{02781F3E-E8F8-43B7-8A1F-45F972297ED2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{E8296320-6604-4439-9EFD-3F63642BC566}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{85D703B9-2D95-4D9C-BA1B-1CF974F4EBF4}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe FirewallRules: [{E3AC5DB4-4351-4F61-8C01-4547B18AF1F5}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe FirewallRules: [{00E90E81-6EB7-4406-B084-4819A7E6CC17}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe FirewallRules: [{E3D334F6-4CEE-4F33-B199-9C4921992BF3}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe ==================== Wiederherstellungspunkte ========================= 13-02-2017 12:24:37 Geplanter Prüfpunkt 23-02-2017 22:00:27 Windows Update 01-03-2017 20:02:06 Windows-Sicherung ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (03/09/2017 10:53:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/02/2017 12:01:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/01/2017 08:04:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:16 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:16 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 10:23:12 AM) (Source: ATIeRecord) (EventID: 16391) (User: ) Description: ATI EEU maximum number of session has been surpassed Error: (02/28/2017 11:20:24 AM) (Source: ATIeRecord) (EventID: 16391) (User: ) Description: ATI EEU maximum number of session has been surpassed Systemfehler: ============= Error: (03/11/2017 07:29:55 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/09/2017 08:34:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/09/2017 03:14:18 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/09/2017 03:11:00 PM) (Source: DCOM) (EventID: 10010) (User: Silvia-PC) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/09/2017 03:11:00 PM) (Source: DCOM) (EventID: 10010) (User: Silvia-PC) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/09/2017 03:11:00 PM) (Source: DCOM) (EventID: 10010) (User: Silvia-PC) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/09/2017 03:10:59 PM) (Source: DCOM) (EventID: 10010) (User: Silvia-PC) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/09/2017 02:50:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/09/2017 10:16:38 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/08/2017 11:54:02 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. ==================== Speicherinformationen =========================== Prozessor: AMD A4-3305M APU with Radeon(tm) HD Graphics Prozentuale Nutzung des RAM: 65% Installierter physikalischer RAM: 3563.8 MB Verfügbarer physikalischer RAM: 1222.12 MB Summe virtueller Speicher: 7147.8 MB Verfügbarer virtueller Speicher: 4464.65 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:178 GB) (Free:87.71 GB) NTFS Drive d: () (Fixed) (Total:266.26 GB) (Free:72.32 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 933609DD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=266.3 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=21.4 GB) - (Type=27) ==================== Ende von Addition.txt ============================ |
11.03.2017, 20:47 | #4 |
| Myfilestore.com Virus eingefangen? TSSKiller (war zu groß für die erste Antwort, muss ich jetzt auch auf drei Beiträge aufteilen. Scan habe ich zweimal ausgeführt, weil ich denk Report weggedrückt habe, aber kein Fund) Teil 1: Code:
ATTFilter 20:19:08.0390 0x0b54 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01 20:19:26.0429 0x0b54 ============================================================ 20:19:26.0430 0x0b54 Current date / time: 2017/03/11 20:19:26.0429 20:19:26.0430 0x0b54 SystemInfo: 20:19:26.0471 0x0b54 20:19:26.0471 0x0b54 OS Version: 10.0.14393 ServicePack: 0.0 20:19:26.0471 0x0b54 Product type: Workstation 20:19:26.0471 0x0b54 ComputerName: SILVIA-PC 20:19:26.0472 0x0b54 UserName: Silvia 20:19:26.0472 0x0b54 Windows directory: C:\WINDOWS 20:19:26.0472 0x0b54 System windows directory: C:\WINDOWS 20:19:26.0472 0x0b54 Running under WOW64 20:19:26.0472 0x0b54 Processor architecture: Intel x64 20:19:26.0472 0x0b54 Number of processors: 2 20:19:26.0472 0x0b54 Page size: 0x1000 20:19:26.0472 0x0b54 Boot type: Normal boot 20:19:26.0472 0x0b54 CodeIntegrityOptions = 0x00000001 20:19:26.0472 0x0b54 ============================================================ 20:19:26.0691 0x0b54 KLMD registered as C:\WINDOWS\system32\drivers\51284622.sys 20:19:26.0691 0x0b54 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19 20:19:27.0290 0x0b54 System UUID: {E73865C2-12F2-5213-8A51-9F213AE74EFA} 20:19:28.0080 0x0b54 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:19:28.0088 0x0b54 ============================================================ 20:19:28.0088 0x0b54 \Device\Harddisk0\DR0: 20:19:28.0088 0x0b54 MBR partitions: 20:19:28.0088 0x0b54 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:19:28.0088 0x0b54 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16400000 20:19:28.0104 0x0b54 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16433000, BlocksNum 0x21485800 20:19:28.0104 0x0b54 ============================================================ 20:19:28.0143 0x0b54 C: <-> \Device\Harddisk0\DR0\Partition2 20:19:28.0177 0x0b54 D: <-> \Device\Harddisk0\DR0\Partition3 20:19:28.0177 0x0b54 ============================================================ 20:19:28.0177 0x0b54 Initialize success 20:19:28.0177 0x0b54 ============================================================ 20:21:04.0591 0x1468 ============================================================ 20:21:04.0591 0x1468 Scan started 20:21:04.0591 0x1468 Mode: Manual; SigCheck; TDLFS; 20:21:04.0591 0x1468 ============================================================ 20:21:04.0591 0x1468 KSN ping started 20:21:04.0791 0x1468 KSN ping finished: true 20:21:11.0038 0x1468 ================ Scan system memory ======================== 20:21:11.0038 0x1468 System memory - ok 20:21:11.0039 0x1468 ================ Scan services ============================= 20:21:11.0228 0x1468 [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys 20:21:11.0313 0x1468 1394ohci - ok 20:21:11.0354 0x1468 [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys 20:21:11.0383 0x1468 3ware - ok 20:21:11.0455 0x1468 [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys 20:21:11.0506 0x1468 ACPI - ok 20:21:11.0568 0x1468 [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev C:\WINDOWS\System32\drivers\AcpiDev.sys 20:21:11.0610 0x1468 AcpiDev - ok 20:21:11.0640 0x1468 [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys 20:21:11.0668 0x1468 acpiex - ok 20:21:11.0688 0x1468 [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys 20:21:11.0731 0x1468 acpipagr - ok 20:21:11.0756 0x1468 [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys 20:21:11.0798 0x1468 AcpiPmi - ok 20:21:11.0840 0x1468 [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys 20:21:11.0866 0x1468 acpitime - ok 20:21:11.0978 0x1468 [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:21:12.0105 0x1468 AdobeARMservice - ok 20:21:12.0216 0x1468 [ 89ECFB35517F62C3802B227F288B750E, 47B329FEC98DC634A9068D6B88A331B323D99E9C21D3FE330352210841E715CA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:21:12.0271 0x1468 AdobeFlashPlayerUpdateSvc - ok 20:21:12.0343 0x1468 [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS 20:21:12.0412 0x1468 ADP80XX - ok 20:21:12.0495 0x1468 [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD C:\WINDOWS\system32\drivers\afd.sys 20:21:12.0541 0x1468 AFD - ok 20:21:12.0582 0x1468 [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys 20:21:12.0621 0x1468 ahcache - ok 20:21:12.0663 0x1468 [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter C:\WINDOWS\System32\AJRouter.dll 20:21:12.0690 0x1468 AJRouter - ok 20:21:12.0721 0x1468 [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG C:\WINDOWS\System32\alg.exe 20:21:12.0763 0x1468 ALG - ok 20:21:12.0800 0x1468 [ 521248FA26458669BAAE6AB7DB21F3AC, 2C609E80220EDDFFE0A44A376D450F461597D00E5F4E526D10FF09E66D06A9B7 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe 20:21:12.0835 0x1468 AMD External Events Utility - ok 20:21:12.0919 0x1468 [ 17DBF2825FFA6D66B1B3C55665721884, AE6369796BB1D586F76AF90F68CD34242F7FD586E8C2183474D154F384881511 ] AMD FUEL Service C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 20:21:12.0951 0x1468 AMD FUEL Service - detected UnsignedFile.Multi.Generic ( 1 ) 20:21:13.0241 0x1468 Detect skipped due to KSN trusted 20:21:13.0241 0x1468 AMD FUEL Service - ok 20:21:13.0291 0x1468 [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys 20:21:13.0327 0x1468 AmdK8 - ok 20:21:13.0352 0x1468 amdkmdag - ok 20:21:13.0408 0x1468 [ AD96CC96B6A0CEE8910A13679426C970, 18005892C57CF8F3B2F09C3DDEC10612EC9B1C14BB057196AAE209D2703FF06E ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys 20:21:13.0456 0x1468 amdkmdap - ok 20:21:13.0511 0x1468 [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys 20:21:13.0542 0x1468 AmdPPM - ok 20:21:13.0566 0x1468 [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys 20:21:13.0590 0x1468 amdsata - ok 20:21:13.0627 0x1468 [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys 20:21:13.0660 0x1468 amdsbs - ok 20:21:13.0688 0x1468 [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys 20:21:13.0720 0x1468 amdxata - ok 20:21:13.0757 0x1468 [ BB4FE7889DB9CBBE61A308E99697F53C, 0B6B301EC8C2B9CBDBAEEBC54E3D3E6FE6A3A51F71E75FFE71AE30ADF8FC5E23 ] amd_sata C:\WINDOWS\system32\drivers\amd_sata.sys 20:21:13.0785 0x1468 amd_sata - ok 20:21:13.0814 0x1468 [ 5631CBA53F1CBEA3F9E88348E6723391, 5F20FF4F651733A097990DDC3748CD00F3310B0B55BC975FA3654CDA740E0A3D ] amd_xata C:\WINDOWS\system32\drivers\amd_xata.sys 20:21:13.0829 0x1468 amd_xata - ok 20:21:13.0863 0x1468 [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 20:21:13.0880 0x1468 AODDriver4.3 - ok 20:21:13.0929 0x1468 [ 5B0F4FB165256DE463A51E3A3127969E, 6751ADFFE95FA671C584427A9624EEB79518DE08132FD7A83148700B75487316 ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll 20:21:13.0961 0x1468 AppHostSvc - ok 20:21:14.0004 0x1468 [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID C:\WINDOWS\system32\drivers\appid.sys 20:21:14.0031 0x1468 AppID - ok 20:21:14.0084 0x1468 [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll 20:21:14.0128 0x1468 AppIDSvc - ok 20:21:14.0164 0x1468 [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo C:\WINDOWS\System32\appinfo.dll 20:21:14.0197 0x1468 Appinfo - ok 20:21:14.0220 0x1468 [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr C:\WINDOWS\system32\drivers\applockerfltr.sys 20:21:14.0277 0x1468 applockerfltr - ok 20:21:14.0347 0x1468 [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll 20:21:14.0422 0x1468 AppReadiness - ok 20:21:14.0567 0x1468 [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll 20:21:14.0793 0x1468 AppXSvc - ok 20:21:14.0822 0x1468 [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys 20:21:14.0851 0x1468 arcsas - ok 20:21:15.0012 0x1468 [ 5EE26734A882478AF6696092E2E0F352, 6CACFF521B3B839F73EBEB6EFBFDCCA8A8BC319DDB254BE3EFE29A39040B2C26 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:21:15.0037 0x1468 aspnet_state - ok 20:21:15.0085 0x1468 [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys 20:21:15.0149 0x1468 AsyncMac - ok 20:21:15.0198 0x1468 [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys 20:21:15.0237 0x1468 atapi - ok 20:21:15.0395 0x1468 [ D03E551165C72F2A4BBDDC566EAA819E, 8047E2D20724B464B481F06C3AC1FA5734E97F7EC0D86EFEECD76480C84B3959 ] athr C:\WINDOWS\System32\drivers\athwnx.sys 20:21:15.0660 0x1468 athr - ok 20:21:15.0732 0x1468 [ 0966FD5BAB1F9BE200875E9EED0A0A13, F4BE70C0581B51ED6DAE6412A5FF74AE310BF88DE89C5A5E5880BEED543B01D7 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys 20:21:15.0788 0x1468 AtiHDAudioService - ok 20:21:15.0835 0x1468 [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll 20:21:15.0896 0x1468 AudioEndpointBuilder - ok 20:21:15.0953 0x1468 [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll 20:21:16.0058 0x1468 Audiosrv - ok 20:21:16.0164 0x1468 [ B18699497436228F1109132D669CF29A, 1A358BC7E7931FE43B1038E33EBEA365476E5A2EFB9476F47E3476A3669063FB ] avc3 C:\WINDOWS\system32\DRIVERS\avc3.sys 20:21:16.0241 0x1468 avc3 - ok 20:21:16.0341 0x1468 [ 1251FB8BF8E6B6129065326A3E8A4378, 1AF1DAE71A8126A875AC3197FD69BCD52949DC08694A29EAB6FA3ED31695BDED ] avckf C:\WINDOWS\system32\DRIVERS\avckf.sys 20:21:16.0387 0x1468 avckf - ok 20:21:16.0454 0x1468 [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll 20:21:16.0487 0x1468 AxInstSV - ok 20:21:16.0543 0x1468 [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys 20:21:16.0584 0x1468 b06bdrv - ok 20:21:16.0624 0x1468 [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys 20:21:16.0651 0x1468 BasicDisplay - ok 20:21:16.0675 0x1468 [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys 20:21:16.0702 0x1468 BasicRender - ok 20:21:16.0735 0x1468 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\WINDOWS\System32\drivers\bcmfn.sys 20:21:16.0760 0x1468 bcmfn - ok 20:21:16.0787 0x1468 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys 20:21:16.0829 0x1468 bcmfn2 - ok 20:21:16.0873 0x1468 [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC C:\WINDOWS\System32\bdesvc.dll 20:21:16.0954 0x1468 BDESVC - ok 20:21:17.0049 0x1468 [ 0B3BADC084AB1592D6E2D4CFA3AA2461, C62860DF753E455D2D4FFFE04CB26D84590947A4B41FA853D83A8F8EB9E80F9C ] bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys 20:21:17.0073 0x1468 bdfwfpf - ok 20:21:17.0109 0x1468 [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep C:\WINDOWS\system32\drivers\Beep.sys 20:21:17.0148 0x1468 Beep - ok 20:21:17.0202 0x1468 [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE C:\WINDOWS\System32\bfe.dll 20:21:17.0267 0x1468 BFE - ok 20:21:17.0338 0x1468 [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS C:\WINDOWS\System32\qmgr.dll 20:21:17.0428 0x1468 BITS - ok 20:21:17.0470 0x1468 [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys 20:21:17.0500 0x1468 bowser - ok 20:21:17.0556 0x1468 [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll 20:21:17.0620 0x1468 BrokerInfrastructure - ok 20:21:17.0663 0x1468 [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser C:\WINDOWS\System32\browser.dll 20:21:17.0696 0x1468 Browser - ok 20:21:17.0738 0x1468 [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys 20:21:17.0765 0x1468 BthAvrcpTg - ok 20:21:17.0790 0x1468 [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys 20:21:17.0819 0x1468 BthHFEnum - ok 20:21:17.0846 0x1468 [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys 20:21:17.0873 0x1468 bthhfhid - ok 20:21:17.0902 0x1468 [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll 20:21:17.0944 0x1468 BthHFSrv - ok 20:21:17.0970 0x1468 [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys 20:21:17.0998 0x1468 BTHMODEM - ok 20:21:18.0032 0x1468 [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv C:\WINDOWS\system32\bthserv.dll 20:21:18.0065 0x1468 bthserv - ok 20:21:18.0104 0x1468 [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys 20:21:18.0131 0x1468 buttonconverter - ok 20:21:18.0170 0x1468 [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg C:\WINDOWS\System32\drivers\capimg.sys 20:21:18.0203 0x1468 CapImg - ok 20:21:18.0231 0x1468 [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys 20:21:18.0275 0x1468 cdfs - ok 20:21:18.0330 0x1468 [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll 20:21:18.0377 0x1468 CDPSvc - ok 20:21:18.0405 0x1468 [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc C:\WINDOWS\System32\CDPUserSvc.dll 20:21:18.0448 0x1468 CDPUserSvc - ok 20:21:18.0509 0x1468 [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys 20:21:18.0542 0x1468 cdrom - ok 20:21:18.0583 0x1468 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc C:\WINDOWS\System32\certprop.dll 20:21:18.0624 0x1468 CertPropSvc - ok 20:21:18.0673 0x1468 [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi C:\WINDOWS\system32\drivers\cht4sx64.sys 20:21:18.0708 0x1468 cht4iscsi - ok 20:21:18.0800 0x1468 [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd C:\WINDOWS\System32\drivers\cht4vx64.sys 20:21:18.0968 0x1468 cht4vbd - ok 20:21:19.0027 0x1468 [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass C:\WINDOWS\System32\drivers\circlass.sys 20:21:19.0055 0x1468 circlass - ok 20:21:19.0098 0x1468 [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys 20:21:19.0140 0x1468 CLFS - ok 20:21:19.0213 0x1468 [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll 20:21:19.0269 0x1468 ClipSVC - ok 20:21:19.0321 0x1468 [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg C:\WINDOWS\System32\drivers\registry.sys 20:21:19.0350 0x1468 clreg - ok 20:21:19.0403 0x1468 [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd C:\WINDOWS\system32\DRIVERS\clwvd.sys 20:21:19.0418 0x1468 clwvd - ok 20:21:19.0467 0x1468 [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys 20:21:19.0494 0x1468 CmBatt - ok 20:21:19.0548 0x1468 [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG C:\WINDOWS\system32\Drivers\cng.sys 20:21:19.0595 0x1468 CNG - ok 20:21:19.0644 0x1468 [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys 20:21:19.0666 0x1468 cnghwassist - ok 20:21:19.0837 0x1468 [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys 20:21:19.0875 0x1468 CompositeBus - ok 20:21:19.0884 0x1468 COMSysApp - ok 20:21:19.0921 0x1468 [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv C:\WINDOWS\system32\drivers\condrv.sys 20:21:19.0943 0x1468 condrv - ok 20:21:20.0010 0x1468 [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll 20:21:20.0064 0x1468 CoreMessagingRegistrar - ok 20:21:20.0115 0x1468 [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll 20:21:20.0163 0x1468 CryptSvc - ok 20:21:20.0304 0x1468 [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 20:21:20.0384 0x1468 cvhsvc - ok 20:21:20.0430 0x1468 [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam C:\WINDOWS\system32\drivers\dam.sys 20:21:20.0463 0x1468 dam - ok 20:21:20.0542 0x1468 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 20:21:20.0620 0x1468 DcomLaunch - ok 20:21:20.0683 0x1468 [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll 20:21:20.0726 0x1468 DcpSvc - ok 20:21:20.0787 0x1468 [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc C:\WINDOWS\System32\defragsvc.dll 20:21:20.0846 0x1468 defragsvc - ok 20:21:20.0902 0x1468 [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll 20:21:20.0953 0x1468 DeviceAssociationService - ok 20:21:20.0987 0x1468 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll 20:21:21.0028 0x1468 DeviceInstall - ok 20:21:21.0224 0x1468 [ C344E9B44C05326218B07AFB8A2AE754, 7828BACF197A6E6FF4086CB54396B8B2B7089270281B40E0434B951FC7AB7B91 ] DevoloNetworkService C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe 20:21:21.0423 0x1468 DevoloNetworkService - ok 20:21:21.0487 0x1468 [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll 20:21:21.0529 0x1468 DevQueryBroker - ok 20:21:21.0579 0x1468 [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys 20:21:21.0611 0x1468 Dfsc - ok 20:21:21.0678 0x1468 [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll 20:21:21.0737 0x1468 Dhcp - ok 20:21:21.0873 0x1468 [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 20:21:21.0904 0x1468 diagnosticshub.standardcollector.service - ok 20:21:22.0130 0x1468 [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll 20:21:22.0262 0x1468 DiagTrack - ok 20:21:22.0331 0x1468 [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk C:\WINDOWS\system32\drivers\disk.sys 20:21:22.0363 0x1468 disk - ok 20:21:22.0425 0x1468 [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll 20:21:22.0479 0x1468 DmEnrollmentSvc - ok 20:21:22.0517 0x1468 [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys 20:21:22.0555 0x1468 dmvsc - ok 20:21:22.0612 0x1468 [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll 20:21:22.0689 0x1468 dmwappushservice - ok 20:21:22.0739 0x1468 [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 20:21:22.0792 0x1468 Dnscache - ok 20:21:22.0829 0x1468 [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc C:\WINDOWS\System32\dot3svc.dll 20:21:22.0869 0x1468 dot3svc - ok 20:21:22.0900 0x1468 [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS C:\WINDOWS\system32\dps.dll 20:21:22.0934 0x1468 DPS - ok 20:21:22.0985 0x1468 [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud C:\WINDOWS\system32\DRIVERS\drmkaud.sys 20:21:23.0007 0x1468 drmkaud - ok 20:21:23.0043 0x1468 [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll 20:21:23.0099 0x1468 DsmSvc - ok 20:21:23.0144 0x1468 [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc C:\WINDOWS\System32\DsSvc.dll 20:21:23.0199 0x1468 DsSvc - ok 20:21:23.0360 0x1468 [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys 20:21:23.0470 0x1468 DXGKrnl - ok 20:21:23.0538 0x1468 [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost C:\WINDOWS\System32\eapsvc.dll 20:21:23.0576 0x1468 EapHost - ok 20:21:23.0719 0x1468 [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys 20:21:23.0889 0x1468 ebdrv - ok 20:21:23.0980 0x1468 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS C:\WINDOWS\System32\lsass.exe 20:21:24.0006 0x1468 EFS - ok 20:21:24.0050 0x1468 [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys 20:21:24.0074 0x1468 EhStorClass - ok 20:21:24.0107 0x1468 [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys 20:21:24.0134 0x1468 EhStorTcgDrv - ok 20:21:24.0164 0x1468 [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll 20:21:24.0202 0x1468 embeddedmode - ok 20:21:24.0247 0x1468 [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll 20:21:24.0288 0x1468 EntAppSvc - ok 20:21:24.0319 0x1468 [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys 20:21:24.0345 0x1468 ErrDev - ok 20:21:24.0393 0x1468 [ EFE74410FCB752DEDB9E8BFAE6552772, 07CA41742AF48E970AEEE0F62563036FC0BC4AA849AEB7348CF211DADB227F3B ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys 20:21:24.0431 0x1468 ETD - ok 20:21:24.0520 0x1468 [ 843E6C9C663AF3D5148C010AFCCD3ABC, 028591C35E871A5F6CBD56828A778BB9F21A61A8C1FEC787E1375F289206295A ] ETDService C:\Program Files\Elantech\ETDService.exe 20:21:24.0540 0x1468 ETDService - ok 20:21:24.0599 0x1468 [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem C:\WINDOWS\system32\es.dll 20:21:24.0648 0x1468 EventSystem - ok 20:21:24.0700 0x1468 [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat C:\WINDOWS\system32\drivers\exfat.sys 20:21:24.0744 0x1468 exfat - ok 20:21:24.0796 0x1468 [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys 20:21:24.0830 0x1468 fastfat - ok 20:21:24.0896 0x1468 [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax C:\WINDOWS\system32\fxssvc.exe 20:21:24.0969 0x1468 Fax - ok 20:21:25.0018 0x1468 [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc C:\WINDOWS\System32\drivers\fdc.sys 20:21:25.0044 0x1468 fdc - ok 20:21:25.0076 0x1468 [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost C:\WINDOWS\system32\fdPHost.dll 20:21:25.0124 0x1468 fdPHost - ok 20:21:25.0146 0x1468 [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub C:\WINDOWS\system32\fdrespub.dll 20:21:25.0180 0x1468 FDResPub - ok 20:21:25.0215 0x1468 [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc C:\WINDOWS\system32\fhsvc.dll 20:21:25.0247 0x1468 fhsvc - ok 20:21:25.0283 0x1468 [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys 20:21:25.0312 0x1468 FileCrypt - ok 20:21:25.0342 0x1468 [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys 20:21:25.0376 0x1468 FileInfo - ok 20:21:25.0418 0x1468 [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys 20:21:25.0448 0x1468 Filetrace - ok 20:21:25.0456 0x1468 [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys 20:21:25.0485 0x1468 flpydisk - ok 20:21:25.0519 0x1468 [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 20:21:25.0555 0x1468 FltMgr - ok 20:21:25.0654 0x1468 [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache C:\WINDOWS\system32\FntCache.dll 20:21:25.0771 0x1468 FontCache - ok 20:21:25.0875 0x1468 [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:21:25.0899 0x1468 FontCache3.0.0.0 - ok 20:21:25.0956 0x1468 [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer C:\WINDOWS\system32\FrameServer.dll 20:21:26.0038 0x1468 FrameServer - ok 20:21:26.0107 0x1468 [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys 20:21:26.0129 0x1468 FsDepends - ok 20:21:26.0150 0x1468 [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:21:26.0172 0x1468 Fs_Rec - ok 20:21:26.0230 0x1468 [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys 20:21:26.0277 0x1468 fvevol - ok 20:21:26.0390 0x1468 [ 521A469CAF61F00E1DE081CC2099C1D6, 5BF39C9797A28674203D5C3D5D942978B9C66F658A43D7696B4BE3E8A7880EB9 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe 20:21:26.0445 0x1468 GameConsoleService - ok 20:21:26.0517 0x1468 [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys 20:21:26.0542 0x1468 gencounter - ok 20:21:26.0572 0x1468 [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys 20:21:26.0597 0x1468 genericusbfn - ok 20:21:26.0638 0x1468 [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys 20:21:26.0684 0x1468 GPIOClx0101 - ok 20:21:26.0776 0x1468 [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc C:\WINDOWS\System32\gpsvc.dll 20:21:26.0868 0x1468 gpsvc - ok 20:21:26.0927 0x1468 [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys 20:21:26.0951 0x1468 GpuEnergyDrv - ok 20:21:27.0045 0x1468 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:21:27.0323 0x1468 gupdate - ok 20:21:27.0333 0x1468 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:21:27.0464 0x1468 gupdatem - ok 20:21:27.0500 0x1468 [ 06BFA49C4D999E93E214DB4E8044DE0B, 5E339A2A6858AA59F8B0879AB4CB87DBC6622322259CB612594552DDE831ACD0 ] gzflt C:\WINDOWS\system32\DRIVERS\gzflt.sys 20:21:27.0521 0x1468 gzflt - ok 20:21:27.0554 0x1468 [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys 20:21:27.0584 0x1468 HDAudBus - ok 20:21:27.0616 0x1468 [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys 20:21:27.0637 0x1468 HidBatt - ok 20:21:27.0671 0x1468 [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys 20:21:27.0701 0x1468 HidBth - ok 20:21:27.0724 0x1468 [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys 20:21:27.0751 0x1468 hidi2c - ok 20:21:27.0778 0x1468 [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys 20:21:27.0801 0x1468 hidinterrupt - ok 20:21:27.0830 0x1468 [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys 20:21:27.0858 0x1468 HidIr - ok 20:21:27.0907 0x1468 [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv C:\WINDOWS\system32\hidserv.dll 20:21:27.0948 0x1468 hidserv - ok 20:21:28.0013 0x1468 [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys 20:21:28.0039 0x1468 HidUsb - ok 20:21:28.0088 0x1468 [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll 20:21:28.0129 0x1468 HomeGroupListener - ok 20:21:28.0177 0x1468 [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll 20:21:28.0243 0x1468 HomeGroupProvider - ok 20:21:28.0452 0x1468 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 20:21:28.0490 0x1468 hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 ) 20:21:28.0755 0x1468 Detect skipped due to KSN trusted 20:21:28.0755 0x1468 hpqcxs08 - ok 20:21:28.0807 0x1468 [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 20:21:28.0837 0x1468 hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 ) 20:21:29.0100 0x1468 Detect skipped due to KSN trusted 20:21:29.0100 0x1468 hpqddsvc - ok 20:21:29.0148 0x1468 [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys 20:21:29.0178 0x1468 HpSAMD - ok 20:21:29.0276 0x1468 [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys 20:21:29.0364 0x1468 HTTP - ok 20:21:29.0435 0x1468 [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll 20:21:29.0467 0x1468 HvHost - ok 20:21:29.0517 0x1468 [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys 20:21:29.0542 0x1468 hvservice - ok 20:21:29.0579 0x1468 [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys 20:21:29.0602 0x1468 hwpolicy - ok 20:21:29.0635 0x1468 [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys 20:21:29.0663 0x1468 hyperkbd - ok 20:21:29.0708 0x1468 [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys 20:21:29.0739 0x1468 i8042prt - ok 20:21:29.0760 0x1468 [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio C:\WINDOWS\System32\drivers\iagpio.sys 20:21:29.0789 0x1468 iagpio - ok 20:21:29.0831 0x1468 [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys 20:21:29.0861 0x1468 iai2c - ok 20:21:29.0872 0x1468 [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2 C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 20:21:29.0902 0x1468 iaLPSS2i_GPIO2 - ok 20:21:29.0922 0x1468 [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 20:21:29.0948 0x1468 iaLPSS2i_I2C - ok 20:21:29.0988 0x1468 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 20:21:30.0005 0x1468 iaLPSSi_GPIO - ok 20:21:30.0032 0x1468 [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys 20:21:30.0072 0x1468 iaLPSSi_I2C - ok 20:21:30.0142 0x1468 [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys 20:21:30.0191 0x1468 iaStorAV - ok 20:21:30.0235 0x1468 [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys 20:21:30.0273 0x1468 iaStorV - ok 20:21:30.0315 0x1468 [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys 20:21:30.0357 0x1468 ibbus - ok 20:21:30.0436 0x1468 [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc C:\WINDOWS\System32\tetheringservice.dll 20:21:30.0475 0x1468 icssvc - ok 20:21:30.0558 0x1468 [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT C:\WINDOWS\System32\ikeext.dll 20:21:30.0667 0x1468 IKEEXT - ok 20:21:30.0729 0x1468 [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd C:\WINDOWS\System32\drivers\IndirectKmd.sys 20:21:30.0756 0x1468 IndirectKmd - ok 20:21:31.0074 0x1468 [ 8DEDB08D32562867A3E83F0184F39ED4, 48D5A490C436386BA9BD0F9173E96346118C5E584099F2F31B0E931FF96BB4B9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys 20:21:31.0272 0x1468 IntcAzAudAddService - ok 20:21:31.0348 0x1468 [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide C:\WINDOWS\system32\drivers\intelide.sys 20:21:31.0369 0x1468 intelide - ok 20:21:31.0408 0x1468 [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys 20:21:31.0431 0x1468 intelpep - ok 20:21:31.0470 0x1468 [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys 20:21:31.0501 0x1468 intelppm - ok 20:21:31.0541 0x1468 [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate C:\WINDOWS\system32\drivers\iorate.sys 20:21:31.0564 0x1468 iorate - ok 20:21:31.0588 0x1468 [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:21:31.0618 0x1468 IpFilterDriver - ok 20:21:31.0687 0x1468 [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll 20:21:31.0761 0x1468 iphlpsvc - ok 20:21:31.0819 0x1468 [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys 20:21:31.0843 0x1468 IPMIDRV - ok 20:21:31.0874 0x1468 [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys 20:21:31.0909 0x1468 IPNAT - ok 20:21:31.0942 0x1468 [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda C:\WINDOWS\system32\drivers\irda.sys 20:21:31.0989 0x1468 irda - ok 20:21:32.0014 0x1468 [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys 20:21:32.0048 0x1468 IRENUM - ok 20:21:32.0079 0x1468 [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon C:\WINDOWS\System32\irmon.dll 20:21:32.0109 0x1468 irmon - ok 20:21:32.0130 0x1468 [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys 20:21:32.0152 0x1468 isapnp - ok 20:21:32.0191 0x1468 [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys 20:21:32.0222 0x1468 iScsiPrt - ok 20:21:32.0269 0x1468 [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys 20:21:32.0292 0x1468 kbdclass - ok 20:21:32.0319 0x1468 [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys 20:21:32.0345 0x1468 kbdhid - ok 20:21:32.0444 0x1468 [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys 20:21:32.0493 0x1468 kdnic - ok 20:21:32.0534 0x1468 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso C:\WINDOWS\system32\lsass.exe 20:21:32.0559 0x1468 KeyIso - ok 20:21:32.0605 0x1468 [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys 20:21:32.0630 0x1468 KSecDD - ok 20:21:32.0693 0x1468 [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys 20:21:32.0719 0x1468 KSecPkg - ok 20:21:32.0748 0x1468 [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys 20:21:32.0782 0x1468 ksthunk - ok 20:21:32.0837 0x1468 [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll 20:21:32.0882 0x1468 KtmRm - ok 20:21:32.0937 0x1468 [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll 20:21:32.0983 0x1468 LanmanServer - ok 20:21:33.0034 0x1468 [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll 20:21:33.0078 0x1468 LanmanWorkstation - ok 20:21:33.0129 0x1468 [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc C:\WINDOWS\System32\lfsvc.dll 20:21:33.0156 0x1468 lfsvc - ok 20:21:33.0199 0x1468 [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll 20:21:33.0241 0x1468 LicenseManager - ok 20:21:33.0274 0x1468 [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys 20:21:33.0303 0x1468 lltdio - ok 20:21:33.0341 0x1468 [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll 20:21:33.0382 0x1468 lltdsvc - ok 20:21:33.0434 0x1468 [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll 20:21:33.0474 0x1468 lmhosts - ok 20:21:33.0526 0x1468 [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys 20:21:33.0550 0x1468 LSI_SAS - ok 20:21:33.0574 0x1468 [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys 20:21:33.0600 0x1468 LSI_SAS2i - ok 20:21:33.0626 0x1468 [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys 20:21:33.0670 0x1468 LSI_SAS3i - ok 20:21:33.0682 0x1468 [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys 20:21:33.0724 0x1468 LSI_SSS - ok 20:21:33.0790 0x1468 [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM C:\WINDOWS\System32\lsm.dll 20:21:33.0863 0x1468 LSM - ok 20:21:33.0895 0x1468 [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv C:\WINDOWS\system32\drivers\luafv.sys 20:21:33.0930 0x1468 luafv - ok 20:21:33.0976 0x1468 [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker C:\WINDOWS\System32\moshost.dll 20:21:34.0007 0x1468 MapsBroker - ok 20:21:34.0028 0x1468 [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas C:\WINDOWS\system32\drivers\megasas.sys 20:21:34.0051 0x1468 megasas - ok 20:21:34.0091 0x1468 [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i C:\WINDOWS\system32\drivers\MegaSas2i.sys 20:21:34.0114 0x1468 megasas2i - ok 20:21:34.0148 0x1468 [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr C:\WINDOWS\system32\drivers\megasr.sys 20:21:34.0193 0x1468 megasr - ok 20:21:34.0266 0x1468 [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll 20:21:34.0312 0x1468 MessagingService - ok 20:21:34.0402 0x1468 [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys 20:21:34.0457 0x1468 mlx4_bus - ok 20:21:34.0497 0x1468 [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys 20:21:34.0524 0x1468 MMCSS - ok 20:21:34.0565 0x1468 [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem C:\WINDOWS\system32\drivers\modem.sys 20:21:34.0591 0x1468 Modem - ok 20:21:34.0614 0x1468 [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor C:\WINDOWS\System32\drivers\monitor.sys 20:21:34.0640 0x1468 monitor - ok 20:21:34.0665 0x1468 [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys 20:21:34.0687 0x1468 mouclass - ok 20:21:34.0704 0x1468 [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys 20:21:34.0730 0x1468 mouhid - ok 20:21:34.0758 0x1468 [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys 20:21:34.0783 0x1468 mountmgr - ok 20:21:34.0859 0x1468 [ 1EB0251DD31BC9C594D2D87EDE8F8EF4, C9B03461F894A681545994AF9C0555ED92D32617EED344360C1784EE6E2AAC9D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:21:34.0910 0x1468 MozillaMaintenance - ok 20:21:34.0934 0x1468 [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys 20:21:34.0963 0x1468 mpsdrv - ok 20:21:35.0027 0x1468 [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll 20:21:35.0099 0x1468 MpsSvc - ok 20:21:35.0167 0x1468 [ 4FC62380457DE25B69011D3542E954AC, D212DDD2446618A6215CF9FC370FA2634F027BC92D1D4999E019BEF8A86AA6EB ] MQAC C:\WINDOWS\system32\drivers\mqac.sys 20:21:35.0199 0x1468 MQAC - ok 20:21:35.0262 0x1468 [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys 20:21:35.0293 0x1468 MRxDAV - ok 20:21:35.0358 0x1468 [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:21:35.0398 0x1468 mrxsmb - ok 20:21:35.0449 0x1468 [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys 20:21:35.0487 0x1468 mrxsmb10 - ok 20:21:35.0524 0x1468 [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys 20:21:35.0553 0x1468 mrxsmb20 - ok 20:21:35.0621 0x1468 [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys 20:21:35.0652 0x1468 MsBridge - ok 20:21:35.0688 0x1468 [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC C:\WINDOWS\System32\msdtc.exe 20:21:35.0723 0x1468 MSDTC - ok 20:21:35.0804 0x1468 [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 20:21:35.0872 0x1468 Msfs - ok 20:21:35.0895 0x1468 [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys 20:21:35.0918 0x1468 msgpiowin32 - ok 20:21:35.0967 0x1468 [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys 20:21:36.0017 0x1468 mshidkmdf - ok 20:21:36.0041 0x1468 [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys 20:21:36.0067 0x1468 mshidumdf - ok 20:21:36.0091 0x1468 [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys 20:21:36.0112 0x1468 msisadrv - ok 20:21:36.0208 0x1468 [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll 20:21:36.0241 0x1468 MSiSCSI - ok 20:21:36.0248 0x1468 msiserver - ok 20:21:36.0299 0x1468 [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys 20:21:36.0332 0x1468 MSKSSRV - ok 20:21:36.0396 0x1468 [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys 20:21:36.0425 0x1468 MsLldp - ok 20:21:36.0468 0x1468 [ F3EF38D07A4ADCDF922EEEAF0FED7D4D, B9D436BFA29AA0A7B00889D96C4F8BC33C1809E19B7A71A69AB2E534E9794BF0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe 20:21:36.0495 0x1468 MSMQ - ok 20:21:36.0516 0x1468 [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys 20:21:36.0558 0x1468 MSPCLOCK - ok 20:21:36.0600 0x1468 [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM C:\WINDOWS\system32\DRIVERS\MSPQM.sys 20:21:36.0632 0x1468 MSPQM - ok 20:21:36.0708 0x1468 [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys 20:21:36.0743 0x1468 MsRPC - ok 20:21:36.0765 0x1468 [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys 20:21:36.0786 0x1468 mssmbios - ok 20:21:36.0819 0x1468 [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE C:\WINDOWS\system32\DRIVERS\MSTEE.sys 20:21:36.0851 0x1468 MSTEE - ok 20:21:36.0879 0x1468 [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys 20:21:36.0904 0x1468 MTConfig - ok 20:21:36.0928 0x1468 [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup C:\WINDOWS\system32\Drivers\mup.sys 20:21:36.0962 0x1468 Mup - ok 20:21:36.0990 0x1468 [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys 20:21:37.0013 0x1468 mvumis - ok 20:21:37.0124 0x1468 [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys 20:21:37.0178 0x1468 NativeWifiP - ok 20:21:37.0370 0x1468 [ 003DDE9E91D324DDD86F11BF580FD627, 733674D5A6246BA2B4DE420AD89FE171ACCEA9EB5FC20F13F688A3910C1AA74C ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 20:21:37.0441 0x1468 NAUpdate - ok 20:21:37.0492 0x1468 [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll 20:21:37.0528 0x1468 NcaSvc - ok 20:21:37.0566 0x1468 [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService C:\WINDOWS\System32\ncbservice.dll 20:21:37.0619 0x1468 NcbService - ok 20:21:37.0638 0x1468 [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll 20:21:37.0764 0x1468 NcdAutoSetup - ok 20:21:37.0818 0x1468 [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys 20:21:37.0842 0x1468 ndfltr - ok 20:21:37.0898 0x1468 [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS C:\WINDOWS\system32\drivers\ndis.sys 20:21:37.0967 0x1468 NDIS - ok 20:21:38.0016 0x1468 [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys 20:21:38.0070 0x1468 NdisCap - ok 20:21:38.0107 0x1468 [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys 20:21:38.0138 0x1468 NdisImPlatform - ok 20:21:38.0155 0x1468 [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:21:38.0190 0x1468 NdisTapi - ok 20:21:38.0218 0x1468 [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys 20:21:38.0270 0x1468 Ndisuio - ok 20:21:38.0293 0x1468 [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys 20:21:38.0336 0x1468 NdisVirtualBus - ok 20:21:38.0371 0x1468 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys 20:21:38.0414 0x1468 NdisWan - ok 20:21:38.0427 0x1468 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:21:38.0470 0x1468 ndiswanlegacy - ok 20:21:38.0499 0x1468 [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys 20:21:38.0534 0x1468 ndproxy - ok 20:21:38.0567 0x1468 [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys 20:21:38.0607 0x1468 Ndu - ok 20:21:38.0656 0x1468 [ D5AC41AE382738483FAFFBD7E373D49A, 68793D15566F387650E9C5010E1CA73BDE3EB4BA431EA0A1673004CAE08413B0 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 20:21:38.0674 0x1468 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 ) 20:21:38.0935 0x1468 Detect skipped due to KSN trusted 20:21:38.0935 0x1468 Net Driver HPZ12 - ok 20:21:38.0967 0x1468 [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx C:\WINDOWS\system32\drivers\NetAdapterCx.sys 20:21:39.0002 0x1468 NetAdapterCx - ok 20:21:39.0022 0x1468 [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys 20:21:39.0046 0x1468 NetBIOS - ok 20:21:39.0096 0x1468 [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 20:21:39.0144 0x1468 NetBT - ok 20:21:39.0180 0x1468 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon C:\WINDOWS\system32\lsass.exe 20:21:39.0207 0x1468 Netlogon - ok 20:21:39.0255 0x1468 [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman C:\WINDOWS\System32\netman.dll 20:21:39.0298 0x1468 Netman - ok 20:21:39.0357 0x1468 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:21:39.0424 0x1468 NetMsmqActivator - ok 20:21:39.0437 0x1468 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:21:39.0472 0x1468 NetPipeActivator - ok 20:21:39.0521 0x1468 [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm C:\WINDOWS\System32\netprofmsvc.dll 20:21:39.0582 0x1468 netprofm - ok 20:21:39.0635 0x1468 [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll 20:21:39.0677 0x1468 NetSetupSvc - ok 20:21:39.0687 0x1468 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:21:39.0721 0x1468 NetTcpActivator - ok 20:21:39.0732 0x1468 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:21:39.0763 0x1468 NetTcpPortSharing - ok 20:21:39.0800 0x1468 [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll 20:21:39.0845 0x1468 NgcCtnrSvc - ok 20:21:39.0908 0x1468 [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll 20:21:40.0048 0x1468 NgcSvc - ok 20:21:40.0118 0x1468 [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll 20:21:40.0181 0x1468 NlaSvc - ok 20:21:40.0355 0x1468 [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 20:21:40.0475 0x1468 NOBU - ok 20:21:40.0542 0x1468 [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 20:21:40.0578 0x1468 Npfs - ok 20:21:40.0663 0x1468 [ BD6ADDB3BB8B73C314B683A8E346C0FE, A6B0B5939AD38C13395C5C6F9BF5458A1EEB2CE3D01721224CAED4931D55FEB5 ] NPF_devolo C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys 20:21:40.0679 0x1468 NPF_devolo - ok 20:21:40.0721 0x1468 [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys 20:21:40.0747 0x1468 npsvctrig - ok 20:21:40.0785 0x1468 [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi C:\WINDOWS\system32\nsisvc.dll 20:21:40.0815 0x1468 nsi - ok 20:21:40.0857 0x1468 [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys 20:21:40.0883 0x1468 nsiproxy - ok 20:21:41.0003 0x1468 [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys 20:21:41.0210 0x1468 NTFS - ok 20:21:41.0264 0x1468 [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null C:\WINDOWS\system32\drivers\Null.sys 20:21:41.0289 0x1468 Null - ok 20:21:41.0318 0x1468 [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys 20:21:41.0345 0x1468 nvraid - ok 20:21:41.0386 0x1468 [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys 20:21:41.0413 0x1468 nvstor - ok 20:21:41.0453 0x1468 [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll 20:21:41.0496 0x1468 OneSyncSvc - ok 20:21:41.0604 0x1468 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:21:41.0640 0x1468 ose - ok 20:21:41.0930 0x1468 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:21:42.0146 0x1468 osppsvc - ok 20:21:42.0243 0x1468 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll 20:21:42.0288 0x1468 p2pimsvc - ok 20:21:42.0349 0x1468 [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc C:\WINDOWS\system32\p2psvc.dll 20:21:42.0401 0x1468 p2psvc - ok 20:21:42.0444 0x1468 [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport C:\WINDOWS\System32\drivers\parport.sys 20:21:42.0474 0x1468 Parport - ok 20:21:42.0517 0x1468 [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys 20:21:42.0542 0x1468 partmgr - ok 20:21:42.0588 0x1468 [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc C:\WINDOWS\System32\pcasvc.dll 20:21:42.0634 0x1468 PcaSvc - ok 20:21:42.0690 0x1468 [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci C:\WINDOWS\system32\drivers\pci.sys 20:21:42.0723 0x1468 pci - ok 20:21:42.0762 0x1468 [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide C:\WINDOWS\system32\drivers\pciide.sys 20:21:42.0782 0x1468 pciide - ok 20:21:42.0808 0x1468 [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys 20:21:42.0835 0x1468 pcmcia - ok 20:21:42.0863 0x1468 [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw C:\WINDOWS\system32\drivers\pcw.sys 20:21:42.0886 0x1468 pcw - ok 20:21:42.0928 0x1468 [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc C:\WINDOWS\system32\drivers\pdc.sys 20:21:42.0953 0x1468 pdc - ok 20:21:43.0026 0x1468 [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys 20:21:43.0099 0x1468 PEAUTH - ok 20:21:43.0156 0x1468 [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys 20:21:43.0203 0x1468 percsas2i - ok 20:21:43.0230 0x1468 [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys 20:21:43.0253 0x1468 percsas3i - ok 20:21:43.0292 0x1468 [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe 20:21:43.0327 0x1468 PerfHost - ok 20:21:43.0406 0x1468 [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll 20:21:43.0473 0x1468 PhoneSvc - ok 20:21:43.0518 0x1468 [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll 20:21:43.0556 0x1468 PimIndexMaintenanceSvc - ok 20:21:43.0646 0x1468 [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla C:\WINDOWS\system32\pla.dll 20:21:43.0776 0x1468 pla - ok 20:21:43.0817 0x1468 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll 20:21:43.0859 0x1468 PlugPlay - ok 20:21:43.0910 0x1468 [ 37F6046CDC630442D7DC087501FF6FC6, EFC0F3DA49839CA263CD95AE5015F4FC554D9D845A58A699C542C8C96E70ED3C ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 20:21:43.0936 0x1468 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 ) 20:21:44.0206 0x1468 Detect skipped due to KSN trusted 20:21:44.0206 0x1468 Pml Driver HPZ12 - ok 20:21:44.0226 0x1468 [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll 20:21:44.0256 0x1468 PNRPAutoReg - ok 20:21:44.0295 0x1468 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll 20:21:44.0340 0x1468 PNRPsvc - ok 20:21:44.0393 0x1468 [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll 20:21:44.0441 0x1468 PolicyAgent - ok 20:21:44.0478 0x1468 [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power C:\WINDOWS\system32\umpo.dll 20:21:44.0514 0x1468 Power - ok 20:21:44.0563 0x1468 [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys 20:21:44.0600 0x1468 PptpMiniport - ok 20:21:44.0780 0x1468 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll 20:21:44.0986 0x1468 PrintNotify - ok 20:21:45.0054 0x1468 [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor C:\WINDOWS\System32\drivers\processr.sys 20:21:45.0087 0x1468 Processor - ok 20:21:45.0198 0x1468 [ BA2DA685FB152180908C7D778B2BBD61, 335C81941855D3DE90443E47E42D44645BE2AB736334DB96C0890D82EEF03475 ] ProductAgentService C:\Program Files\Bitdefender Agent\ProductAgentService.exe 20:21:45.0273 0x1468 ProductAgentService - ok 20:21:45.0318 0x1468 [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc C:\WINDOWS\system32\profsvc.dll 20:21:45.0382 0x1468 ProfSvc - ok 20:21:45.0424 0x1468 [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched C:\WINDOWS\system32\drivers\pacer.sys 20:21:45.0451 0x1468 Psched - ok 20:21:45.0501 0x1468 [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE C:\WINDOWS\system32\qwave.dll 20:21:45.0542 0x1468 QWAVE - ok 20:21:45.0571 0x1468 [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys 20:21:45.0597 0x1468 QWAVEdrv - ok 20:21:45.0635 0x1468 [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:21:45.0662 0x1468 RasAcd - ok 20:21:45.0747 0x1468 [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys 20:21:45.0777 0x1468 RasAgileVpn - ok 20:21:45.0814 0x1468 [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto C:\WINDOWS\System32\rasauto.dll 20:21:45.0847 0x1468 RasAuto - ok 20:21:45.0872 0x1468 [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys 20:21:45.0912 0x1468 Rasl2tp - ok 20:21:45.0966 0x1468 [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan C:\WINDOWS\System32\rasmans.dll 20:21:46.0027 0x1468 RasMan - ok 20:21:46.0074 0x1468 [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:21:46.0106 0x1468 RasPppoe - ok 20:21:46.0133 0x1468 [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys 20:21:46.0188 0x1468 RasSstp - ok 20:21:46.0221 0x1468 [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:21:46.0259 0x1468 rdbss - ok 20:21:46.0303 0x1468 [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys 20:21:46.0329 0x1468 rdpbus - ok 20:21:46.0361 0x1468 [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys 20:21:46.0396 0x1468 RDPDR - ok 20:21:46.0473 0x1468 [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys 20:21:46.0503 0x1468 RdpVideoMiniport - ok 20:21:46.0534 0x1468 [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys 20:21:46.0572 0x1468 rdyboost - ok 20:21:46.0653 0x1468 [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys 20:21:46.0718 0x1468 ReFSv1 - ok 20:21:46.0778 0x1468 [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 20:21:46.0843 0x1468 RemoteAccess - ok 20:21:46.0880 0x1468 [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 20:21:46.0923 0x1468 RemoteRegistry - ok 20:21:46.0975 0x1468 [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo C:\WINDOWS\system32\RDXService.dll 20:21:47.0037 0x1468 RetailDemo - ok 20:21:47.0115 0x1468 [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 20:21:47.0159 0x1468 RichVideo - detected UnsignedFile.Multi.Generic ( 1 ) 20:21:47.0430 0x1468 Detect skipped due to KSN trusted 20:21:47.0430 0x1468 RichVideo - ok 20:21:47.0550 0x1468 [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc C:\WINDOWS\System32\RMapi.dll 20:21:47.0616 0x1468 RmSvc - ok 20:21:47.0661 0x1468 [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll 20:21:47.0699 0x1468 RpcEptMapper - ok 20:21:47.0724 0x1468 [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator C:\WINDOWS\system32\locator.exe 20:21:47.0753 0x1468 RpcLocator - ok 20:21:47.0821 0x1468 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs C:\WINDOWS\system32\rpcss.dll 20:21:47.0895 0x1468 RpcSs - ok 20:21:47.0963 0x1468 [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys 20:21:47.0994 0x1468 rspndr - ok 20:21:48.0037 0x1468 [ F9265C902BB9146C6BFF97BDF35C04DE, DC70B404A701CE5F60421F664F745CA84722ED86FAFC87F2A8A71BFD25CD6151 ] rt640x64 C:\WINDOWS\System32\drivers\rt640x64.sys 20:21:48.0116 0x1468 rt640x64 - ok 20:21:48.0173 0x1468 [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport C:\windows\SysWOW64\drivers\rtport.sys 20:21:48.0190 0x1468 rtport - ok 20:21:48.0228 0x1468 [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys 20:21:48.0261 0x1468 s3cap - ok 20:21:48.0309 0x1468 [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI C:\windows\system32\Drivers\SABI.sys 20:21:48.0342 0x1468 SABI - ok 20:21:48.0375 0x1468 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs C:\WINDOWS\system32\lsass.exe 20:21:48.0400 0x1468 SamSs - ok 20:21:48.0428 0x1468 [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys 20:21:48.0453 0x1468 sbp2port - ok 20:21:48.0495 0x1468 [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll 20:21:48.0536 0x1468 SCardSvr - ok 20:21:48.0581 0x1468 [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll 20:21:48.0621 0x1468 ScDeviceEnum - ok 20:21:48.0666 0x1468 [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys 20:21:48.0695 0x1468 scfilter - ok 20:21:48.0769 0x1468 [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule C:\WINDOWS\system32\schedsvc.dll 20:21:48.0853 0x1468 Schedule - ok 20:21:48.0914 0x1468 [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus C:\WINDOWS\system32\drivers\scmbus.sys 20:21:48.0938 0x1468 scmbus - ok 20:21:48.0964 0x1468 [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101 C:\WINDOWS\System32\drivers\scmdisk0101.sys 20:21:48.0999 0x1468 scmdisk0101 - ok 20:21:49.0023 0x1468 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll 20:21:49.0060 0x1468 SCPolicySvc - ok 20:21:49.0109 0x1468 [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys 20:21:49.0141 0x1468 sdbus - ok 20:21:49.0174 0x1468 [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll 20:21:49.0211 0x1468 SDRSVC - ok 20:21:49.0236 0x1468 [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys 20:21:49.0265 0x1468 sdstor - ok 20:21:49.0298 0x1468 [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon C:\WINDOWS\system32\seclogon.dll 20:21:49.0336 0x1468 seclogon - ok 20:21:49.0363 0x1468 [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS C:\WINDOWS\System32\sens.dll 20:21:49.0397 0x1468 SENS - ok 20:21:49.0486 0x1468 [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe 20:21:49.0584 0x1468 SensorDataService - ok 20:21:49.0651 0x1468 [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService C:\WINDOWS\system32\SensorService.dll 20:21:49.0701 0x1468 SensorService - ok 20:21:49.0779 0x1468 [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll 20:21:49.0843 0x1468 SensrSvc - ok 20:21:49.0902 0x1468 [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys 20:21:49.0927 0x1468 SerCx - ok 20:21:49.0978 0x1468 [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys 20:21:50.0005 0x1468 SerCx2 - ok 20:21:50.0028 0x1468 [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum C:\WINDOWS\System32\drivers\serenum.sys 20:21:50.0055 0x1468 Serenum - ok 20:21:50.0084 0x1468 [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial C:\WINDOWS\System32\drivers\serial.sys 20:21:50.0114 0x1468 Serial - ok 20:21:50.0135 0x1468 [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys 20:21:50.0162 0x1468 sermouse - ok 20:21:50.0224 0x1468 [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv C:\WINDOWS\system32\sessenv.dll 20:21:50.0271 0x1468 SessionEnv - ok 20:21:50.0307 0x1468 [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys 20:21:50.0333 0x1468 sfloppy - ok 20:21:50.0394 0x1468 [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs C:\WINDOWS\system32\DRIVERS\Sftfslh.sys 20:21:50.0439 0x1468 Sftfs - ok 20:21:50.0528 0x1468 [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 20:21:50.0590 0x1468 sftlist - ok 20:21:50.0620 0x1468 [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay C:\WINDOWS\system32\DRIVERS\Sftplaylh.sys 20:21:50.0647 0x1468 Sftplay - ok 20:21:50.0674 0x1468 [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir C:\WINDOWS\system32\DRIVERS\Sftredirlh.sys 20:21:50.0692 0x1468 Sftredir - ok 20:21:50.0726 0x1468 [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol C:\WINDOWS\system32\DRIVERS\Sftvollh.sys 20:21:50.0745 0x1468 Sftvol - ok 20:21:50.0780 0x1468 [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 20:21:50.0830 0x1468 sftvsa - ok 20:21:50.0869 0x1468 [ 2FE1CD3AA602414841DB10AD96C95A5E, 1A2489DF37C13B578E69AA0D3D5DB3627C77750C45D78BB2872E29DD10253326 ] SGDrv C:\WINDOWS\System32\drivers\SGdrv64.sys 20:21:50.0891 0x1468 SGDrv - ok 20:21:50.0954 0x1468 [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 20:21:51.0007 0x1468 SharedAccess - ok 20:21:51.0069 0x1468 [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 20:21:51.0137 0x1468 ShellHWDetection - ok 20:21:51.0169 0x1468 [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll 20:21:51.0221 0x1468 shpamsvc - ok 20:21:51.0260 0x1468 [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys 20:21:51.0282 0x1468 SiSRaid2 - ok 20:21:51.0340 0x1468 [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys 20:21:51.0363 0x1468 SiSRaid4 - ok 20:21:51.0469 0x1468 [ 4E6FAEE3F259DAC82213D935785991FB, ADA019AD261BBEAE78495B508B4D375BEC1005DF119F20897D29C3C613A0CA46 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:21:51.0523 0x1468 SkypeUpdate - ok 20:21:51.0549 0x1468 [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost C:\WINDOWS\System32\smphost.dll 20:21:51.0578 0x1468 smphost - ok 20:21:51.0646 0x1468 [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll 20:21:51.0704 0x1468 SmsRouter - ok 20:21:51.0753 0x1468 [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe 20:21:51.0783 0x1468 SNMPTRAP - ok 20:21:51.0825 0x1468 [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys 20:21:51.0869 0x1468 spaceport - ok 20:21:51.0913 0x1468 [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys 20:21:51.0937 0x1468 SpbCx - ok 20:21:52.0002 0x1468 [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler C:\WINDOWS\System32\spoolsv.exe 20:21:52.0069 0x1468 Spooler - ok 20:21:52.0320 0x1468 [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc C:\WINDOWS\system32\sppsvc.exe 20:21:52.0715 0x1468 sppsvc - ok 20:21:52.0777 0x1468 [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv C:\WINDOWS\system32\DRIVERS\srv.sys 20:21:52.0824 0x1468 srv - ok 20:21:52.0877 0x1468 [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys 20:21:52.0938 0x1468 srv2 - ok 20:21:52.0992 0x1468 [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys 20:21:53.0029 0x1468 srvnet - ok 20:21:53.0096 0x1468 [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 20:21:53.0135 0x1468 SSDPSRV - ok 20:21:53.0173 0x1468 [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll 20:21:53.0213 0x1468 SstpSvc - ok 20:21:53.0408 0x1468 [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll 20:21:53.0642 0x1468 StateRepository - ok 20:21:53.0732 0x1468 [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys 20:21:53.0753 0x1468 stexstor - ok 20:21:53.0820 0x1468 [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc C:\WINDOWS\System32\wiaservc.dll 20:21:53.0882 0x1468 stisvc - ok 20:21:53.0943 0x1468 [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci C:\WINDOWS\system32\drivers\storahci.sys 20:21:53.0969 0x1468 storahci - ok 20:21:53.0995 0x1468 [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys 20:21:54.0017 0x1468 storflt - ok 20:21:54.0046 0x1468 [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys 20:21:54.0089 0x1468 stornvme - ok 20:21:54.0120 0x1468 [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys 20:21:54.0162 0x1468 storqosflt - ok 20:21:54.0213 0x1468 [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc C:\WINDOWS\system32\storsvc.dll 20:21:54.0261 0x1468 StorSvc - ok 20:21:54.0290 0x1468 [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs C:\WINDOWS\system32\drivers\storufs.sys 20:21:54.0312 0x1468 storufs - ok 20:21:54.0334 0x1468 [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys 20:21:54.0355 0x1468 storvsc - ok 20:21:54.0393 0x1468 [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc C:\WINDOWS\system32\svsvc.dll 20:21:54.0425 0x1468 svsvc - ok 20:21:54.0438 0x1468 [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum C:\WINDOWS\System32\drivers\swenum.sys 20:21:54.0460 0x1468 swenum - ok 20:21:54.0502 0x1468 [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv C:\WINDOWS\System32\swprv.dll 20:21:54.0558 0x1468 swprv - ok 20:21:54.0611 0x1468 [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys 20:21:54.0638 0x1468 Synth3dVsc - ok 20:21:54.0703 0x1468 [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain C:\WINDOWS\system32\sysmain.dll 20:21:54.0785 0x1468 SysMain - ok 20:21:54.0844 0x1468 [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll 20:21:54.0892 0x1468 SystemEventsBroker - ok 20:21:54.0956 0x1468 [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll 20:21:54.0992 0x1468 TabletInputService - ok 20:21:55.0027 0x1468 [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 20:21:55.0071 0x1468 TapiSrv - ok 20:21:55.0204 0x1468 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys 20:21:55.0336 0x1468 Tcpip - ok 20:21:55.0421 0x1468 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys 20:21:55.0546 0x1468 Tcpip6 - ok 20:21:55.0614 0x1468 [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys 20:21:55.0642 0x1468 tcpipreg - ok 20:21:55.0680 0x1468 [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys 20:21:55.0705 0x1468 tdx - ok 20:21:55.0746 0x1468 [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys 20:21:55.0768 0x1468 terminpt - ok 20:21:55.0831 0x1468 [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService C:\WINDOWS\System32\termsrv.dll 20:21:55.0926 0x1468 TermService - ok 20:21:55.0951 0x1468 [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes C:\WINDOWS\system32\themeservice.dll 20:21:55.0992 0x1468 Themes - ok 20:21:56.0043 0x1468 [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe 20:21:56.0089 0x1468 TieringEngineService - ok 20:21:56.0143 0x1468 [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll 20:21:56.0200 0x1468 tiledatamodelsvc - ok 20:21:56.0261 0x1468 [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc C:\WINDOWS\System32\TimeBrokerServer.dll 20:21:56.0298 0x1468 TimeBrokerSvc - ok 20:21:56.0335 0x1468 [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM C:\WINDOWS\System32\drivers\tpm.sys 20:21:56.0364 0x1468 TPM - ok 20:21:56.0401 0x1468 [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks C:\WINDOWS\System32\trkwks.dll 20:21:56.0435 0x1468 TrkWks - ok 20:21:56.0486 0x1468 [ FE3D70DE933A481284FCE7D5DB5DCE50, A2A1C6AEED6417FCEE5990CD766B2A78D9037583B57617418242D98C031617F2 ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys 20:21:56.0517 0x1468 trufos - ok 20:21:56.0575 0x1468 [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe 20:21:56.0605 0x1468 TrustedInstaller - ok 20:21:56.0646 0x1468 [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt C:\WINDOWS\system32\drivers\TsUsbFlt.sys 20:21:56.0686 0x1468 tsusbflt - ok 20:21:56.0694 0x1468 [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys 20:21:56.0721 0x1468 TsUsbGD - ok 20:21:56.0757 0x1468 [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys 20:21:56.0789 0x1468 tunnel - ok 20:21:56.0828 0x1468 [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll 20:21:56.0861 0x1468 tzautoupdate - ok 20:21:56.0898 0x1468 [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys 20:21:56.0921 0x1468 UASPStor - ok 20:21:56.0959 0x1468 [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys 20:21:56.0989 0x1468 UcmCx0101 - ok 20:21:57.0021 0x1468 [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys 20:21:57.0052 0x1468 UcmTcpciCx0101 - ok 20:21:57.0061 0x1468 [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys 20:21:57.0088 0x1468 UcmUcsi - ok 20:21:57.0119 0x1468 [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys 20:21:57.0148 0x1468 Ucx01000 - ok 20:21:57.0187 0x1468 [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys 20:21:57.0214 0x1468 UdeCx - ok 20:21:57.0245 0x1468 [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys 20:21:57.0293 0x1468 udfs - ok 20:21:57.0331 0x1468 [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys 20:21:57.0353 0x1468 UEFI - ok 20:21:57.0388 0x1468 [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys 20:21:57.0419 0x1468 Ufx01000 - ok 20:21:57.0455 0x1468 [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys 20:21:57.0479 0x1468 UfxChipidea - ok 20:21:57.0515 0x1468 [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys 20:21:57.0541 0x1468 ufxsynopsys - ok 20:21:57.0597 0x1468 [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe 20:21:57.0631 0x1468 UI0Detect - ok 20:21:57.0660 0x1468 [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus C:\WINDOWS\System32\drivers\umbus.sys 20:21:57.0688 0x1468 umbus - ok 20:21:57.0715 0x1468 [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys 20:21:57.0745 0x1468 UmPass - ok 20:21:57.0820 0x1468 [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService C:\WINDOWS\System32\umrdp.dll 20:21:57.0861 0x1468 UmRdpService - ok 20:21:57.0931 0x1468 [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc C:\WINDOWS\System32\unistore.dll 20:21:58.0020 0x1468 UnistoreSvc - ok 20:21:58.0173 0x1468 [ 547FC25EE3FF3C3EC02D6A828644C0A2, 8901E977FF4B822DFA485D09C96F74B5F82ED994EFE94F59F35B7817500E110A ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe 20:21:58.0214 0x1468 UPDATESRV - ok 20:21:58.0309 0x1468 [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost C:\WINDOWS\System32\upnphost.dll 20:21:58.0368 0x1468 upnphost - ok 20:21:58.0415 0x1468 [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys 20:21:58.0436 0x1468 UrsChipidea - ok 20:21:58.0466 0x1468 [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys 20:21:58.0489 0x1468 UrsCx01000 - ok 20:21:58.0513 0x1468 [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys 20:21:58.0534 0x1468 UrsSynopsys - ok 20:21:58.0568 0x1468 [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys 20:21:58.0595 0x1468 usbccgp - ok 20:21:58.0615 0x1468 [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys 20:21:58.0645 0x1468 usbcir - ok 20:21:58.0684 0x1468 [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys 20:21:58.0709 0x1468 usbehci - ok 20:21:58.0742 0x1468 [ B7037444DC5138FC7D3D3968B4DE5C4B, DD9E3E40766A3F3B708DA341B7280E447788218ED677E1A24EC0CD04B04281B2 ] usbfilter C:\WINDOWS\system32\DRIVERS\usbfilter.sys 20:21:58.0758 0x1468 usbfilter - ok 20:21:58.0795 0x1468 [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys 20:21:58.0836 0x1468 usbhub - ok 20:21:58.0876 0x1468 [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys 20:21:58.0919 0x1468 USBHUB3 - ok 20:21:58.0947 0x1468 [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys 20:21:58.0973 0x1468 usbohci - ok 20:21:58.0993 0x1468 [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys 20:21:59.0020 0x1468 usbprint - ok 20:21:59.0049 0x1468 [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser C:\WINDOWS\System32\drivers\usbser.sys 20:21:59.0078 0x1468 usbser - ok 20:21:59.0120 0x1468 [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS 20:21:59.0145 0x1468 USBSTOR - ok 20:21:59.0202 0x1468 [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys 20:21:59.0228 0x1468 usbuhci - ok 20:21:59.0269 0x1468 [ B4F448F2424492F99F83D3676A453553, 42F1396616EA93BF91EA847B185C321B189F1A5138CA19D22397E8DB6D576973 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys 20:21:59.0305 0x1468 usbvideo - ok 20:21:59.0360 0x1468 [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS 20:21:59.0397 0x1468 USBXHCI - ok 20:21:59.0492 0x1468 [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll 20:21:59.0596 0x1468 UserDataSvc - ok 20:21:59.0679 0x1468 [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager C:\WINDOWS\System32\usermgr.dll 20:21:59.0760 0x1468 UserManager - ok 20:21:59.0848 0x1468 [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc C:\WINDOWS\system32\usocore.dll 20:21:59.0903 0x1468 UsoSvc - ok 20:21:59.0934 0x1468 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc C:\WINDOWS\system32\lsass.exe 20:21:59.0959 0x1468 VaultSvc - ok 20:21:59.0976 0x1468 [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys 20:21:59.0999 0x1468 vdrvroot - ok 20:22:00.0056 0x1468 [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds C:\WINDOWS\System32\vds.exe 20:22:00.0121 0x1468 vds - ok 20:22:00.0163 0x1468 [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys 20:22:00.0191 0x1468 VerifierExt - ok 20:22:00.0267 0x1468 [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys 20:22:00.0316 0x1468 vhdmp - ok 20:22:00.0359 0x1468 [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf C:\WINDOWS\System32\drivers\vhf.sys 20:22:00.0386 0x1468 vhf - ok 20:22:00.0432 0x1468 [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys 20:22:00.0456 0x1468 vmbus - ok 20:22:00.0482 0x1468 [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys 20:22:00.0508 0x1468 VMBusHID - ok 20:22:00.0556 0x1468 [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys 20:22:00.0580 0x1468 vmgid - ok 20:22:00.0627 0x1468 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll 20:22:00.0667 0x1468 vmicguestinterface - ok 20:22:00.0682 0x1468 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat C:\WINDOWS\System32\icsvc.dll 20:22:00.0725 0x1468 vmicheartbeat - ok 20:22:00.0740 0x1468 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll 20:22:00.0781 0x1468 vmickvpexchange - ok 20:22:00.0817 0x1468 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv C:\WINDOWS\System32\icsvcext.dll 20:22:00.0859 0x1468 vmicrdv - ok 20:22:00.0876 0x1468 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown C:\WINDOWS\System32\icsvc.dll 20:22:00.0916 0x1468 vmicshutdown - ok 20:22:00.0931 0x1468 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync C:\WINDOWS\System32\icsvc.dll 20:22:00.0974 0x1468 vmictimesync - ok 20:22:00.0989 0x1468 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession C:\WINDOWS\System32\icsvc.dll 20:22:01.0031 0x1468 vmicvmsession - ok 20:22:01.0049 0x1468 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss C:\WINDOWS\System32\icsvcext.dll 20:22:01.0093 0x1468 vmicvss - ok 20:22:01.0122 0x1468 [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys 20:22:01.0146 0x1468 volmgr - ok 20:22:01.0172 0x1468 [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys 20:22:01.0208 0x1468 volmgrx - ok 20:22:01.0247 0x1468 [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys 20:22:01.0284 0x1468 volsnap - ok 20:22:01.0320 0x1468 [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume C:\WINDOWS\system32\drivers\volume.sys 20:22:01.0341 0x1468 volume - ok 20:22:01.0397 0x1468 [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci C:\WINDOWS\System32\drivers\vpci.sys 20:22:01.0421 0x1468 vpci - ok 20:22:01.0452 0x1468 [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys 20:22:01.0479 0x1468 vsmraid - ok 20:22:01.0579 0x1468 [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS C:\WINDOWS\system32\vssvc.exe 20:22:01.0684 0x1468 VSS - ok 20:22:01.0776 0x1468 [ 96DF3F150627FAB3098583B8A8A2A097, 51873F374E8ED4250BA823D9C015D174C3D03A9B5AF266530761539DB993D831 ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe 20:22:01.0935 0x1468 VSSERV - ok 20:22:01.0986 0x1468 [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys 20:22:02.0020 0x1468 VSTXRAID - ok 20:22:02.0094 0x1468 [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys 20:22:02.0120 0x1468 vwifibus - ok 20:22:02.0143 0x1468 [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys 20:22:02.0171 0x1468 vwififlt - ok 20:22:02.0202 0x1468 [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys 20:22:02.0229 0x1468 vwifimp - ok 20:22:02.0281 0x1468 [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time C:\WINDOWS\system32\w32time.dll 20:22:02.0337 0x1468 W32Time - ok 20:22:02.0407 0x1468 [ 4053FB949F48647A327BC18DFEEA4374, 52511C35854A673ADCD9084FEF9BC6A339BCA0290374B81140A371D67B13A8FB ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll 20:22:02.0500 0x1468 w3logsvc - ok 20:22:02.0582 0x1468 [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll 20:22:02.0636 0x1468 W3SVC - ok 20:22:02.0718 0x1468 [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys 20:22:02.0744 0x1468 WacomPen - ok 20:22:02.0778 0x1468 [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService C:\WINDOWS\system32\WalletService.dll 20:22:02.0829 0x1468 WalletService - ok 20:22:02.0855 0x1468 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:22:02.0892 0x1468 wanarp - ok 20:22:02.0900 0x1468 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:22:02.0937 0x1468 wanarpv6 - ok 20:22:02.0961 0x1468 [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll 20:22:03.0015 0x1468 WAS - ok 20:22:03.0111 0x1468 [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine C:\WINDOWS\system32\wbengine.exe 20:22:03.0217 0x1468 wbengine - ok 20:22:03.0311 0x1468 [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll 20:22:03.0395 0x1468 WbioSrvc - ok 20:22:03.0440 0x1468 [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs C:\WINDOWS\system32\drivers\wcifs.sys 20:22:03.0465 0x1468 wcifs - ok 20:22:03.0542 0x1468 [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll 20:22:03.0615 0x1468 Wcmsvc - ok 20:22:03.0655 0x1468 [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll 20:22:03.0707 0x1468 wcncsvc - ok 20:22:03.0741 0x1468 [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs C:\WINDOWS\system32\drivers\wcnfs.sys 20:22:03.0768 0x1468 wcnfs - ok 20:22:03.0814 0x1468 [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys 20:22:03.0837 0x1468 WdBoot - ok 20:22:03.0906 0x1468 [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys 20:22:03.0956 0x1468 Wdf01000 - ok 20:22:03.0996 0x1468 [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys 20:22:04.0029 0x1468 WdFilter - ok 20:22:04.0071 0x1468 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll 20:22:04.0109 0x1468 WdiServiceHost - ok 20:22:04.0117 0x1468 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll 20:22:04.0155 0x1468 WdiSystemHost - ok 20:22:04.0214 0x1468 [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys 20:22:04.0300 0x1468 wdiwifi - ok |
11.03.2017, 20:48 | #5 |
| Myfilestore.com Virus eingefangen? Teil 2: Code:
ATTFilter 20:22:04.0327 0x1468 [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys 20:22:04.0352 0x1468 WdNisDrv - ok 20:22:04.0384 0x1468 WdNisSvc - ok 20:22:04.0485 0x1468 [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient C:\WINDOWS\System32\webclnt.dll 20:22:04.0531 0x1468 WebClient - ok 20:22:04.0597 0x1468 [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll 20:22:04.0644 0x1468 Wecsvc - ok 20:22:04.0670 0x1468 [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll 20:22:04.0703 0x1468 WEPHOSTSVC - ok 20:22:04.0728 0x1468 [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll 20:22:04.0774 0x1468 wercplsupport - ok 20:22:04.0807 0x1468 [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc C:\WINDOWS\System32\WerSvc.dll 20:22:04.0844 0x1468 WerSvc - ok 20:22:04.0884 0x1468 [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys 20:22:04.0910 0x1468 WFPLWFS - ok 20:22:04.0936 0x1468 [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc C:\WINDOWS\System32\wiarpc.dll 20:22:04.0999 0x1468 WiaRpc - ok 20:22:05.0048 0x1468 [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys 20:22:05.0071 0x1468 WIMMount - ok 20:22:05.0076 0x1468 WinDefend - ok 20:22:09.0090 0x1468 xinputhid - ok 20:22:05.0114 0x1468 [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys 20:22:05.0139 0x1468 WindowsTrustedRT - ok 20:22:05.0171 0x1468 [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys 20:22:05.0191 0x1468 WindowsTrustedRTProxy - ok 20:22:05.0247 0x1468 [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll 20:22:05.0317 0x1468 WinHttpAutoProxySvc - ok 20:22:05.0344 0x1468 [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys 20:22:05.0366 0x1468 WinMad - ok 20:22:05.0434 0x1468 [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 20:22:05.0471 0x1468 Winmgmt - ok 20:22:05.0593 0x1468 [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM C:\WINDOWS\system32\WsmSvc.dll 20:22:05.0778 0x1468 WinRM - ok 20:22:05.0815 0x1468 [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS 20:22:05.0844 0x1468 WINUSB - ok 20:22:05.0867 0x1468 [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys 20:22:05.0891 0x1468 WinVerbs - ok 20:22:05.0962 0x1468 [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc C:\WINDOWS\system32\flightsettings.dll 20:22:06.0019 0x1468 wisvc - ok 20:22:06.0140 0x1468 [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc C:\WINDOWS\System32\wlansvc.dll 20:22:06.0291 0x1468 WlanSvc - ok 20:22:06.0357 0x1468 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:22:06.0373 0x1468 wlcrasvc - ok 20:22:06.0476 0x1468 [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll 20:22:06.0612 0x1468 wlidsvc - ok 20:22:06.0666 0x1468 [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys 20:22:06.0692 0x1468 WmiAcpi - ok 20:22:06.0736 0x1468 [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe 20:22:06.0771 0x1468 wmiApSrv - ok 20:22:06.0801 0x1468 WMPNetworkSvc - ok 20:22:06.0841 0x1468 [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof C:\WINDOWS\system32\drivers\Wof.sys 20:22:06.0869 0x1468 Wof - ok 20:22:06.0987 0x1468 [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll 20:22:07.0107 0x1468 workfolderssvc - ok 20:22:07.0157 0x1468 [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll 20:22:07.0191 0x1468 WPDBusEnum - ok 20:22:07.0222 0x1468 [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys 20:22:07.0245 0x1468 WpdUpFltr - ok 20:22:07.0272 0x1468 [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService C:\WINDOWS\system32\WpnService.dll 20:22:07.0312 0x1468 WpnService - ok 20:22:07.0337 0x1468 [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService C:\WINDOWS\System32\WpnUserService.dll 20:22:07.0369 0x1468 WpnUserService - ok 20:22:07.0473 0x1468 [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys 20:22:07.0498 0x1468 ws2ifsl - ok 20:22:07.0578 0x1468 [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc C:\WINDOWS\System32\wscsvc.dll 20:22:07.0633 0x1468 wscsvc - ok 20:22:07.0640 0x1468 WSearch - ok 20:22:07.0781 0x1468 [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv C:\WINDOWS\system32\wuaueng.dll 20:22:07.0928 0x1468 wuauserv - ok 20:22:07.0998 0x1468 [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys 20:22:08.0028 0x1468 WudfPf - ok 20:22:08.0062 0x1468 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd C:\WINDOWS\system32\drivers\WudfRd.sys 20:22:08.0099 0x1468 WUDFRd - ok 20:22:08.0146 0x1468 [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll 20:22:08.0182 0x1468 wudfsvc - ok 20:22:08.0196 0x1468 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 20:22:08.0233 0x1468 WUDFWpdFs - ok 20:22:08.0303 0x1468 [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll 20:22:08.0398 0x1468 WwanSvc - ok 20:22:08.0495 0x1468 [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll 20:22:08.0575 0x1468 XblAuthManager - ok 20:22:08.0685 0x1468 [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll 20:22:08.0773 0x1468 XblGameSave - ok 20:22:08.0830 0x1468 [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys 20:22:08.0867 0x1468 xboxgip - ok 20:22:08.0926 0x1468 [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll 20:22:09.0015 0x1468 XboxNetApiSvc - ok 20:22:09.0062 0x1468 [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys20:22:09.0095 0x1468 ================ Scan global =============================== 20:22:09.0136 0x1468 [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll 20:22:09.0186 0x1468 [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\WINDOWS\system32\winsrv.dll 20:22:09.0223 0x1468 [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll 20:22:09.0265 0x1468 [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe 20:22:09.0281 0x1468 [ Global ] - ok 20:22:09.0282 0x1468 ================ Scan MBR ================================== 20:22:09.0292 0x1468 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0 20:22:09.0741 0x1468 \Device\Harddisk0\DR0 - ok 20:22:09.0742 0x1468 ================ Scan VBR ================================== 20:22:09.0745 0x1468 [ 9D865CF95DF013723C0BF933684537A0 ] \Device\Harddisk0\DR0\Partition1 20:22:09.0747 0x1468 \Device\Harddisk0\DR0\Partition1 - ok 20:22:09.0753 0x1468 [ FB151AB35BB8AF4C986A0E5663AB00BD ] \Device\Harddisk0\DR0\Partition2 20:22:09.0756 0x1468 \Device\Harddisk0\DR0\Partition2 - ok 20:22:09.0781 0x1468 [ 2704C882109B92D9348729648EF2B251 ] \Device\Harddisk0\DR0\Partition3 20:22:09.0784 0x1468 \Device\Harddisk0\DR0\Partition3 - ok 20:22:09.0784 0x1468 ================ Scan generic autorun ====================== 20:22:10.0347 0x1468 [ C6992F5730886B6977313918583D13C7, 5D75DBF4D272BD4A8DDF40C7D9D8044621EFD12AB4303DBF90538AFBE2FEFD42 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 20:22:11.0071 0x1468 RtHDVCpl - ok 20:22:11.0104 0x1468 ETDCtrl - ok 20:22:11.0206 0x1468 [ EA4F9B19B3614349C79CC97DCA4C23A8, EC330F2E4F002FE450CDC1FC84AC0122C21C7912A483A99143450822004795E3 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe 20:22:11.0250 0x1468 StartCCC - ok 20:22:11.0334 0x1468 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe 20:22:11.0369 0x1468 HP Software Update - ok 20:22:11.0761 0x1468 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe 20:22:12.0397 0x1468 OneDriveSetup - ok 20:22:12.0768 0x1468 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe 20:22:13.0244 0x1468 OneDriveSetup - ok 20:22:13.0409 0x1468 [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe 20:22:13.0450 0x1468 Dropbox Update - ok 20:22:13.0553 0x1468 [ AAE92457F50F4DD74E2D502ADB9549EE, 70C8FBE410FE388D6B85334215EBE3393C16E8F8B19F5A8BA50DB6DF23196D50 ] C:\Users\Silvia\AppData\Local\Microsoft\OneDrive\OneDrive.exe 20:22:13.0664 0x1468 OneDrive - ok 20:22:14.0014 0x1468 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe 20:22:14.0574 0x1468 OneDriveSetup - ok 20:22:14.0666 0x1468 [ 2781E6EF593909A8B73FE1AD397F778A, E892D6C57F8903E20129E75A9B877690229280FD8106B5C7F96173175EA1AC4E ] C:\Program Files (x86)\Windows Mail\wab.exe 20:22:14.0812 0x1468 WAB Migrate - ok 20:22:14.0815 0x1468 Waiting for KSN requests completion. In queue: 257 20:22:15.0994 0x1468 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated ) 20:22:16.0028 0x1468 AV detected via SS2: Bitdefender-Virenschutz, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 19.4.0.216 ), 0x41000 ( enabled : updated ) 20:22:16.0052 0x1468 Win FW state via NFP2: enabled ( trusted ) 20:22:16.0160 0x1468 ============================================================ 20:22:16.0160 0x1468 Scan finished 20:22:16.0160 0x1468 ============================================================ 20:22:16.0180 0x1858 Detected object count: 0 20:22:16.0180 0x1858 Actual detected object count: 0 20:23:03.0544 0x1ce4 ============================================================ 20:23:03.0544 0x1ce4 Scan started 20:23:03.0544 0x1ce4 Mode: Manual; SigCheck; TDLFS; 20:23:03.0544 0x1ce4 ============================================================ 20:23:03.0544 0x1ce4 KSN ping started 20:23:03.0690 0x1ce4 KSN ping finished: true 20:23:04.0430 0x1ce4 ================ Scan system memory ======================== 20:23:04.0430 0x1ce4 System memory - ok 20:23:04.0431 0x1ce4 ================ Scan services ============================= 20:23:04.0627 0x1ce4 [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys 20:23:04.0674 0x1ce4 1394ohci - ok 20:23:04.0708 0x1ce4 [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys 20:23:04.0735 0x1ce4 3ware - ok 20:23:04.0798 0x1ce4 [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys 20:23:04.0856 0x1ce4 ACPI - ok 20:23:04.0889 0x1ce4 [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev C:\WINDOWS\System32\drivers\AcpiDev.sys 20:23:04.0916 0x1ce4 AcpiDev - ok 20:23:04.0961 0x1ce4 [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys 20:23:04.0990 0x1ce4 acpiex - ok 20:23:05.0020 0x1ce4 [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys 20:23:05.0047 0x1ce4 acpipagr - ok 20:23:05.0089 0x1ce4 [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys 20:23:05.0114 0x1ce4 AcpiPmi - ok 20:23:05.0149 0x1ce4 [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys 20:23:05.0177 0x1ce4 acpitime - ok 20:23:05.0333 0x1ce4 [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:23:05.0459 0x1ce4 AdobeARMservice - ok 20:23:05.0570 0x1ce4 [ 89ECFB35517F62C3802B227F288B750E, 47B329FEC98DC634A9068D6B88A331B323D99E9C21D3FE330352210841E715CA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:23:05.0626 0x1ce4 AdobeFlashPlayerUpdateSvc - ok 20:23:05.0847 0x1ce4 [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS 20:23:05.0917 0x1ce4 ADP80XX - ok 20:23:05.0993 0x1ce4 [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD C:\WINDOWS\system32\drivers\afd.sys 20:23:06.0042 0x1ce4 AFD - ok 20:23:06.0081 0x1ce4 [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys 20:23:06.0120 0x1ce4 ahcache - ok 20:23:06.0161 0x1ce4 [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter C:\WINDOWS\System32\AJRouter.dll 20:23:06.0187 0x1ce4 AJRouter - ok 20:23:06.0219 0x1ce4 [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG C:\WINDOWS\System32\alg.exe 20:23:06.0250 0x1ce4 ALG - ok 20:23:06.0287 0x1ce4 [ 521248FA26458669BAAE6AB7DB21F3AC, 2C609E80220EDDFFE0A44A376D450F461597D00E5F4E526D10FF09E66D06A9B7 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe 20:23:06.0322 0x1ce4 AMD External Events Utility - ok 20:23:06.0406 0x1ce4 [ 17DBF2825FFA6D66B1B3C55665721884, AE6369796BB1D586F76AF90F68CD34242F7FD586E8C2183474D154F384881511 ] AMD FUEL Service C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 20:23:06.0440 0x1ce4 AMD FUEL Service - detected UnsignedFile.Multi.Generic ( 1 ) 20:23:06.0440 0x1ce4 Detect skipped due to KSN trusted 20:23:06.0441 0x1ce4 AMD FUEL Service - ok 20:23:06.0499 0x1ce4 [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys 20:23:06.0532 0x1ce4 AmdK8 - ok 20:23:06.0551 0x1ce4 amdkmdag - ok 20:23:06.0679 0x1ce4 [ AD96CC96B6A0CEE8910A13679426C970, 18005892C57CF8F3B2F09C3DDEC10612EC9B1C14BB057196AAE209D2703FF06E ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys 20:23:06.0729 0x1ce4 amdkmdap - ok 20:23:06.0755 0x1ce4 [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys 20:23:06.0787 0x1ce4 AmdPPM - ok 20:23:06.0820 0x1ce4 [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys 20:23:06.0845 0x1ce4 amdsata - ok 20:23:06.0881 0x1ce4 [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys 20:23:06.0914 0x1ce4 amdsbs - ok 20:23:06.0942 0x1ce4 [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys 20:23:06.0964 0x1ce4 amdxata - ok 20:23:06.0989 0x1ce4 [ BB4FE7889DB9CBBE61A308E99697F53C, 0B6B301EC8C2B9CBDBAEEBC54E3D3E6FE6A3A51F71E75FFE71AE30ADF8FC5E23 ] amd_sata C:\WINDOWS\system32\drivers\amd_sata.sys 20:23:07.0008 0x1ce4 amd_sata - ok 20:23:07.0024 0x1ce4 [ 5631CBA53F1CBEA3F9E88348E6723391, 5F20FF4F651733A097990DDC3748CD00F3310B0B55BC975FA3654CDA740E0A3D ] amd_xata C:\WINDOWS\system32\drivers\amd_xata.sys 20:23:07.0040 0x1ce4 amd_xata - ok 20:23:07.0095 0x1ce4 [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 20:23:07.0113 0x1ce4 AODDriver4.3 - ok 20:23:07.0162 0x1ce4 [ 5B0F4FB165256DE463A51E3A3127969E, 6751ADFFE95FA671C584427A9624EEB79518DE08132FD7A83148700B75487316 ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll 20:23:07.0194 0x1ce4 AppHostSvc - ok 20:23:07.0226 0x1ce4 [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID C:\WINDOWS\system32\drivers\appid.sys 20:23:07.0254 0x1ce4 AppID - ok 20:23:07.0321 0x1ce4 [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll 20:23:07.0374 0x1ce4 AppIDSvc - ok 20:23:07.0407 0x1ce4 [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo C:\WINDOWS\System32\appinfo.dll 20:23:07.0441 0x1ce4 Appinfo - ok 20:23:07.0463 0x1ce4 [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr C:\WINDOWS\system32\drivers\applockerfltr.sys 20:23:07.0496 0x1ce4 applockerfltr - ok 20:23:07.0556 0x1ce4 [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll 20:23:07.0612 0x1ce4 AppReadiness - ok 20:23:07.0754 0x1ce4 [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll 20:23:07.0895 0x1ce4 AppXSvc - ok 20:23:07.0953 0x1ce4 [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys 20:23:07.0981 0x1ce4 arcsas - ok 20:23:08.0254 0x1ce4 [ 5EE26734A882478AF6696092E2E0F352, 6CACFF521B3B839F73EBEB6EFBFDCCA8A8BC319DDB254BE3EFE29A39040B2C26 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:23:08.0278 0x1ce4 aspnet_state - ok 20:23:08.0327 0x1ce4 [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys 20:23:08.0356 0x1ce4 AsyncMac - ok 20:23:08.0418 0x1ce4 [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys 20:23:08.0440 0x1ce4 atapi - ok 20:23:08.0634 0x1ce4 [ D03E551165C72F2A4BBDDC566EAA819E, 8047E2D20724B464B481F06C3AC1FA5734E97F7EC0D86EFEECD76480C84B3959 ] athr C:\WINDOWS\System32\drivers\athwnx.sys 20:23:08.0888 0x1ce4 athr - ok 20:23:08.0953 0x1ce4 [ 0966FD5BAB1F9BE200875E9EED0A0A13, F4BE70C0581B51ED6DAE6412A5FF74AE310BF88DE89C5A5E5880BEED543B01D7 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys 20:23:08.0983 0x1ce4 AtiHDAudioService - ok 20:23:09.0032 0x1ce4 [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll 20:23:09.0077 0x1ce4 AudioEndpointBuilder - ok 20:23:09.0140 0x1ce4 [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll 20:23:09.0216 0x1ce4 Audiosrv - ok 20:23:09.0369 0x1ce4 [ B18699497436228F1109132D669CF29A, 1A358BC7E7931FE43B1038E33EBEA365476E5A2EFB9476F47E3476A3669063FB ] avc3 C:\WINDOWS\system32\DRIVERS\avc3.sys 20:23:09.0473 0x1ce4 avc3 - ok 20:23:09.0550 0x1ce4 [ 1251FB8BF8E6B6129065326A3E8A4378, 1AF1DAE71A8126A875AC3197FD69BCD52949DC08694A29EAB6FA3ED31695BDED ] avckf C:\WINDOWS\system32\DRIVERS\avckf.sys 20:23:09.0597 0x1ce4 avckf - ok 20:23:09.0641 0x1ce4 [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll 20:23:09.0674 0x1ce4 AxInstSV - ok 20:23:09.0730 0x1ce4 [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys 20:23:09.0773 0x1ce4 b06bdrv - ok 20:23:09.0800 0x1ce4 [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys 20:23:09.0829 0x1ce4 BasicDisplay - ok 20:23:09.0851 0x1ce4 [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys 20:23:09.0877 0x1ce4 BasicRender - ok 20:23:09.0911 0x1ce4 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\WINDOWS\System32\drivers\bcmfn.sys 20:23:09.0935 0x1ce4 bcmfn - ok 20:23:09.0963 0x1ce4 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys 20:23:09.0988 0x1ce4 bcmfn2 - ok 20:23:10.0049 0x1ce4 [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC C:\WINDOWS\System32\bdesvc.dll 20:23:10.0113 0x1ce4 BDESVC - ok 20:23:10.0202 0x1ce4 [ 0B3BADC084AB1592D6E2D4CFA3AA2461, C62860DF753E455D2D4FFFE04CB26D84590947A4B41FA853D83A8F8EB9E80F9C ] bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys 20:23:10.0223 0x1ce4 bdfwfpf - ok 20:23:10.0251 0x1ce4 [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep C:\WINDOWS\system32\drivers\Beep.sys 20:23:10.0275 0x1ce4 Beep - ok 20:23:10.0333 0x1ce4 [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE C:\WINDOWS\System32\bfe.dll 20:23:10.0398 0x1ce4 BFE - ok 20:23:10.0492 0x1ce4 [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS C:\WINDOWS\System32\qmgr.dll 20:23:10.0573 0x1ce4 BITS - ok 20:23:10.0613 0x1ce4 [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys 20:23:10.0642 0x1ce4 bowser - ok 20:23:10.0710 0x1ce4 [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll 20:23:10.0773 0x1ce4 BrokerInfrastructure - ok 20:23:10.0839 0x1ce4 [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser C:\WINDOWS\System32\browser.dll 20:23:10.0870 0x1ce4 Browser - ok 20:23:10.0914 0x1ce4 [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys 20:23:10.0942 0x1ce4 BthAvrcpTg - ok 20:23:10.0966 0x1ce4 [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys 20:23:10.0995 0x1ce4 BthHFEnum - ok 20:23:11.0022 0x1ce4 [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys 20:23:11.0048 0x1ce4 bthhfhid - ok 20:23:11.0077 0x1ce4 [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll 20:23:11.0120 0x1ce4 BthHFSrv - ok 20:23:11.0157 0x1ce4 [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys 20:23:11.0185 0x1ce4 BTHMODEM - ok 20:23:11.0219 0x1ce4 [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv C:\WINDOWS\system32\bthserv.dll 20:23:11.0265 0x1ce4 bthserv - ok 20:23:11.0313 0x1ce4 [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys 20:23:11.0344 0x1ce4 buttonconverter - ok 20:23:11.0380 0x1ce4 [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg C:\WINDOWS\System32\drivers\capimg.sys 20:23:11.0414 0x1ce4 CapImg - ok 20:23:11.0473 0x1ce4 [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys 20:23:11.0503 0x1ce4 cdfs - ok 20:23:11.0561 0x1ce4 [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll 20:23:11.0610 0x1ce4 CDPSvc - ok 20:23:11.0636 0x1ce4 [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc C:\WINDOWS\System32\CDPUserSvc.dll 20:23:11.0680 0x1ce4 CDPUserSvc - ok 20:23:11.0729 0x1ce4 [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys 20:23:11.0777 0x1ce4 cdrom - ok 20:23:11.0825 0x1ce4 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc C:\WINDOWS\System32\certprop.dll 20:23:11.0861 0x1ce4 CertPropSvc - ok 20:23:11.0915 0x1ce4 [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi C:\WINDOWS\system32\drivers\cht4sx64.sys 20:23:11.0949 0x1ce4 cht4iscsi - ok 20:23:12.0042 0x1ce4 [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd C:\WINDOWS\System32\drivers\cht4vx64.sys 20:23:12.0184 0x1ce4 cht4vbd - ok 20:23:12.0249 0x1ce4 [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass C:\WINDOWS\System32\drivers\circlass.sys 20:23:12.0278 0x1ce4 circlass - ok 20:23:12.0329 0x1ce4 [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys 20:23:12.0365 0x1ce4 CLFS - ok 20:23:12.0431 0x1ce4 [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll 20:23:12.0482 0x1ce4 ClipSVC - ok 20:23:12.0508 0x1ce4 [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg C:\WINDOWS\System32\drivers\registry.sys 20:23:12.0537 0x1ce4 clreg - ok 20:23:12.0590 0x1ce4 [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd C:\WINDOWS\system32\DRIVERS\clwvd.sys 20:23:12.0605 0x1ce4 clwvd - ok 20:23:12.0642 0x1ce4 [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys 20:23:12.0677 0x1ce4 CmBatt - ok 20:23:12.0724 0x1ce4 [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG C:\WINDOWS\system32\Drivers\cng.sys 20:23:12.0770 0x1ce4 CNG - ok 20:23:12.0809 0x1ce4 [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys 20:23:12.0831 0x1ce4 cnghwassist - ok 20:23:12.0912 0x1ce4 [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys 20:23:12.0952 0x1ce4 CompositeBus - ok 20:23:12.0964 0x1ce4 COMSysApp - ok 20:23:13.0008 0x1ce4 [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv C:\WINDOWS\system32\drivers\condrv.sys 20:23:13.0030 0x1ce4 condrv - ok 20:23:13.0120 0x1ce4 [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll 20:23:13.0175 0x1ce4 CoreMessagingRegistrar - ok 20:23:13.0224 0x1ce4 [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll 20:23:13.0258 0x1ce4 CryptSvc - ok 20:23:13.0388 0x1ce4 [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 20:23:13.0443 0x1ce4 cvhsvc - ok 20:23:13.0495 0x1ce4 [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam C:\WINDOWS\system32\drivers\dam.sys 20:23:13.0519 0x1ce4 dam - ok 20:23:13.0595 0x1ce4 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 20:23:13.0674 0x1ce4 DcomLaunch - ok 20:23:13.0759 0x1ce4 [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll 20:23:13.0800 0x1ce4 DcpSvc - ok 20:23:13.0851 0x1ce4 [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc C:\WINDOWS\System32\defragsvc.dll 20:23:13.0911 0x1ce4 defragsvc - ok 20:23:14.0000 0x1ce4 [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll 20:23:14.0050 0x1ce4 DeviceAssociationService - ok 20:23:14.0085 0x1ce4 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll 20:23:14.0126 0x1ce4 DeviceInstall - ok 20:23:14.0318 0x1ce4 [ C344E9B44C05326218B07AFB8A2AE754, 7828BACF197A6E6FF4086CB54396B8B2B7089270281B40E0434B951FC7AB7B91 ] DevoloNetworkService C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe 20:23:14.0499 0x1ce4 DevoloNetworkService - ok 20:23:14.0553 0x1ce4 [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll 20:23:14.0595 0x1ce4 DevQueryBroker - ok 20:23:14.0658 0x1ce4 [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys 20:23:14.0696 0x1ce4 Dfsc - ok 20:23:14.0757 0x1ce4 [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll 20:23:14.0818 0x1ce4 Dhcp - ok 20:23:14.0894 0x1ce4 [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 20:23:14.0933 0x1ce4 diagnosticshub.standardcollector.service - ok 20:23:15.0208 0x1ce4 [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll 20:23:15.0379 0x1ce4 DiagTrack - ok 20:23:15.0463 0x1ce4 [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk C:\WINDOWS\system32\drivers\disk.sys 20:23:15.0488 0x1ce4 disk - ok 20:23:15.0546 0x1ce4 [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll 20:23:15.0594 0x1ce4 DmEnrollmentSvc - ok 20:23:15.0637 0x1ce4 [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys 20:23:15.0663 0x1ce4 dmvsc - ok 20:23:15.0709 0x1ce4 [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll 20:23:15.0747 0x1ce4 dmwappushservice - ok 20:23:15.0790 0x1ce4 [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 20:23:15.0831 0x1ce4 Dnscache - ok 20:23:15.0861 0x1ce4 [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc C:\WINDOWS\System32\dot3svc.dll 20:23:15.0902 0x1ce4 dot3svc - ok 20:23:15.0943 0x1ce4 [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS C:\WINDOWS\system32\dps.dll 20:23:15.0978 0x1ce4 DPS - ok 20:23:16.0006 0x1ce4 [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud C:\WINDOWS\system32\DRIVERS\drmkaud.sys 20:23:16.0027 0x1ce4 drmkaud - ok 20:23:16.0063 0x1ce4 [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll 20:23:16.0103 0x1ce4 DsmSvc - ok 20:23:16.0131 0x1ce4 [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc C:\WINDOWS\System32\DsSvc.dll 20:23:16.0169 0x1ce4 DsSvc - ok 20:23:16.0306 0x1ce4 [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys 20:23:16.0413 0x1ce4 DXGKrnl - ok 20:23:16.0491 0x1ce4 [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost C:\WINDOWS\System32\eapsvc.dll 20:23:16.0532 0x1ce4 EapHost - ok 20:23:16.0717 0x1ce4 [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys 20:23:16.0889 0x1ce4 ebdrv - ok 20:23:16.0946 0x1ce4 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS C:\WINDOWS\System32\lsass.exe 20:23:16.0972 0x1ce4 EFS - ok 20:23:17.0016 0x1ce4 [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys 20:23:17.0040 0x1ce4 EhStorClass - ok 20:23:17.0073 0x1ce4 [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys 20:23:17.0098 0x1ce4 EhStorTcgDrv - ok 20:23:17.0164 0x1ce4 [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll 20:23:17.0200 0x1ce4 embeddedmode - ok 20:23:17.0247 0x1ce4 [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll 20:23:17.0287 0x1ce4 EntAppSvc - ok 20:23:17.0318 0x1ce4 [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys 20:23:17.0344 0x1ce4 ErrDev - ok 20:23:17.0448 0x1ce4 [ EFE74410FCB752DEDB9E8BFAE6552772, 07CA41742AF48E970AEEE0F62563036FC0BC4AA849AEB7348CF211DADB227F3B ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys 20:23:17.0486 0x1ce4 ETD - ok 20:23:17.0608 0x1ce4 [ 843E6C9C663AF3D5148C010AFCCD3ABC, 028591C35E871A5F6CBD56828A778BB9F21A61A8C1FEC787E1375F289206295A ] ETDService C:\Program Files\Elantech\ETDService.exe 20:23:17.0630 0x1ce4 ETDService - ok 20:23:17.0687 0x1ce4 [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem C:\WINDOWS\system32\es.dll 20:23:17.0735 0x1ce4 EventSystem - ok 20:23:17.0777 0x1ce4 [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat C:\WINDOWS\system32\drivers\exfat.sys 20:23:17.0819 0x1ce4 exfat - ok 20:23:17.0873 0x1ce4 [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys 20:23:17.0907 0x1ce4 fastfat - ok 20:23:17.0984 0x1ce4 [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax C:\WINDOWS\system32\fxssvc.exe 20:23:18.0042 0x1ce4 Fax - ok 20:23:18.0073 0x1ce4 [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc C:\WINDOWS\System32\drivers\fdc.sys 20:23:18.0099 0x1ce4 fdc - ok 20:23:18.0130 0x1ce4 [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost C:\WINDOWS\system32\fdPHost.dll 20:23:18.0163 0x1ce4 fdPHost - ok 20:23:18.0190 0x1ce4 [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub C:\WINDOWS\system32\fdrespub.dll 20:23:18.0221 0x1ce4 FDResPub - ok 20:23:18.0270 0x1ce4 [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc C:\WINDOWS\system32\fhsvc.dll 20:23:18.0301 0x1ce4 fhsvc - ok 20:23:18.0338 0x1ce4 [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys 20:23:18.0366 0x1ce4 FileCrypt - ok 20:23:18.0386 0x1ce4 [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys 20:23:18.0410 0x1ce4 FileInfo - ok 20:23:18.0420 0x1ce4 [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys 20:23:18.0451 0x1ce4 Filetrace - ok 20:23:18.0459 0x1ce4 [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys 20:23:18.0486 0x1ce4 flpydisk - ok 20:23:18.0517 0x1ce4 [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 20:23:18.0554 0x1ce4 FltMgr - ok 20:23:18.0642 0x1ce4 [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache C:\WINDOWS\system32\FntCache.dll 20:23:18.0760 0x1ce4 FontCache - ok 20:23:18.0842 0x1ce4 [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:23:18.0866 0x1ce4 FontCache3.0.0.0 - ok 20:23:18.0973 0x1ce4 [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer C:\WINDOWS\system32\FrameServer.dll 20:23:19.0045 0x1ce4 FrameServer - ok 20:23:19.0106 0x1ce4 [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys 20:23:19.0128 0x1ce4 FsDepends - ok 20:23:19.0150 0x1ce4 [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:23:19.0172 0x1ce4 Fs_Rec - ok 20:23:19.0262 0x1ce4 [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys 20:23:19.0309 0x1ce4 fvevol - ok 20:23:19.0389 0x1ce4 [ 521A469CAF61F00E1DE081CC2099C1D6, 5BF39C9797A28674203D5C3D5D942978B9C66F658A43D7696B4BE3E8A7880EB9 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe 20:23:19.0429 0x1ce4 GameConsoleService - ok 20:23:19.0483 0x1ce4 [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys 20:23:19.0508 0x1ce4 gencounter - ok 20:23:19.0516 0x1ce4 [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys 20:23:19.0545 0x1ce4 genericusbfn - ok 20:23:19.0593 0x1ce4 [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys 20:23:19.0639 0x1ce4 GPIOClx0101 - ok 20:23:19.0720 0x1ce4 [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc C:\WINDOWS\System32\gpsvc.dll 20:23:19.0808 0x1ce4 gpsvc - ok 20:23:19.0871 0x1ce4 [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys 20:23:19.0895 0x1ce4 GpuEnergyDrv - ok 20:23:20.0044 0x1ce4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:23:20.0243 0x1ce4 gupdate - ok 20:23:20.0254 0x1ce4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:23:20.0376 0x1ce4 gupdatem - ok 20:23:20.0410 0x1ce4 [ 06BFA49C4D999E93E214DB4E8044DE0B, 5E339A2A6858AA59F8B0879AB4CB87DBC6622322259CB612594552DDE831ACD0 ] gzflt C:\WINDOWS\system32\DRIVERS\gzflt.sys 20:23:20.0504 0x1ce4 gzflt - ok 20:23:20.0553 0x1ce4 [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys 20:23:20.0581 0x1ce4 HDAudBus - ok 20:23:20.0615 0x1ce4 [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys 20:23:20.0636 0x1ce4 HidBatt - ok 20:23:20.0670 0x1ce4 [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys 20:23:20.0700 0x1ce4 HidBth - ok 20:23:20.0745 0x1ce4 [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys 20:23:20.0785 0x1ce4 hidi2c - ok 20:23:20.0811 0x1ce4 [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys 20:23:20.0834 0x1ce4 hidinterrupt - ok 20:23:20.0873 0x1ce4 [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys 20:23:20.0900 0x1ce4 HidIr - ok 20:23:20.0973 0x1ce4 [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv C:\WINDOWS\system32\hidserv.dll 20:23:21.0001 0x1ce4 hidserv - ok 20:23:21.0067 0x1ce4 [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys 20:23:21.0157 0x1ce4 HidUsb - ok 20:23:21.0209 0x1ce4 [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll 20:23:21.0251 0x1ce4 HomeGroupListener - ok 20:23:21.0309 0x1ce4 [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll 20:23:21.0359 0x1ce4 HomeGroupProvider - ok 20:23:21.0574 0x1ce4 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 20:23:21.0610 0x1ce4 hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 ) 20:23:21.0611 0x1ce4 Detect skipped due to KSN trusted 20:23:21.0611 0x1ce4 hpqcxs08 - ok 20:23:21.0718 0x1ce4 [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 20:23:21.0747 0x1ce4 hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 ) 20:23:21.0747 0x1ce4 Detect skipped due to KSN trusted 20:23:21.0747 0x1ce4 hpqddsvc - ok 20:23:21.0803 0x1ce4 [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys 20:23:21.0825 0x1ce4 HpSAMD - ok 20:23:21.0899 0x1ce4 [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys 20:23:21.0965 0x1ce4 HTTP - ok 20:23:22.0046 0x1ce4 [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll 20:23:22.0074 0x1ce4 HvHost - ok 20:23:22.0117 0x1ce4 [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys 20:23:22.0141 0x1ce4 hvservice - ok 20:23:22.0178 0x1ce4 [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys 20:23:22.0199 0x1ce4 hwpolicy - ok 20:23:22.0208 0x1ce4 [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys 20:23:22.0235 0x1ce4 hyperkbd - ok 20:23:22.0274 0x1ce4 [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys 20:23:22.0305 0x1ce4 i8042prt - ok 20:23:22.0326 0x1ce4 [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio C:\WINDOWS\System32\drivers\iagpio.sys 20:23:22.0353 0x1ce4 iagpio - ok 20:23:22.0386 0x1ce4 [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys 20:23:22.0414 0x1ce4 iai2c - ok 20:23:22.0447 0x1ce4 [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2 C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 20:23:22.0476 0x1ce4 iaLPSS2i_GPIO2 - ok 20:23:22.0500 0x1ce4 [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 20:23:22.0524 0x1ce4 iaLPSS2i_I2C - ok 20:23:22.0565 0x1ce4 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 20:23:22.0583 0x1ce4 iaLPSSi_GPIO - ok 20:23:22.0609 0x1ce4 [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys 20:23:22.0640 0x1ce4 iaLPSSi_I2C - ok 20:23:22.0685 0x1ce4 [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys 20:23:22.0732 0x1ce4 iaStorAV - ok 20:23:22.0779 0x1ce4 [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys 20:23:22.0816 0x1ce4 iaStorV - ok 20:23:22.0870 0x1ce4 [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys 20:23:22.0912 0x1ce4 ibbus - ok 20:23:22.0958 0x1ce4 [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc C:\WINDOWS\System32\tetheringservice.dll 20:23:22.0997 0x1ce4 icssvc - ok 20:23:23.0087 0x1ce4 [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT C:\WINDOWS\System32\ikeext.dll 20:23:23.0160 0x1ce4 IKEEXT - ok 20:23:23.0196 0x1ce4 [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd C:\WINDOWS\System32\drivers\IndirectKmd.sys 20:23:23.0223 0x1ce4 IndirectKmd - ok 20:23:23.0475 0x1ce4 [ 8DEDB08D32562867A3E83F0184F39ED4, 48D5A490C436386BA9BD0F9173E96346118C5E584099F2F31B0E931FF96BB4B9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys 20:23:23.0671 0x1ce4 IntcAzAudAddService - ok 20:23:23.0738 0x1ce4 [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide C:\WINDOWS\system32\drivers\intelide.sys 20:23:23.0758 0x1ce4 intelide - ok 20:23:23.0786 0x1ce4 [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys 20:23:23.0808 0x1ce4 intelpep - ok 20:23:23.0848 0x1ce4 [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys 20:23:23.0879 0x1ce4 intelppm - ok 20:23:23.0920 0x1ce4 [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate C:\WINDOWS\system32\drivers\iorate.sys 20:23:23.0942 0x1ce4 iorate - ok 20:23:23.0966 0x1ce4 [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:23:23.0995 0x1ce4 IpFilterDriver - ok 20:23:24.0065 0x1ce4 [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll 20:23:24.0138 0x1ce4 iphlpsvc - ok 20:23:24.0174 0x1ce4 [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys 20:23:24.0198 0x1ce4 IPMIDRV - ok 20:23:24.0229 0x1ce4 [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys 20:23:24.0264 0x1ce4 IPNAT - ok 20:23:24.0286 0x1ce4 [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda C:\WINDOWS\system32\drivers\irda.sys 20:23:24.0317 0x1ce4 irda - ok 20:23:24.0347 0x1ce4 [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys 20:23:24.0375 0x1ce4 IRENUM - ok 20:23:24.0413 0x1ce4 [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon C:\WINDOWS\System32\irmon.dll 20:23:24.0442 0x1ce4 irmon - ok 20:23:24.0462 0x1ce4 [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys 20:23:24.0484 0x1ce4 isapnp - ok 20:23:24.0524 0x1ce4 [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys 20:23:24.0555 0x1ce4 iScsiPrt - ok 20:23:24.0602 0x1ce4 [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys 20:23:24.0624 0x1ce4 kbdclass - ok 20:23:24.0641 0x1ce4 [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys 20:23:24.0667 0x1ce4 kbdhid - ok 20:23:24.0697 0x1ce4 [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys 20:23:24.0739 0x1ce4 kdnic - ok 20:23:24.0778 0x1ce4 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso C:\WINDOWS\system32\lsass.exe 20:23:24.0802 0x1ce4 KeyIso - ok 20:23:24.0838 0x1ce4 [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys 20:23:24.0863 0x1ce4 KSecDD - ok 20:23:24.0915 0x1ce4 [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys 20:23:24.0958 0x1ce4 KSecPkg - ok 20:23:24.0992 0x1ce4 [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys 20:23:25.0026 0x1ce4 ksthunk - ok 20:23:25.0103 0x1ce4 [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll 20:23:25.0149 0x1ce4 KtmRm - ok 20:23:25.0203 0x1ce4 [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll 20:23:25.0250 0x1ce4 LanmanServer - ok 20:23:25.0300 0x1ce4 [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll 20:23:25.0344 0x1ce4 LanmanWorkstation - ok 20:23:25.0384 0x1ce4 [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc C:\WINDOWS\System32\lfsvc.dll 20:23:25.0423 0x1ce4 lfsvc - ok 20:23:25.0453 0x1ce4 [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll 20:23:25.0521 0x1ce4 LicenseManager - ok 20:23:25.0563 0x1ce4 [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys 20:23:25.0590 0x1ce4 lltdio - ok 20:23:25.0629 0x1ce4 [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll 20:23:25.0669 0x1ce4 lltdsvc - ok 20:23:25.0711 0x1ce4 [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll 20:23:25.0757 0x1ce4 lmhosts - ok 20:23:25.0814 0x1ce4 [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys 20:23:25.0838 0x1ce4 LSI_SAS - ok 20:23:25.0862 0x1ce4 [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys 20:23:25.0887 0x1ce4 LSI_SAS2i - ok 20:23:25.0914 0x1ce4 [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys 20:23:25.0939 0x1ce4 LSI_SAS3i - ok 20:23:25.0949 0x1ce4 [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys 20:23:25.0973 0x1ce4 LSI_SSS - ok 20:23:26.0034 0x1ce4 [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM C:\WINDOWS\System32\lsm.dll 20:23:26.0095 0x1ce4 LSM - ok 20:23:26.0128 0x1ce4 [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv C:\WINDOWS\system32\drivers\luafv.sys 20:23:26.0163 0x1ce4 luafv - ok 20:23:26.0209 0x1ce4 [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker C:\WINDOWS\System32\moshost.dll 20:23:26.0244 0x1ce4 MapsBroker - ok 20:23:26.0272 0x1ce4 [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas C:\WINDOWS\system32\drivers\megasas.sys 20:23:26.0295 0x1ce4 megasas - ok 20:23:26.0335 0x1ce4 [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i C:\WINDOWS\system32\drivers\MegaSas2i.sys 20:23:26.0357 0x1ce4 megasas2i - ok 20:23:26.0403 0x1ce4 [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr C:\WINDOWS\system32\drivers\megasr.sys 20:23:26.0448 0x1ce4 megasr - ok 20:23:26.0496 0x1ce4 [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll 20:23:26.0527 0x1ce4 MessagingService - ok 20:23:26.0613 0x1ce4 [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys 20:23:26.0667 0x1ce4 mlx4_bus - ok 20:23:26.0719 0x1ce4 [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys 20:23:26.0746 0x1ce4 MMCSS - ok 20:23:26.0798 0x1ce4 [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem C:\WINDOWS\system32\drivers\modem.sys 20:23:26.0823 0x1ce4 Modem - ok 20:23:26.0847 0x1ce4 [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor C:\WINDOWS\System32\drivers\monitor.sys 20:23:26.0874 0x1ce4 monitor - ok 20:23:26.0898 0x1ce4 [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys 20:23:26.0920 0x1ce4 mouclass - ok 20:23:26.0937 0x1ce4 [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys 20:23:26.0962 0x1ce4 mouhid - ok 20:23:26.0991 0x1ce4 [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys 20:23:27.0016 0x1ce4 mountmgr - ok 20:23:27.0087 0x1ce4 [ 1EB0251DD31BC9C594D2D87EDE8F8EF4, C9B03461F894A681545994AF9C0555ED92D32617EED344360C1784EE6E2AAC9D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:23:27.0123 0x1ce4 MozillaMaintenance - ok 20:23:27.0156 0x1ce4 [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys 20:23:27.0184 0x1ce4 mpsdrv - ok 20:23:27.0249 0x1ce4 [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll 20:23:27.0321 0x1ce4 MpsSvc - ok 20:23:27.0366 0x1ce4 [ 4FC62380457DE25B69011D3542E954AC, D212DDD2446618A6215CF9FC370FA2634F027BC92D1D4999E019BEF8A86AA6EB ] MQAC C:\WINDOWS\system32\drivers\mqac.sys 20:23:27.0416 0x1ce4 MQAC - ok 20:23:27.0473 0x1ce4 [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys 20:23:27.0505 0x1ce4 MRxDAV - ok 20:23:27.0547 0x1ce4 [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:23:27.0587 0x1ce4 mrxsmb - ok 20:23:27.0637 0x1ce4 [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys 20:23:27.0676 0x1ce4 mrxsmb10 - ok 20:23:27.0712 0x1ce4 [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys 20:23:27.0742 0x1ce4 mrxsmb20 - ok 20:23:27.0798 0x1ce4 [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys 20:23:27.0830 0x1ce4 MsBridge - ok 20:23:27.0876 0x1ce4 [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC C:\WINDOWS\System32\msdtc.exe 20:23:27.0911 0x1ce4 MSDTC - ok 20:23:27.0948 0x1ce4 [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 20:23:27.0975 0x1ce4 Msfs - ok 20:23:27.0995 0x1ce4 [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys 20:23:28.0019 0x1ce4 msgpiowin32 - ok 20:23:28.0078 0x1ce4 [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys 20:23:28.0103 0x1ce4 mshidkmdf - ok 20:23:28.0129 0x1ce4 [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys 20:23:28.0155 0x1ce4 mshidumdf - ok 20:23:28.0180 0x1ce4 [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys 20:23:28.0203 0x1ce4 msisadrv - ok 20:23:28.0252 0x1ce4 [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll 20:23:28.0286 0x1ce4 MSiSCSI - ok 20:23:28.0293 0x1ce4 msiserver - ok 20:23:28.0321 0x1ce4 [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys 20:23:28.0354 0x1ce4 MSKSSRV - ok 20:23:28.0385 0x1ce4 [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys 20:23:28.0414 0x1ce4 MsLldp - ok 20:23:28.0457 0x1ce4 [ F3EF38D07A4ADCDF922EEEAF0FED7D4D, B9D436BFA29AA0A7B00889D96C4F8BC33C1809E19B7A71A69AB2E534E9794BF0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe 20:23:28.0485 0x1ce4 MSMQ - ok 20:23:28.0516 0x1ce4 [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys 20:23:28.0550 0x1ce4 MSPCLOCK - ok 20:23:28.0577 0x1ce4 [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM C:\WINDOWS\system32\DRIVERS\MSPQM.sys 20:23:28.0610 0x1ce4 MSPQM - ok 20:23:28.0642 0x1ce4 [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys 20:23:28.0677 0x1ce4 MsRPC - ok 20:23:28.0708 0x1ce4 [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys 20:23:28.0730 0x1ce4 mssmbios - ok 20:23:28.0752 0x1ce4 [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE C:\WINDOWS\system32\DRIVERS\MSTEE.sys 20:23:28.0785 0x1ce4 MSTEE - ok 20:23:28.0801 0x1ce4 [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys 20:23:28.0827 0x1ce4 MTConfig - ok 20:23:28.0850 0x1ce4 [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup C:\WINDOWS\system32\Drivers\mup.sys 20:23:28.0876 0x1ce4 Mup - ok 20:23:28.0912 0x1ce4 [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys 20:23:28.0935 0x1ce4 mvumis - ok 20:23:28.0991 0x1ce4 [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys 20:23:29.0044 0x1ce4 NativeWifiP - ok 20:23:29.0158 0x1ce4 [ 003DDE9E91D324DDD86F11BF580FD627, 733674D5A6246BA2B4DE420AD89FE171ACCEA9EB5FC20F13F688A3910C1AA74C ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 20:23:29.0226 0x1ce4 NAUpdate - ok 20:23:29.0281 0x1ce4 [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll 20:23:29.0317 0x1ce4 NcaSvc - ok 20:23:29.0377 0x1ce4 [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService C:\WINDOWS\System32\ncbservice.dll 20:23:29.0422 0x1ce4 NcbService - ok 20:23:29.0450 0x1ce4 [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll 20:23:29.0490 0x1ce4 NcdAutoSetup - ok 20:23:29.0529 0x1ce4 [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys 20:23:29.0554 0x1ce4 ndfltr - ok 20:23:29.0632 0x1ce4 [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS C:\WINDOWS\system32\drivers\ndis.sys 20:23:29.0701 0x1ce4 NDIS - ok 20:23:29.0738 0x1ce4 [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys 20:23:29.0766 0x1ce4 NdisCap - ok 20:23:29.0807 0x1ce4 [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys 20:23:29.0841 0x1ce4 NdisImPlatform - ok 20:23:29.0866 0x1ce4 [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:23:29.0902 0x1ce4 NdisTapi - ok 20:23:29.0929 0x1ce4 [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys 20:23:29.0957 0x1ce4 Ndisuio - ok 20:23:29.0982 0x1ce4 [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys 20:23:30.0011 0x1ce4 NdisVirtualBus - ok 20:23:30.0038 0x1ce4 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys 20:23:30.0081 0x1ce4 NdisWan - ok 20:23:30.0094 0x1ce4 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:23:30.0138 0x1ce4 ndiswanlegacy - ok 20:23:30.0155 0x1ce4 [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys 20:23:30.0220 0x1ce4 ndproxy - ok 20:23:30.0246 0x1ce4 [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys 20:23:30.0289 0x1ce4 Ndu - ok 20:23:30.0334 0x1ce4 [ D5AC41AE382738483FAFFBD7E373D49A, 68793D15566F387650E9C5010E1CA73BDE3EB4BA431EA0A1673004CAE08413B0 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 20:23:30.0353 0x1ce4 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 ) 20:23:30.0353 0x1ce4 Detect skipped due to KSN trusted 20:23:30.0353 0x1ce4 Net Driver HPZ12 - ok 20:23:30.0390 0x1ce4 [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx C:\WINDOWS\system32\drivers\NetAdapterCx.sys 20:23:30.0419 0x1ce4 NetAdapterCx - ok 20:23:30.0445 0x1ce4 [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys 20:23:30.0468 0x1ce4 NetBIOS - ok 20:23:30.0517 0x1ce4 [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 20:23:30.0581 0x1ce4 NetBT - ok 20:23:30.0613 0x1ce4 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon C:\WINDOWS\system32\lsass.exe 20:23:30.0639 0x1ce4 Netlogon - ok 20:23:30.0688 0x1ce4 [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman C:\WINDOWS\System32\netman.dll 20:23:30.0731 0x1ce4 Netman - ok 20:23:30.0902 0x1ce4 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:23:30.0935 0x1ce4 NetMsmqActivator - ok 20:23:30.0945 0x1ce4 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:23:30.0976 0x1ce4 NetPipeActivator - ok 20:23:31.0044 0x1ce4 [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm C:\WINDOWS\System32\netprofmsvc.dll 20:23:31.0102 0x1ce4 netprofm - ok 20:23:31.0159 0x1ce4 [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll 20:23:31.0202 0x1ce4 NetSetupSvc - ok 20:23:31.0211 0x1ce4 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:23:31.0243 0x1ce4 NetTcpActivator - ok 20:23:31.0252 0x1ce4 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:23:31.0285 0x1ce4 NetTcpPortSharing - ok 20:23:31.0324 0x1ce4 [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll 20:23:31.0372 0x1ce4 NgcCtnrSvc - ok 20:23:31.0457 0x1ce4 [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll 20:23:31.0546 0x1ce4 NgcSvc - ok 20:23:31.0627 0x1ce4 [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll 20:23:31.0678 0x1ce4 NlaSvc - ok 20:23:31.0833 0x1ce4 [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 20:23:31.0948 0x1ce4 NOBU - ok 20:23:32.0020 0x1ce4 [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 20:23:32.0049 0x1ce4 Npfs - ok 20:23:32.0186 0x1ce4 [ BD6ADDB3BB8B73C314B683A8E346C0FE, A6B0B5939AD38C13395C5C6F9BF5458A1EEB2CE3D01721224CAED4931D55FEB5 ] NPF_devolo C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys 20:23:32.0201 0x1ce4 NPF_devolo - ok 20:23:32.0233 0x1ce4 [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys 20:23:32.0258 0x1ce4 npsvctrig - ok 20:23:32.0297 0x1ce4 [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi C:\WINDOWS\system32\nsisvc.dll 20:23:32.0328 0x1ce4 nsi - ok 20:23:32.0368 0x1ce4 [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys 20:23:32.0396 0x1ce4 nsiproxy - ok 20:23:32.0514 0x1ce4 [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys 20:23:32.0640 0x1ce4 NTFS - ok 20:23:32.0698 0x1ce4 [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null C:\WINDOWS\system32\drivers\Null.sys 20:23:32.0724 0x1ce4 Null - ok 20:23:32.0763 0x1ce4 [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys 20:23:32.0790 0x1ce4 nvraid - ok 20:23:32.0831 0x1ce4 [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys 20:23:32.0877 0x1ce4 nvstor - ok 20:23:32.0932 0x1ce4 [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll 20:23:32.0975 0x1ce4 OneSyncSvc - ok 20:23:33.0082 0x1ce4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:23:33.0117 0x1ce4 ose - ok 20:23:33.0373 0x1ce4 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:23:33.0592 0x1ce4 osppsvc - ok 20:23:33.0710 0x1ce4 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll 20:23:33.0755 0x1ce4 p2pimsvc - ok 20:23:33.0817 0x1ce4 [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc C:\WINDOWS\system32\p2psvc.dll 20:23:33.0865 0x1ce4 p2psvc - ok 20:23:33.0911 0x1ce4 [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport C:\WINDOWS\System32\drivers\parport.sys 20:23:33.0941 0x1ce4 Parport - ok 20:23:33.0985 0x1ce4 [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys 20:23:34.0010 0x1ce4 partmgr - ok 20:23:34.0054 0x1ce4 [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc C:\WINDOWS\System32\pcasvc.dll 20:23:34.0096 0x1ce4 PcaSvc - ok 20:23:34.0136 0x1ce4 [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci C:\WINDOWS\system32\drivers\pci.sys 20:23:34.0169 0x1ce4 pci - ok 20:23:34.0207 0x1ce4 [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide C:\WINDOWS\system32\drivers\pciide.sys 20:23:34.0228 0x1ce4 pciide - ok 20:23:34.0254 0x1ce4 [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys 20:23:34.0278 0x1ce4 pcmcia - ok 20:23:34.0319 0x1ce4 [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw C:\WINDOWS\system32\drivers\pcw.sys 20:23:34.0341 0x1ce4 pcw - ok 20:23:34.0374 0x1ce4 [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc C:\WINDOWS\system32\drivers\pdc.sys 20:23:34.0399 0x1ce4 pdc - ok 20:23:34.0484 0x1ce4 [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys 20:23:34.0554 0x1ce4 PEAUTH - ok 20:23:34.0613 0x1ce4 [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys 20:23:34.0635 0x1ce4 percsas2i - ok 20:23:34.0664 0x1ce4 [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys 20:23:34.0688 0x1ce4 percsas3i - ok 20:23:34.0726 0x1ce4 [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe 20:23:34.0761 0x1ce4 PerfHost - ok 20:23:34.0840 0x1ce4 [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll 20:23:34.0907 0x1ce4 PhoneSvc - ok 20:23:34.0976 0x1ce4 [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll 20:23:35.0012 0x1ce4 PimIndexMaintenanceSvc - ok 20:23:35.0102 0x1ce4 [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla C:\WINDOWS\system32\pla.dll 20:23:35.0201 0x1ce4 pla - ok 20:23:35.0252 0x1ce4 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll 20:23:35.0292 0x1ce4 PlugPlay - ok 20:23:35.0322 0x1ce4 [ 37F6046CDC630442D7DC087501FF6FC6, EFC0F3DA49839CA263CD95AE5015F4FC554D9D845A58A699C542C8C96E70ED3C ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 20:23:35.0340 0x1ce4 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 ) 20:23:35.0341 0x1ce4 Detect skipped due to KSN trusted 20:23:35.0341 0x1ce4 Pml Driver HPZ12 - ok |
11.03.2017, 20:49 | #6 |
| Myfilestore.com Virus eingefangen? Teil 3: Code:
ATTFilter 20:23:35.0362 0x1ce4 [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll 20:23:35.0409 0x1ce4 PNRPAutoReg - ok 20:23:35.0452 0x1ce4 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll 20:23:35.0496 0x1ce4 PNRPsvc - ok 20:23:35.0551 0x1ce4 [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll 20:23:35.0598 0x1ce4 PolicyAgent - ok 20:23:35.0647 0x1ce4 [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power C:\WINDOWS\system32\umpo.dll 20:23:35.0683 0x1ce4 Power - ok 20:23:35.0720 0x1ce4 [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys 20:23:35.0756 0x1ce4 PptpMiniport - ok 20:23:35.0937 0x1ce4 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll 20:23:36.0142 0x1ce4 PrintNotify - ok 20:23:36.0212 0x1ce4 [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor C:\WINDOWS\System32\drivers\processr.sys 20:23:36.0242 0x1ce4 Processor - ok 20:23:36.0344 0x1ce4 [ BA2DA685FB152180908C7D778B2BBD61, 335C81941855D3DE90443E47E42D44645BE2AB736334DB96C0890D82EEF03475 ] ProductAgentService C:\Program Files\Bitdefender Agent\ProductAgentService.exe 20:23:36.0420 0x1ce4 ProductAgentService - ok 20:23:36.0475 0x1ce4 [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc C:\WINDOWS\system32\profsvc.dll 20:23:36.0521 0x1ce4 ProfSvc - ok 20:23:36.0560 0x1ce4 [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched C:\WINDOWS\system32\drivers\pacer.sys 20:23:36.0587 0x1ce4 Psched - ok 20:23:36.0648 0x1ce4 [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE C:\WINDOWS\system32\qwave.dll 20:23:36.0688 0x1ce4 QWAVE - ok 20:23:36.0717 0x1ce4 [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys 20:23:36.0743 0x1ce4 QWAVEdrv - ok 20:23:36.0782 0x1ce4 [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:23:36.0807 0x1ce4 RasAcd - ok 20:23:36.0893 0x1ce4 [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys 20:23:36.0922 0x1ce4 RasAgileVpn - ok 20:23:36.0961 0x1ce4 [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto C:\WINDOWS\System32\rasauto.dll 20:23:36.0994 0x1ce4 RasAuto - ok 20:23:37.0018 0x1ce4 [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys 20:23:37.0055 0x1ce4 Rasl2tp - ok 20:23:37.0112 0x1ce4 [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan C:\WINDOWS\System32\rasmans.dll 20:23:37.0172 0x1ce4 RasMan - ok 20:23:37.0221 0x1ce4 [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:23:37.0250 0x1ce4 RasPppoe - ok 20:23:37.0280 0x1ce4 [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys 20:23:37.0316 0x1ce4 RasSstp - ok 20:23:37.0346 0x1ce4 [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:23:37.0385 0x1ce4 rdbss - ok 20:23:37.0439 0x1ce4 [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys 20:23:37.0463 0x1ce4 rdpbus - ok 20:23:37.0497 0x1ce4 [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys 20:23:37.0530 0x1ce4 RDPDR - ok 20:23:37.0608 0x1ce4 [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys 20:23:37.0629 0x1ce4 RdpVideoMiniport - ok 20:23:37.0659 0x1ce4 [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys 20:23:37.0691 0x1ce4 rdyboost - ok 20:23:37.0777 0x1ce4 [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys 20:23:37.0835 0x1ce4 ReFSv1 - ok 20:23:37.0903 0x1ce4 [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 20:23:37.0954 0x1ce4 RemoteAccess - ok 20:23:37.0993 0x1ce4 [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 20:23:38.0034 0x1ce4 RemoteRegistry - ok 20:23:38.0088 0x1ce4 [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo C:\WINDOWS\system32\RDXService.dll 20:23:38.0148 0x1ce4 RetailDemo - ok 20:23:38.0251 0x1ce4 [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 20:23:38.0291 0x1ce4 RichVideo - detected UnsignedFile.Multi.Generic ( 1 ) 20:23:38.0292 0x1ce4 Detect skipped due to KSN trusted 20:23:38.0292 0x1ce4 RichVideo - ok 20:23:38.0436 0x1ce4 [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc C:\WINDOWS\System32\RMapi.dll 20:23:38.0481 0x1ce4 RmSvc - ok 20:23:38.0519 0x1ce4 [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll 20:23:38.0550 0x1ce4 RpcEptMapper - ok 20:23:38.0593 0x1ce4 [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator C:\WINDOWS\system32\locator.exe 20:23:38.0620 0x1ce4 RpcLocator - ok 20:23:38.0668 0x1ce4 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs C:\WINDOWS\system32\rpcss.dll 20:23:38.0742 0x1ce4 RpcSs - ok 20:23:38.0777 0x1ce4 [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys 20:23:38.0805 0x1ce4 rspndr - ok 20:23:38.0862 0x1ce4 [ F9265C902BB9146C6BFF97BDF35C04DE, DC70B404A701CE5F60421F664F745CA84722ED86FAFC87F2A8A71BFD25CD6151 ] rt640x64 C:\WINDOWS\System32\drivers\rt640x64.sys 20:23:38.0916 0x1ce4 rt640x64 - ok 20:23:38.0965 0x1ce4 [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport C:\windows\SysWOW64\drivers\rtport.sys 20:23:38.0979 0x1ce4 rtport - ok 20:23:39.0005 0x1ce4 [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys 20:23:39.0029 0x1ce4 s3cap - ok 20:23:39.0067 0x1ce4 [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI C:\windows\system32\Drivers\SABI.sys 20:23:39.0088 0x1ce4 SABI - ok 20:23:39.0122 0x1ce4 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs C:\WINDOWS\system32\lsass.exe 20:23:39.0146 0x1ce4 SamSs - ok 20:23:39.0253 0x1ce4 [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys 20:23:39.0277 0x1ce4 sbp2port - ok 20:23:39.0320 0x1ce4 [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll 20:23:39.0360 0x1ce4 SCardSvr - ok 20:23:39.0428 0x1ce4 [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll 20:23:39.0465 0x1ce4 ScDeviceEnum - ok 20:23:39.0513 0x1ce4 [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys 20:23:39.0539 0x1ce4 scfilter - ok 20:23:39.0603 0x1ce4 [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule C:\WINDOWS\system32\schedsvc.dll 20:23:39.0684 0x1ce4 Schedule - ok 20:23:39.0761 0x1ce4 [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus C:\WINDOWS\system32\drivers\scmbus.sys 20:23:39.0785 0x1ce4 scmbus - ok 20:23:39.0844 0x1ce4 [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101 C:\WINDOWS\System32\drivers\scmdisk0101.sys 20:23:39.0875 0x1ce4 scmdisk0101 - ok 20:23:39.0903 0x1ce4 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll 20:23:39.0937 0x1ce4 SCPolicySvc - ok 20:23:39.0988 0x1ce4 [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys 20:23:40.0021 0x1ce4 sdbus - ok 20:23:40.0054 0x1ce4 [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll 20:23:40.0090 0x1ce4 SDRSVC - ok 20:23:40.0128 0x1ce4 [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys 20:23:40.0152 0x1ce4 sdstor - ok 20:23:40.0179 0x1ce4 [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon C:\WINDOWS\system32\seclogon.dll 20:23:40.0207 0x1ce4 seclogon - ok 20:23:40.0243 0x1ce4 [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS C:\WINDOWS\System32\sens.dll 20:23:40.0273 0x1ce4 SENS - ok 20:23:40.0344 0x1ce4 [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe 20:23:40.0438 0x1ce4 SensorDataService - ok 20:23:40.0476 0x1ce4 [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService C:\WINDOWS\system32\SensorService.dll 20:23:40.0524 0x1ce4 SensorService - ok 20:23:40.0568 0x1ce4 [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll 20:23:40.0604 0x1ce4 SensrSvc - ok 20:23:40.0659 0x1ce4 [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys 20:23:40.0683 0x1ce4 SerCx - ok 20:23:40.0724 0x1ce4 [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys 20:23:40.0752 0x1ce4 SerCx2 - ok 20:23:40.0776 0x1ce4 [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum C:\WINDOWS\System32\drivers\serenum.sys 20:23:40.0802 0x1ce4 Serenum - ok 20:23:40.0831 0x1ce4 [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial C:\WINDOWS\System32\drivers\serial.sys 20:23:40.0859 0x1ce4 Serial - ok 20:23:40.0881 0x1ce4 [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys 20:23:40.0916 0x1ce4 sermouse - ok 20:23:40.0993 0x1ce4 [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv C:\WINDOWS\system32\sessenv.dll 20:23:41.0040 0x1ce4 SessionEnv - ok 20:23:41.0098 0x1ce4 [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys 20:23:41.0123 0x1ce4 sfloppy - ok 20:23:41.0184 0x1ce4 [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs C:\WINDOWS\system32\DRIVERS\Sftfslh.sys 20:23:41.0230 0x1ce4 Sftfs - ok 20:23:41.0319 0x1ce4 [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 20:23:41.0382 0x1ce4 sftlist - ok 20:23:41.0422 0x1ce4 [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay C:\WINDOWS\system32\DRIVERS\Sftplaylh.sys 20:23:41.0449 0x1ce4 Sftplay - ok 20:23:41.0475 0x1ce4 [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir C:\WINDOWS\system32\DRIVERS\Sftredirlh.sys 20:23:41.0494 0x1ce4 Sftredir - ok 20:23:41.0517 0x1ce4 [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol C:\WINDOWS\system32\DRIVERS\Sftvollh.sys 20:23:41.0535 0x1ce4 Sftvol - ok 20:23:41.0570 0x1ce4 [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 20:23:41.0622 0x1ce4 sftvsa - ok 20:23:41.0660 0x1ce4 [ 2FE1CD3AA602414841DB10AD96C95A5E, 1A2489DF37C13B578E69AA0D3D5DB3627C77750C45D78BB2872E29DD10253326 ] SGDrv C:\WINDOWS\System32\drivers\SGdrv64.sys 20:23:41.0681 0x1ce4 SGDrv - ok 20:23:41.0734 0x1ce4 [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 20:23:41.0787 0x1ce4 SharedAccess - ok 20:23:41.0871 0x1ce4 [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 20:23:41.0939 0x1ce4 ShellHWDetection - ok 20:23:41.0981 0x1ce4 [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll 20:23:42.0017 0x1ce4 shpamsvc - ok 20:23:42.0051 0x1ce4 [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys 20:23:42.0074 0x1ce4 SiSRaid2 - ok 20:23:42.0109 0x1ce4 [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys 20:23:42.0133 0x1ce4 SiSRaid4 - ok 20:23:42.0248 0x1ce4 [ 4E6FAEE3F259DAC82213D935785991FB, ADA019AD261BBEAE78495B508B4D375BEC1005DF119F20897D29C3C613A0CA46 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:23:42.0302 0x1ce4 SkypeUpdate - ok 20:23:42.0340 0x1ce4 [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost C:\WINDOWS\System32\smphost.dll 20:23:42.0368 0x1ce4 smphost - ok 20:23:42.0437 0x1ce4 [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll 20:23:42.0494 0x1ce4 SmsRouter - ok 20:23:42.0543 0x1ce4 [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe 20:23:42.0573 0x1ce4 SNMPTRAP - ok 20:23:42.0627 0x1ce4 [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys 20:23:42.0671 0x1ce4 spaceport - ok 20:23:42.0704 0x1ce4 [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys 20:23:42.0728 0x1ce4 SpbCx - ok 20:23:42.0792 0x1ce4 [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler C:\WINDOWS\System32\spoolsv.exe 20:23:42.0860 0x1ce4 Spooler - ok 20:23:43.0085 0x1ce4 [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc C:\WINDOWS\system32\sppsvc.exe 20:23:43.0424 0x1ce4 sppsvc - ok 20:23:43.0501 0x1ce4 [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv C:\WINDOWS\system32\DRIVERS\srv.sys 20:23:43.0545 0x1ce4 srv - ok 20:23:43.0612 0x1ce4 [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys 20:23:43.0673 0x1ce4 srv2 - ok 20:23:43.0738 0x1ce4 [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys 20:23:43.0775 0x1ce4 srvnet - ok 20:23:43.0832 0x1ce4 [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 20:23:43.0889 0x1ce4 SSDPSRV - ok 20:23:43.0942 0x1ce4 [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll 20:23:43.0981 0x1ce4 SstpSvc - ok 20:23:44.0197 0x1ce4 [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll 20:23:44.0433 0x1ce4 StateRepository - ok 20:23:44.0501 0x1ce4 [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys 20:23:44.0523 0x1ce4 stexstor - ok 20:23:44.0578 0x1ce4 [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc C:\WINDOWS\System32\wiaservc.dll 20:23:44.0640 0x1ce4 stisvc - ok 20:23:44.0689 0x1ce4 [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci C:\WINDOWS\system32\drivers\storahci.sys 20:23:44.0714 0x1ce4 storahci - ok 20:23:44.0741 0x1ce4 [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys 20:23:44.0763 0x1ce4 storflt - ok 20:23:44.0793 0x1ce4 [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys 20:23:44.0817 0x1ce4 stornvme - ok 20:23:44.0866 0x1ce4 [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys 20:23:44.0918 0x1ce4 storqosflt - ok 20:23:44.0982 0x1ce4 [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc C:\WINDOWS\system32\storsvc.dll 20:23:45.0029 0x1ce4 StorSvc - ok 20:23:45.0048 0x1ce4 [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs C:\WINDOWS\system32\drivers\storufs.sys 20:23:45.0069 0x1ce4 storufs - ok 20:23:45.0091 0x1ce4 [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys 20:23:45.0114 0x1ce4 storvsc - ok 20:23:45.0150 0x1ce4 [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc C:\WINDOWS\system32\svsvc.dll 20:23:45.0182 0x1ce4 svsvc - ok 20:23:45.0195 0x1ce4 [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum C:\WINDOWS\System32\drivers\swenum.sys 20:23:45.0216 0x1ce4 swenum - ok 20:23:45.0248 0x1ce4 [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv C:\WINDOWS\System32\swprv.dll 20:23:45.0303 0x1ce4 swprv - ok 20:23:45.0358 0x1ce4 [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys 20:23:45.0385 0x1ce4 Synth3dVsc - ok 20:23:45.0450 0x1ce4 [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain C:\WINDOWS\system32\sysmain.dll 20:23:45.0531 0x1ce4 SysMain - ok 20:23:45.0613 0x1ce4 [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll 20:23:45.0660 0x1ce4 SystemEventsBroker - ok 20:23:45.0713 0x1ce4 [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll 20:23:45.0749 0x1ce4 TabletInputService - ok 20:23:45.0784 0x1ce4 [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 20:23:45.0826 0x1ce4 TapiSrv - ok 20:23:46.0000 0x1ce4 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys 20:23:46.0133 0x1ce4 Tcpip - ok 20:23:46.0219 0x1ce4 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys 20:23:46.0344 0x1ce4 Tcpip6 - ok 20:23:46.0383 0x1ce4 [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys 20:23:46.0409 0x1ce4 tcpipreg - ok 20:23:46.0449 0x1ce4 [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys 20:23:46.0474 0x1ce4 tdx - ok 20:23:46.0515 0x1ce4 [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys 20:23:46.0536 0x1ce4 terminpt - ok 20:23:46.0611 0x1ce4 [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService C:\WINDOWS\System32\termsrv.dll 20:23:46.0689 0x1ce4 TermService - ok 20:23:46.0719 0x1ce4 [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes C:\WINDOWS\system32\themeservice.dll 20:23:46.0759 0x1ce4 Themes - ok 20:23:46.0811 0x1ce4 [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe 20:23:46.0858 0x1ce4 TieringEngineService - ok 20:23:46.0900 0x1ce4 [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll 20:23:46.0957 0x1ce4 tiledatamodelsvc - ok 20:23:47.0008 0x1ce4 [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc C:\WINDOWS\System32\TimeBrokerServer.dll 20:23:47.0044 0x1ce4 TimeBrokerSvc - ok 20:23:47.0103 0x1ce4 [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM C:\WINDOWS\System32\drivers\tpm.sys 20:23:47.0133 0x1ce4 TPM - ok 20:23:47.0169 0x1ce4 [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks C:\WINDOWS\System32\trkwks.dll 20:23:47.0203 0x1ce4 TrkWks - ok 20:23:47.0254 0x1ce4 [ FE3D70DE933A481284FCE7D5DB5DCE50, A2A1C6AEED6417FCEE5990CD766B2A78D9037583B57617418242D98C031617F2 ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys 20:23:47.0287 0x1ce4 trufos - ok 20:23:47.0377 0x1ce4 [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe 20:23:47.0407 0x1ce4 TrustedInstaller - ok 20:23:47.0470 0x1ce4 [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt C:\WINDOWS\system32\drivers\TsUsbFlt.sys 20:23:47.0496 0x1ce4 tsusbflt - ok 20:23:47.0504 0x1ce4 [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys 20:23:47.0531 0x1ce4 TsUsbGD - ok 20:23:47.0558 0x1ce4 [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys 20:23:47.0590 0x1ce4 tunnel - ok 20:23:47.0652 0x1ce4 [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll 20:23:47.0684 0x1ce4 tzautoupdate - ok 20:23:47.0722 0x1ce4 [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys 20:23:47.0745 0x1ce4 UASPStor - ok 20:23:47.0772 0x1ce4 [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys 20:23:47.0801 0x1ce4 UcmCx0101 - ok 20:23:47.0834 0x1ce4 [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys 20:23:47.0865 0x1ce4 UcmTcpciCx0101 - ok 20:23:47.0874 0x1ce4 [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys 20:23:47.0902 0x1ce4 UcmUcsi - ok 20:23:47.0933 0x1ce4 [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys 20:23:47.0983 0x1ce4 Ucx01000 - ok 20:23:48.0022 0x1ce4 [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys 20:23:48.0048 0x1ce4 UdeCx - ok 20:23:48.0080 0x1ce4 [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys 20:23:48.0128 0x1ce4 udfs - ok 20:23:48.0155 0x1ce4 [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys 20:23:48.0177 0x1ce4 UEFI - ok 20:23:48.0212 0x1ce4 [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys 20:23:48.0244 0x1ce4 Ufx01000 - ok 20:23:48.0279 0x1ce4 [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys 20:23:48.0303 0x1ce4 UfxChipidea - ok 20:23:48.0339 0x1ce4 [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys 20:23:48.0365 0x1ce4 ufxsynopsys - ok 20:23:48.0410 0x1ce4 [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe 20:23:48.0442 0x1ce4 UI0Detect - ok 20:23:48.0462 0x1ce4 [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus C:\WINDOWS\System32\drivers\umbus.sys 20:23:48.0490 0x1ce4 umbus - ok 20:23:48.0517 0x1ce4 [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys 20:23:48.0541 0x1ce4 UmPass - ok 20:23:48.0599 0x1ce4 [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService C:\WINDOWS\System32\umrdp.dll 20:23:48.0641 0x1ce4 UmRdpService - ok 20:23:48.0711 0x1ce4 [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc C:\WINDOWS\System32\unistore.dll 20:23:48.0798 0x1ce4 UnistoreSvc - ok 20:23:48.0919 0x1ce4 [ 547FC25EE3FF3C3EC02D6A828644C0A2, 8901E977FF4B822DFA485D09C96F74B5F82ED994EFE94F59F35B7817500E110A ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe 20:23:48.0940 0x1ce4 UPDATESRV - ok 20:23:49.0011 0x1ce4 [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost C:\WINDOWS\System32\upnphost.dll 20:23:49.0068 0x1ce4 upnphost - ok 20:23:49.0128 0x1ce4 [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys 20:23:49.0150 0x1ce4 UrsChipidea - ok 20:23:49.0179 0x1ce4 [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys 20:23:49.0202 0x1ce4 UrsCx01000 - ok 20:23:49.0237 0x1ce4 [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys 20:23:49.0274 0x1ce4 UrsSynopsys - ok 20:23:49.0303 0x1ce4 [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys 20:23:49.0357 0x1ce4 usbccgp - ok 20:23:49.0394 0x1ce4 [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys 20:23:49.0424 0x1ce4 usbcir - ok 20:23:49.0464 0x1ce4 [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys 20:23:49.0487 0x1ce4 usbehci - ok 20:23:49.0533 0x1ce4 [ B7037444DC5138FC7D3D3968B4DE5C4B, DD9E3E40766A3F3B708DA341B7280E447788218ED677E1A24EC0CD04B04281B2 ] usbfilter C:\WINDOWS\system32\DRIVERS\usbfilter.sys 20:23:49.0548 0x1ce4 usbfilter - ok 20:23:49.0586 0x1ce4 [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys 20:23:49.0626 0x1ce4 usbhub - ok 20:23:49.0666 0x1ce4 [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys 20:23:49.0708 0x1ce4 USBHUB3 - ok 20:23:49.0737 0x1ce4 [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys 20:23:49.0763 0x1ce4 usbohci - ok 20:23:49.0784 0x1ce4 [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys 20:23:49.0810 0x1ce4 usbprint - ok 20:23:49.0840 0x1ce4 [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser C:\WINDOWS\System32\drivers\usbser.sys 20:23:49.0868 0x1ce4 usbser - ok 20:23:49.0910 0x1ce4 [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS 20:23:49.0969 0x1ce4 USBSTOR - ok 20:23:50.0003 0x1ce4 [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys 20:23:50.0041 0x1ce4 usbuhci - ok 20:23:50.0093 0x1ce4 [ B4F448F2424492F99F83D3676A453553, 42F1396616EA93BF91EA847B185C321B189F1A5138CA19D22397E8DB6D576973 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys 20:23:50.0129 0x1ce4 usbvideo - ok 20:23:50.0173 0x1ce4 [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS 20:23:50.0210 0x1ce4 USBXHCI - ok 20:23:50.0315 0x1ce4 [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll 20:23:50.0420 0x1ce4 UserDataSvc - ok 20:23:50.0515 0x1ce4 [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager C:\WINDOWS\System32\usermgr.dll 20:23:50.0593 0x1ce4 UserManager - ok 20:23:50.0672 0x1ce4 [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc C:\WINDOWS\system32\usocore.dll 20:23:50.0727 0x1ce4 UsoSvc - ok 20:23:50.0758 0x1ce4 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc C:\WINDOWS\system32\lsass.exe 20:23:50.0784 0x1ce4 VaultSvc - ok 20:23:50.0800 0x1ce4 [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys 20:23:50.0822 0x1ce4 vdrvroot - ok 20:23:50.0891 0x1ce4 [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds C:\WINDOWS\System32\vds.exe 20:23:50.0956 0x1ce4 vds - ok 20:23:50.0987 0x1ce4 [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys 20:23:51.0016 0x1ce4 VerifierExt - ok 20:23:51.0080 0x1ce4 [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys 20:23:51.0129 0x1ce4 vhdmp - ok 20:23:51.0161 0x1ce4 [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf C:\WINDOWS\System32\drivers\vhf.sys 20:23:51.0185 0x1ce4 vhf - ok 20:23:51.0223 0x1ce4 [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys 20:23:51.0249 0x1ce4 vmbus - ok 20:23:51.0273 0x1ce4 [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys 20:23:51.0297 0x1ce4 VMBusHID - ok 20:23:51.0336 0x1ce4 [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys 20:23:51.0362 0x1ce4 vmgid - ok 20:23:51.0406 0x1ce4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll 20:23:51.0448 0x1ce4 vmicguestinterface - ok 20:23:51.0462 0x1ce4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat C:\WINDOWS\System32\icsvc.dll 20:23:51.0504 0x1ce4 vmicheartbeat - ok 20:23:51.0520 0x1ce4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll 20:23:51.0560 0x1ce4 vmickvpexchange - ok 20:23:51.0597 0x1ce4 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv C:\WINDOWS\System32\icsvcext.dll 20:23:51.0640 0x1ce4 vmicrdv - ok 20:23:51.0658 0x1ce4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown C:\WINDOWS\System32\icsvc.dll 20:23:51.0700 0x1ce4 vmicshutdown - ok 20:23:51.0715 0x1ce4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync C:\WINDOWS\System32\icsvc.dll 20:23:51.0756 0x1ce4 vmictimesync - ok 20:23:51.0772 0x1ce4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession C:\WINDOWS\System32\icsvc.dll 20:23:51.0813 0x1ce4 vmicvmsession - ok 20:23:51.0831 0x1ce4 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss C:\WINDOWS\System32\icsvcext.dll 20:23:51.0874 0x1ce4 vmicvss - ok 20:23:51.0903 0x1ce4 [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys 20:23:51.0926 0x1ce4 volmgr - ok 20:23:51.0953 0x1ce4 [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys 20:23:51.0988 0x1ce4 volmgrx - ok 20:23:52.0026 0x1ce4 [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys 20:23:52.0064 0x1ce4 volsnap - ok 20:23:52.0100 0x1ce4 [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume C:\WINDOWS\system32\drivers\volume.sys 20:23:52.0121 0x1ce4 volume - ok 20:23:52.0156 0x1ce4 [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci C:\WINDOWS\System32\drivers\vpci.sys 20:23:52.0180 0x1ce4 vpci - ok 20:23:52.0211 0x1ce4 [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys 20:23:52.0238 0x1ce4 vsmraid - ok 20:23:52.0348 0x1ce4 [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS C:\WINDOWS\system32\vssvc.exe 20:23:52.0454 0x1ce4 VSS - ok 20:23:52.0546 0x1ce4 [ 96DF3F150627FAB3098583B8A8A2A097, 51873F374E8ED4250BA823D9C015D174C3D03A9B5AF266530761539DB993D831 ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe 20:23:52.0626 0x1ce4 VSSERV - ok 20:23:52.0701 0x1ce4 [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys 20:23:52.0733 0x1ce4 VSTXRAID - ok 20:23:52.0775 0x1ce4 [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys 20:23:52.0800 0x1ce4 vwifibus - ok 20:23:52.0823 0x1ce4 [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys 20:23:52.0852 0x1ce4 vwififlt - ok 20:23:52.0883 0x1ce4 [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys 20:23:52.0918 0x1ce4 vwifimp - ok 20:23:53.0051 0x1ce4 [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time C:\WINDOWS\system32\w32time.dll 20:23:53.0105 0x1ce4 W32Time - ok 20:23:53.0188 0x1ce4 [ 4053FB949F48647A327BC18DFEEA4374, 52511C35854A673ADCD9084FEF9BC6A339BCA0290374B81140A371D67B13A8FB ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll 20:23:53.0234 0x1ce4 w3logsvc - ok 20:23:53.0308 0x1ce4 [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll 20:23:53.0362 0x1ce4 W3SVC - ok 20:23:53.0398 0x1ce4 [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys 20:23:53.0425 0x1ce4 WacomPen - ok 20:23:53.0458 0x1ce4 [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService C:\WINDOWS\system32\WalletService.dll 20:23:53.0508 0x1ce4 WalletService - ok 20:23:53.0536 0x1ce4 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:23:53.0573 0x1ce4 wanarp - ok 20:23:53.0581 0x1ce4 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:23:53.0619 0x1ce4 wanarpv6 - ok 20:23:53.0642 0x1ce4 [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll 20:23:53.0699 0x1ce4 WAS - ok 20:23:53.0803 0x1ce4 [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine C:\WINDOWS\system32\wbengine.exe 20:23:53.0911 0x1ce4 wbengine - ok 20:23:53.0992 0x1ce4 [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll 20:23:54.0063 0x1ce4 WbioSrvc - ok 20:23:54.0110 0x1ce4 [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs C:\WINDOWS\system32\drivers\wcifs.sys 20:23:54.0136 0x1ce4 wcifs - ok 20:23:54.0201 0x1ce4 [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll 20:23:54.0275 0x1ce4 Wcmsvc - ok 20:23:54.0324 0x1ce4 [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll 20:23:54.0376 0x1ce4 wcncsvc - ok 20:23:54.0422 0x1ce4 [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs C:\WINDOWS\system32\drivers\wcnfs.sys 20:23:54.0449 0x1ce4 wcnfs - ok 20:23:54.0484 0x1ce4 [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys 20:23:54.0507 0x1ce4 WdBoot - ok 20:23:54.0609 0x1ce4 [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys 20:23:54.0660 0x1ce4 Wdf01000 - ok 20:23:54.0710 0x1ce4 [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys 20:23:54.0742 0x1ce4 WdFilter - ok 20:23:54.0785 0x1ce4 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll 20:23:54.0822 0x1ce4 WdiServiceHost - ok 20:23:54.0831 0x1ce4 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll 20:23:54.0869 0x1ce4 WdiSystemHost - ok 20:23:54.0928 0x1ce4 [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys 20:23:54.0988 0x1ce4 wdiwifi - ok 20:23:55.0019 0x1ce4 [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys 20:23:55.0044 0x1ce4 WdNisDrv - ok 20:23:55.0087 0x1ce4 WdNisSvc - ok 20:23:55.0121 0x1ce4 [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient C:\WINDOWS\System32\webclnt.dll 20:23:55.0166 0x1ce4 WebClient - ok 20:23:55.0189 0x1ce4 [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll 20:23:55.0229 0x1ce4 Wecsvc - ok 20:23:55.0273 0x1ce4 [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll 20:23:55.0305 0x1ce4 WEPHOSTSVC - ok 20:23:55.0387 0x1ce4 [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll 20:23:55.0424 0x1ce4 wercplsupport - ok 20:23:55.0466 0x1ce4 [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc C:\WINDOWS\System32\WerSvc.dll 20:23:55.0501 0x1ce4 WerSvc - ok 20:23:55.0565 0x1ce4 [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys 20:23:55.0643 0x1ce4 WFPLWFS - ok 20:23:55.0694 0x1ce4 [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc C:\WINDOWS\System32\wiarpc.dll 20:23:55.0728 0x1ce4 WiaRpc - ok 20:23:55.0952 0x1ce4 [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys 20:23:56.0005 0x1ce4 WIMMount - ok 20:23:56.0012 0x1ce4 WinDefend - ok 20:23:56.0050 0x1ce4 [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys 20:23:56.0091 0x1ce4 WindowsTrustedRT - ok 20:23:56.0140 0x1ce4 [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys 20:23:56.0162 0x1ce4 WindowsTrustedRTProxy - ok 20:23:56.0271 0x1ce4 [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll 20:23:56.0340 0x1ce4 WinHttpAutoProxySvc - ok 20:23:56.0369 0x1ce4 [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys 20:23:56.0391 0x1ce4 WinMad - ok 20:23:56.0525 0x1ce4 [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 20:23:56.0562 0x1ce4 Winmgmt - ok 20:23:56.0684 0x1ce4 [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM C:\WINDOWS\system32\WsmSvc.dll 20:23:56.0869 0x1ce4 WinRM - ok 20:23:56.0962 0x1ce4 [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS 20:23:56.0990 0x1ce4 WINUSB - ok 20:23:57.0036 0x1ce4 [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys 20:23:57.0059 0x1ce4 WinVerbs - ok 20:23:57.0120 0x1ce4 [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc C:\WINDOWS\system32\flightsettings.dll 20:23:57.0177 0x1ce4 wisvc - ok 20:23:57.0298 0x1ce4 [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc C:\WINDOWS\System32\wlansvc.dll 20:23:57.0447 0x1ce4 WlanSvc - ok 20:23:57.0514 0x1ce4 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:23:57.0530 0x1ce4 wlcrasvc - ok 20:23:57.0678 0x1ce4 [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll 20:23:57.0813 0x1ce4 wlidsvc - ok 20:23:57.0868 0x1ce4 [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys 20:23:57.0893 0x1ce4 WmiAcpi - ok 20:23:57.0970 0x1ce4 [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe 20:23:58.0005 0x1ce4 wmiApSrv - ok 20:23:58.0036 0x1ce4 WMPNetworkSvc - ok 20:23:58.0075 0x1ce4 [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof C:\WINDOWS\system32\drivers\Wof.sys 20:23:58.0106 0x1ce4 Wof - ok 20:23:58.0210 0x1ce4 [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll 20:23:58.0331 0x1ce4 workfolderssvc - ok 20:23:58.0369 0x1ce4 [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll 20:23:58.0402 0x1ce4 WPDBusEnum - ok 20:23:58.0468 0x1ce4 [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys 20:23:58.0490 0x1ce4 WpdUpFltr - ok 20:23:58.0516 0x1ce4 [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService C:\WINDOWS\system32\WpnService.dll 20:23:58.0557 0x1ce4 WpnService - ok 20:23:58.0582 0x1ce4 [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService C:\WINDOWS\System32\WpnUserService.dll 20:23:58.0615 0x1ce4 WpnUserService - ok 20:23:58.0785 0x1ce4 [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys 20:23:58.0810 0x1ce4 ws2ifsl - ok 20:23:58.0912 0x1ce4 [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc C:\WINDOWS\System32\wscsvc.dll 20:23:58.0951 0x1ce4 wscsvc - ok 20:23:58.0958 0x1ce4 WSearch - ok 20:23:59.0104 0x1ce4 [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv C:\WINDOWS\system32\wuaueng.dll 20:23:59.0252 0x1ce4 wuauserv - ok 20:23:59.0298 0x1ce4 [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys 20:23:59.0328 0x1ce4 WudfPf - ok 20:23:59.0363 0x1ce4 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd C:\WINDOWS\system32\drivers\WudfRd.sys 20:23:59.0399 0x1ce4 WUDFRd - ok 20:23:59.0436 0x1ce4 [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll 20:23:59.0471 0x1ce4 wudfsvc - ok 20:23:59.0484 0x1ce4 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 20:23:59.0521 0x1ce4 WUDFWpdFs - ok 20:23:59.0593 0x1ce4 [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll 20:23:59.0687 0x1ce4 WwanSvc - ok 20:23:59.0773 0x1ce4 [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll 20:23:59.0853 0x1ce4 XblAuthManager - ok 20:23:59.0941 0x1ce4 [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll 20:24:00.0035 0x1ce4 XblGameSave - ok 20:24:00.0097 0x1ce4 [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys 20:24:00.0135 0x1ce4 xboxgip - ok 20:24:00.0204 0x1ce4 [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll 20:24:00.0292 0x1ce4 XboxNetApiSvc - ok 20:24:00.0352 0x1ce4 [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys 20:24:00.0378 0x1ce4 xinputhid - ok 20:24:00.0383 0x1ce4 ================ Scan global =============================== 20:24:00.0493 0x1ce4 [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll 20:24:00.0543 0x1ce4 [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\WINDOWS\system32\winsrv.dll 20:24:00.0647 0x1ce4 [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll 20:24:00.0688 0x1ce4 [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe 20:24:00.0704 0x1ce4 [ Global ] - ok 20:24:00.0705 0x1ce4 ================ Scan MBR ================================== 20:24:00.0748 0x1ce4 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0 20:24:01.0357 0x1ce4 \Device\Harddisk0\DR0 - ok 20:24:01.0358 0x1ce4 ================ Scan VBR ================================== 20:24:01.0388 0x1ce4 [ 9D865CF95DF013723C0BF933684537A0 ] \Device\Harddisk0\DR0\Partition1 20:24:01.0390 0x1ce4 \Device\Harddisk0\DR0\Partition1 - ok 20:24:01.0418 0x1ce4 [ FB151AB35BB8AF4C986A0E5663AB00BD ] \Device\Harddisk0\DR0\Partition2 20:24:01.0420 0x1ce4 \Device\Harddisk0\DR0\Partition2 - ok 20:24:01.0448 0x1ce4 [ 2704C882109B92D9348729648EF2B251 ] \Device\Harddisk0\DR0\Partition3 20:24:01.0451 0x1ce4 \Device\Harddisk0\DR0\Partition3 - ok 20:24:01.0452 0x1ce4 ================ Scan generic autorun ====================== 20:24:02.0016 0x1ce4 [ C6992F5730886B6977313918583D13C7, 5D75DBF4D272BD4A8DDF40C7D9D8044621EFD12AB4303DBF90538AFBE2FEFD42 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 20:24:02.0727 0x1ce4 RtHDVCpl - ok 20:24:02.0757 0x1ce4 ETDCtrl - ok 20:24:02.0851 0x1ce4 [ EA4F9B19B3614349C79CC97DCA4C23A8, EC330F2E4F002FE450CDC1FC84AC0122C21C7912A483A99143450822004795E3 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe 20:24:02.0895 0x1ce4 StartCCC - ok 20:24:03.0024 0x1ce4 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe 20:24:03.0057 0x1ce4 HP Software Update - ok 20:24:03.0436 0x1ce4 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe 20:24:03.0997 0x1ce4 OneDriveSetup - ok 20:24:04.0341 0x1ce4 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe 20:24:04.0768 0x1ce4 OneDriveSetup - ok 20:24:04.0993 0x1ce4 [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe 20:24:05.0042 0x1ce4 Dropbox Update - ok 20:24:05.0153 0x1ce4 [ AAE92457F50F4DD74E2D502ADB9549EE, 70C8FBE410FE388D6B85334215EBE3393C16E8F8B19F5A8BA50DB6DF23196D50 ] C:\Users\Silvia\AppData\Local\Microsoft\OneDrive\OneDrive.exe 20:24:05.0262 0x1ce4 OneDrive - ok 20:24:05.0619 0x1ce4 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe 20:24:06.0036 0x1ce4 OneDriveSetup - ok 20:24:06.0134 0x1ce4 [ 2781E6EF593909A8B73FE1AD397F778A, E892D6C57F8903E20129E75A9B877690229280FD8106B5C7F96173175EA1AC4E ] C:\Program Files (x86)\Windows Mail\wab.exe 20:24:06.0212 0x1ce4 WAB Migrate - ok 20:24:06.0225 0x1ce4 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated ) 20:24:06.0226 0x1ce4 AV detected via SS2: Bitdefender-Virenschutz, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 19.4.0.216 ), 0x41000 ( enabled : updated ) 20:24:06.0230 0x1ce4 Win FW state via NFP2: enabled ( trusted ) 20:24:06.0315 0x1ce4 ============================================================ 20:24:06.0315 0x1ce4 Scan finished 20:24:06.0315 0x1ce4 ============================================================ 20:24:06.0346 0x1828 Detected object count: 0 20:24:06.0346 0x1828 Actual detected object count: 0 |
12.03.2017, 11:28 | #7 |
/// TB-Ausbilder | Myfilestore.com Virus eingefangen? Servus, Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: HKLM-x32\...\Run: [] => [X] SearchScopes: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> {0CD413A5-25C0-4513-A268-CED8EFAF18A8} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 Toolbar: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei Toolbar: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> Kein Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - Keine Datei 2012-04-19 07:59 - 2012-04-19 07:59 - 0473600 _____ () C:\Program Files\setup.exe 2012-04-19 07:59 - 2012-04-19 07:59 - 0000290 _____ () C:\Program Files\setup.ini Task: {07DA5524-FFB1-4CE3-B07B-BBE2C29E5385} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {1C267C23-B5F9-41FF-A4D5-92C4B112F598} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {1ED078EF-C616-449A-9E71-3FF7CE79AF8D} - System32\Tasks\{877C8A6D-9FA5-41CA-8842-83A5F8A9F7E0} => pcalua.exe -a C:\Users\Silvia\Documents\dbgview\DBGVIEW.EXE -d C:\Users\Silvia\Documents\dbgview Task: {2FFC7E9B-A48E-4878-86E7-5B5FD9C7CFF1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {3F0C9060-E8B5-4D4D-B60B-15ED2B085296} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG Task: {43C4CCEB-42BC-4680-93D3-1C620439C826} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {44EF540E-C6D8-4717-9B55-5525DA621CDE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {54D5411A-538D-4D2E-B0C2-D79A683DEEF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {5BC2FF85-E692-4FA0-B1F6-0F38E6B98D34} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {6F6E5A96-BEC4-4BEF-BEE2-47968000AD22} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG Task: {85E7851F-6507-45F7-B071-77F75A503F5B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {8748D2C8-7B61-46D6-8560-B806F3E45DC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG Task: {881323E1-6913-4B08-9348-3BBEDA2FED8C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {AC2B6A0D-936A-493E-AEBC-22346C4B382D} - System32\Tasks\{9DC4673D-89F6-4667-8059-6A8D8FCCA84B} => pcalua.exe -a C:\Users\Silvia\Downloads\p-std.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {D00A0671-354F-4F46-90B3-CE483FFBB1D6} - System32\Tasks\{8E26E545-7CEE-4E2D-B6A1-5E627B7BAF4A} => pcalua.exe -a C:\Users\Silvia\Downloads\NeroClassic\nero60023.exe -d C:\Users\Silvia\Downloads\NeroClassic Task: {D1E76148-5778-4CFB-BA87-2269DB3D4FD9} - \CCleanerSkipUAC -> Keine Datei <==== ACHTUNG Task: {EE38C2DC-835A-47AA-83A0-1A102876D107} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG CMD: dir "%ProgramFiles%" CMD: dir "%ProgramFiles(x86)%" CMD: dir "%ProgramData%" CMD: dir "%Appdata%" CMD: dir "%LocalAppdata%" CMD: dir "%CommonProgramFiles(x86)%" CMD: dir "%CommonProgramW6432%" RemoveProxy: CMD: ipconfig /flushdns CMD: netsh winsock reset EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
12.03.2017, 15:15 | #8 |
| Myfilestore.com Virus eingefangen? Servus Matthias, anbei die Infos... FRST Fix (Fixlog): Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01 durchgeführt von Silvia (12-03-2017 13:43:38) Run:1 Gestartet von C:\Users\Silvia\Desktop Geladene Profile: Silvia (Verfügbare Profile: Silvia & DefaultAppPool) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** start CloseProcesses: HKLM-x32\...\Run: [] => [X] SearchScopes: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> {0CD413A5-25C0-4513-A268-CED8EFAF18A8} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 Toolbar: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei Toolbar: HKU\S-1-5-21-983883370-204824152-491102941-1000 -> Kein Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - Keine Datei 2012-04-19 07:59 - 2012-04-19 07:59 - 0473600 _____ () C:\Program Files\setup.exe 2012-04-19 07:59 - 2012-04-19 07:59 - 0000290 _____ () C:\Program Files\setup.ini Task: {07DA5524-FFB1-4CE3-B07B-BBE2C29E5385} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {1C267C23-B5F9-41FF-A4D5-92C4B112F598} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {1ED078EF-C616-449A-9E71-3FF7CE79AF8D} - System32\Tasks\{877C8A6D-9FA5-41CA-8842-83A5F8A9F7E0} => pcalua.exe -a C:\Users\Silvia\Documents\dbgview\DBGVIEW.EXE -d C:\Users\Silvia\Documents\dbgview Task: {2FFC7E9B-A48E-4878-86E7-5B5FD9C7CFF1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {3F0C9060-E8B5-4D4D-B60B-15ED2B085296} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG Task: {43C4CCEB-42BC-4680-93D3-1C620439C826} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {44EF540E-C6D8-4717-9B55-5525DA621CDE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {54D5411A-538D-4D2E-B0C2-D79A683DEEF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {5BC2FF85-E692-4FA0-B1F6-0F38E6B98D34} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {6F6E5A96-BEC4-4BEF-BEE2-47968000AD22} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG Task: {85E7851F-6507-45F7-B071-77F75A503F5B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {8748D2C8-7B61-46D6-8560-B806F3E45DC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG Task: {881323E1-6913-4B08-9348-3BBEDA2FED8C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {AC2B6A0D-936A-493E-AEBC-22346C4B382D} - System32\Tasks\{9DC4673D-89F6-4667-8059-6A8D8FCCA84B} => pcalua.exe -a C:\Users\Silvia\Downloads\p-std.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {D00A0671-354F-4F46-90B3-CE483FFBB1D6} - System32\Tasks\{8E26E545-7CEE-4E2D-B6A1-5E627B7BAF4A} => pcalua.exe -a C:\Users\Silvia\Downloads\NeroClassic\nero60023.exe -d C:\Users\Silvia\Downloads\NeroClassic Task: {D1E76148-5778-4CFB-BA87-2269DB3D4FD9} - \CCleanerSkipUAC -> Keine Datei <==== ACHTUNG Task: {EE38C2DC-835A-47AA-83A0-1A102876D107} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG CMD: dir "%ProgramFiles%" CMD: dir "%ProgramFiles(x86)%" CMD: dir "%ProgramData%" CMD: dir "%Appdata%" CMD: dir "%LocalAppdata%" CMD: dir "%CommonProgramFiles(x86)%" CMD: dir "%CommonProgramW6432%" RemoveProxy: CMD: ipconfig /flushdns CMD: netsh winsock reset EmptyTemp: end ***************** Prozesse erfolgreich geschlossen. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt HKU\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CD413A5-25C0-4513-A268-CED8EFAF18A8} => Schlüssel erfolgreich entfernt HKCR\CLSID\{0CD413A5-25C0-4513-A268-CED8EFAF18A8} => Schlüssel nicht gefunden. HKU\S-1-5-21-983883370-204824152-491102941-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Wert erfolgreich entfernt HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Schlüssel nicht gefunden. HKU\S-1-5-21-983883370-204824152-491102941-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Wert erfolgreich entfernt HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Schlüssel nicht gefunden. C:\Program Files\setup.exe => erfolgreich verschoben C:\Program Files\setup.ini => erfolgreich verschoben HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07DA5524-FFB1-4CE3-B07B-BBE2C29E5385} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07DA5524-FFB1-4CE3-B07B-BBE2C29E5385} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C267C23-B5F9-41FF-A4D5-92C4B112F598} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C267C23-B5F9-41FF-A4D5-92C4B112F598} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ED078EF-C616-449A-9E71-3FF7CE79AF8D} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ED078EF-C616-449A-9E71-3FF7CE79AF8D} => Schlüssel erfolgreich entfernt C:\WINDOWS\System32\Tasks\{877C8A6D-9FA5-41CA-8842-83A5F8A9F7E0} => erfolgreich verschoben HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{877C8A6D-9FA5-41CA-8842-83A5F8A9F7E0} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FFC7E9B-A48E-4878-86E7-5B5FD9C7CFF1} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FFC7E9B-A48E-4878-86E7-5B5FD9C7CFF1} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F0C9060-E8B5-4D4D-B60B-15ED2B085296} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F0C9060-E8B5-4D4D-B60B-15ED2B085296} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{43C4CCEB-42BC-4680-93D3-1C620439C826} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43C4CCEB-42BC-4680-93D3-1C620439C826} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44EF540E-C6D8-4717-9B55-5525DA621CDE} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44EF540E-C6D8-4717-9B55-5525DA621CDE} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54D5411A-538D-4D2E-B0C2-D79A683DEEF9} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54D5411A-538D-4D2E-B0C2-D79A683DEEF9} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BC2FF85-E692-4FA0-B1F6-0F38E6B98D34} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BC2FF85-E692-4FA0-B1F6-0F38E6B98D34} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F6E5A96-BEC4-4BEF-BEE2-47968000AD22} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F6E5A96-BEC4-4BEF-BEE2-47968000AD22} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85E7851F-6507-45F7-B071-77F75A503F5B} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85E7851F-6507-45F7-B071-77F75A503F5B} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8748D2C8-7B61-46D6-8560-B806F3E45DC2} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8748D2C8-7B61-46D6-8560-B806F3E45DC2} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{881323E1-6913-4B08-9348-3BBEDA2FED8C} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{881323E1-6913-4B08-9348-3BBEDA2FED8C} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC2B6A0D-936A-493E-AEBC-22346C4B382D} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC2B6A0D-936A-493E-AEBC-22346C4B382D} => Schlüssel erfolgreich entfernt C:\WINDOWS\System32\Tasks\{9DC4673D-89F6-4667-8059-6A8D8FCCA84B} => erfolgreich verschoben HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9DC4673D-89F6-4667-8059-6A8D8FCCA84B} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D00A0671-354F-4F46-90B3-CE483FFBB1D6} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D00A0671-354F-4F46-90B3-CE483FFBB1D6} => Schlüssel erfolgreich entfernt C:\WINDOWS\System32\Tasks\{8E26E545-7CEE-4E2D-B6A1-5E627B7BAF4A} => erfolgreich verschoben HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E26E545-7CEE-4E2D-B6A1-5E627B7BAF4A} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1E76148-5778-4CFB-BA87-2269DB3D4FD9} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1E76148-5778-4CFB-BA87-2269DB3D4FD9} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE38C2DC-835A-47AA-83A0-1A102876D107} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE38C2DC-835A-47AA-83A0-1A102876D107} => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel erfolgreich entfernt ========= dir "%ProgramFiles%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\Program Files 12.03.2017 13:43 <DIR> . 12.03.2017 13:43 <DIR> .. 14.10.2016 23:56 <DIR> AMD 03.11.2011 17:59 <DIR> ATI 14.10.2016 23:48 <DIR> ATI Technologies 14.04.2016 18:03 <DIR> Bitdefender 12.03.2017 13:35 <DIR> Bitdefender Agent 14.10.2016 23:56 <DIR> Common Files 15.03.2013 10:22 <DIR> DIFX 06.03.2016 12:09 <DIR> DVD Maker 05.12.2016 22:13 <DIR> Elantech 19.08.2012 14:56 <DIR> Google 16.01.2017 13:18 <DIR> Internet Explorer 28.07.2013 10:24 <DIR> Java 19.08.2012 12:08 <DIR> licenses 14.10.2016 23:56 <DIR> Microsoft Games 01.01.2013 09:07 <DIR> Microsoft Office 13.10.2016 06:25 <DIR> Microsoft Silverlight 15.10.2016 00:18 <DIR> MSBuild 19.04.2012 08:08 141.590.843 openofficeorg1.cab 19.04.2012 07:59 3.125.248 openofficeorg34.msi 19.08.2012 12:08 <DIR> readmes 14.10.2016 23:47 <DIR> Realtek 19.08.2012 12:08 <DIR> redist 15.10.2016 00:18 <DIR> Reference Assemblies 03.11.2011 18:33 <DIR> Samsung 02.03.2014 18:17 <DIR> Sweet Home 3D 21.07.2016 21:40 <DIR> WajaWebEnhancer 15.10.2016 00:36 <DIR> Windows Defender 03.11.2011 19:15 <DIR> Windows Live 14.10.2016 23:56 <DIR> Windows Mail 02.11.2016 23:28 <DIR> Windows Media Player 16.07.2016 12:47 <DIR> Windows Multimedia Platform 15.10.2016 00:30 <DIR> Windows NT 15.10.2016 00:36 <DIR> Windows Photo Viewer 16.07.2016 12:47 <DIR> Windows Portable Devices 16.07.2016 12:47 <DIR> WindowsPowerShell 30.10.2015 07:35 <DIR> WInterEn 2 Datei(en), 144.716.091 Bytes 36 Verzeichnis(se), 94.416.990.208 Bytes frei ========= Ende von CMD: ========= ========= dir "%ProgramFiles(x86)%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\Program Files (x86) 09.03.2017 21:26 <DIR> . 09.03.2017 21:26 <DIR> .. 04.02.2016 20:28 <DIR> Adobe 05.03.2016 18:57 <DIR> Ahead 02.09.2013 07:21 <DIR> ALDI Bestellsoftware 03.11.2011 18:01 <DIR> AMD 03.11.2011 18:01 <DIR> AMD APP 03.11.2011 18:04 <DIR> Atheros 14.10.2016 23:48 <DIR> ATI Technologies 03.12.2015 20:04 <DIR> CDBurnerXP 14.01.2017 21:28 <DIR> Common Files 03.11.2011 19:46 <DIR> CyberLink 14.01.2017 13:00 <DIR> devolo 14.10.2012 19:58 <DIR> dm 10.04.2016 19:43 <DIR> ElsterFormular 24.11.2012 14:46 <DIR> Finanzportal24 01.06.2014 20:09 <DIR> FLV Player 04.12.2015 17:07 <DIR> fotokasten comfort 15.02.2017 10:14 <DIR> Google 02.06.2015 19:58 <DIR> HP 16.01.2017 13:18 <DIR> Internet Explorer 25.03.2016 18:11 <DIR> Java 17.03.2013 21:23 <DIR> Microsoft 13.05.2015 22:04 <DIR> Microsoft Application Virtualization Client 01.01.2013 09:07 <DIR> Microsoft Office 13.10.2016 06:25 <DIR> Microsoft Silverlight 03.11.2011 19:21 <DIR> Microsoft SQL Server Compact Edition 16.07.2016 12:47 <DIR> Microsoft.NET 03.06.2015 15:07 <DIR> Mozilla Firefox 09.03.2017 15:16 <DIR> Mozilla Maintenance Service 09.03.2017 15:15 <DIR> Mozilla Thunderbird 15.10.2016 00:18 <DIR> MSBuild 17.03.2013 18:56 <DIR> MSXML 4.0 06.03.2016 10:29 <DIR> Nero 07.06.2013 12:30 <DIR> Nokia 19.08.2012 12:11 <DIR> OpenOffice.org 3 03.11.2011 18:03 <DIR> Realtek 15.10.2016 00:18 <DIR> Reference Assemblies 06.03.2016 12:09 <DIR> Samsung 14.01.2017 21:28 <DIR> Skype 01.03.2015 13:23 <DIR> SuperTuxKart 03.11.2011 18:40 <DIR> Symantec 01.03.2015 12:27 <DIR> WEB.DE MailCheck 03.11.2011 18:40 <DIR> WildGames 15.10.2016 00:36 <DIR> Windows Defender 03.11.2011 19:36 <DIR> Windows Live 14.10.2016 23:56 <DIR> Windows Mail 02.11.2016 23:28 <DIR> Windows Media Player 16.07.2016 12:47 <DIR> Windows Multimedia Platform 16.07.2016 12:47 <DIR> Windows NT 15.10.2016 00:36 <DIR> Windows Photo Viewer 16.07.2016 12:47 <DIR> Windows Portable Devices 16.07.2016 12:47 <DIR> WindowsPowerShell 06.09.2015 08:54 <DIR> WISO 0 Datei(en), 0 Bytes 54 Verzeichnis(se), 94.416.990.208 Bytes frei ========= Ende von CMD: ========= ========= dir "%ProgramData%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\ProgramData 14.04.2016 18:41 627.349 1460653227.bdinstall.bin 15.06.2016 06:33 26.781 1465968770.bdinstall.bin 09.03.2017 21:33 97.882 1489091590.bdinstall.bin 04.02.2016 20:28 <DIR> Adobe 20.09.2016 11:32 26.838 agent.1474367523.bdinstall.bin 02.11.2016 14:41 28.759 agent.1478094058.bdinstall.bin 14.10.2016 23:48 <DIR> AMD 07.11.2014 09:49 <DIR> APN 09.03.2013 09:02 <DIR> Ask 03.11.2011 18:04 <DIR> Atheros 06.03.2016 13:19 <DIR> ATI 20.05.2013 16:31 <DIR> Avira 11.05.2014 17:56 <DIR> bdch 17.04.2016 21:50 <DIR> BDLogging 14.04.2016 18:28 <DIR> Bitdefender 25.03.2016 17:33 <DIR> Bitdefender Agent 09.05.2013 18:45 <DIR> Buhl Data Service GmbH 03.12.2015 20:05 <DIR> Canneverbe Limited 16.07.2016 12:47 <DIR> Comms 28.12.2012 22:17 <DIR> CyberLink 12.06.2015 22:02 <DIR> Dropbox 10.04.2016 20:08 <DIR> elsterformular 24.11.2012 14:50 <DIR> Finanzportal24 12.07.2013 07:42 <DIR> fotokasten comfort 26.12.2014 21:42 <DIR> HP 26.12.2014 18:53 <DIR> HP Product Assistant 26.08.2013 18:25 <DIR> hps 26.12.2014 21:42 836 hpzinstall.log 15.10.2016 06:40 <DIR> Microsoft OneDrive 19.08.2012 15:02 <DIR> Mozilla 06.03.2016 10:29 <DIR> Nero 07.06.2013 12:30 <DIR> Nokia 15.03.2013 10:19 <DIR> NokiaInstallerCache 20.05.2013 16:50 <DIR> Norton 03.11.2011 18:40 <DIR> NortonInstaller 25.03.2016 18:18 <DIR> Oracle 14.10.2016 23:56 <DIR> Package Cache 15.03.2013 10:24 <DIR> PC Suite 15.10.2016 00:05 <DIR> regid.1991-06.com.microsoft 14.08.2012 19:20 <DIR> SAMSUNG 14.01.2017 21:28 <DIR> Skype 16.07.2016 12:47 <DIR> SoftwareDistribution 09.03.2013 09:02 <DIR> Sun 03.11.2011 18:40 <DIR> Symantec 03.11.2011 19:45 <DIR> Temp 25.12.2013 09:37 <DIR> tmp 15.10.2016 00:12 <DIR> USOPrivate 15.10.2016 00:12 <DIR> USOShared 01.01.2013 18:14 <DIR> VirtualizedApplications 26.12.2014 21:43 <DIR> WEBREG 03.11.2011 18:40 <DIR> WildTangent 05.03.2016 18:29 <DIR> WinClon 03.11.2011 19:45 109 {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 03.11.2011 19:37 113 {34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 03.11.2011 19:42 105 {40BF1E83-20EB-11D8-97C5-0009C5020658}.log 03.11.2011 19:41 106 {80E158EA-7181-40FE-A701-301CE6BE64AB}.log 03.11.2011 19:44 110 {CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 11 Datei(en), 808.988 Bytes 46 Verzeichnis(se), 94.416.982.016 Bytes frei ========= Ende von CMD: ========= ========= dir "%Appdata%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\Users\Silvia\AppData\Roaming 07.02.2017 18:03 <DIR> . 07.02.2017 18:03 <DIR> .. 19.08.2012 07:39 <DIR> Adobe 29.05.2014 19:36 <DIR> Ahead 07.10.2012 17:33 <DIR> AnvSoft 14.08.2012 19:27 <DIR> ATI 14.04.2016 18:25 <DIR> Bitdefender 09.05.2013 18:45 <DIR> Buhl Data Service 03.12.2015 20:04 <DIR> Canneverbe Limited 28.11.2013 21:24 <DIR> com.barchart.platform.release 29.05.2014 19:57 <DIR> CyberLink 14.01.2017 13:01 <DIR> de.devolo.dLAN.Cockpit 01.03.2015 12:31 <DIR> dlg 11.03.2017 19:46 <DIR> Dropbox 28.01.2015 04:55 <DIR> elsterformular 24.11.2012 14:50 <DIR> Finanzportal24 25.01.2015 14:36 <DIR> HP 16.06.2015 21:59 <DIR> HpUpdate 14.08.2012 19:25 <DIR> Identities 10.03.2014 20:26 <DIR> JWrapper-Barchart 14.08.2012 19:57 <DIR> Macromedia 04.11.2011 08:52 <DIR> Media Center Programs 19.08.2012 15:02 <DIR> Mozilla 22.10.2015 21:42 <DIR> Nero 19.08.2012 12:16 <DIR> OpenOffice.org 07.11.2014 10:04 <DIR> Oracle 15.03.2013 10:24 <DIR> PC Suite 20.05.2013 16:53 <DIR> QuickScan 02.02.2017 20:51 <DIR> Skype 17.01.2017 21:53 <DIR> SoftGrid Client 27.09.2015 12:12 <DIR> Sun 19.08.2012 15:08 <DIR> Thunderbird 01.01.2013 09:10 <DIR> TP 23.05.2016 20:52 385 user_gensett.xml 1 Datei(en), 385 Bytes 33 Verzeichnis(se), 94.416.982.016 Bytes frei ========= Ende von CMD: ========= ========= dir "%LocalAppdata%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\Users\Silvia\AppData\Local 11.03.2017 19:33 <DIR> . 11.03.2017 19:33 <DIR> .. 06.03.2016 13:18 <DIR> ActiveSync 23.02.2017 20:49 <DIR> Adobe 26.09.2012 09:05 <DIR> Albelli Fotobcher 03.01.2017 16:46 <DIR> AMD 14.08.2012 19:27 <DIR> ATI 08.10.2015 21:54 <DIR> bdch 06.09.2015 09:17 <DIR> Buhl 09.05.2013 18:45 <DIR> Buhl Data Service 18.02.2016 22:00 <DIR> CEF 06.03.2016 13:36 <DIR> Comms 15.10.2016 16:32 <DIR> ConnectedDevicesPlatform 05.03.2016 11:55 <DIR> CrashDumps 20.09.2015 09:08 <DIR> Diagnostics 09.03.2017 10:17 <DIR> Dropbox 11.11.2014 21:39 <DIR> fotokasten comfort 26.12.2014 21:47 69.496 GDIPFONTCACHEV1.DAT 15.11.2012 18:31 <DIR> Google 02.06.2015 05:47 <DIR> GWX 07.10.2012 17:24 393 HamsterVideoConverterSettings.cfg 26.12.2014 21:42 <DIR> HP 19.08.2012 15:29 <DIR> Macromedia 09.12.2016 22:26 <DIR> Microsoft 18.07.2015 21:21 <DIR> Microsoft Games 12.03.2016 17:09 <DIR> MicrosoftEdge 19.09.2013 09:13 <DIR> Mozilla 08.02.2017 11:13 <DIR> Nero 19.03.2016 08:56 <DIR> Nero_AG 06.03.2016 13:19 <DIR> NetworkTiles 15.03.2013 10:27 <DIR> Nokia 07.06.2013 12:30 <DIR> NokiaAccount 02.12.2016 14:59 <DIR> Packages 14.08.2012 19:26 <DIR> Power2Go 02.03.2014 18:17 <DIR> Programs 06.03.2016 13:15 <DIR> Publishers 15.08.2012 17:48 <DIR> Samsung 01.01.2013 09:09 <DIR> SoftGrid Client 12.03.2017 13:43 <DIR> Temp 12.03.2015 08:13 <DIR> Thunderbird 06.03.2016 13:14 <DIR> TileDataLayer 12.07.2013 09:27 <DIR> VirtualStore 19.10.2013 20:41 <DIR> {06B238D4-4EE0-4870-8FE9-DF6E7ADED892} 24.03.2013 17:18 <DIR> {10A67E1E-1067-4C0B-86EC-3AD94A063770} 29.07.2013 20:19 <DIR> {2B6AE229-DD74-4963-B3F9-0163DABFF600} 28.05.2013 09:01 <DIR> {3D538D20-E113-4B9C-9852-9EE55E1DAFCE} 28.05.2013 09:02 <DIR> {3F1EDAC8-4C24-4F4D-8261-1C7E5654C112} 28.05.2013 14:25 <DIR> {500ED4B8-871E-4E51-BBF6-ACEB4167364A} 30.05.2013 10:03 <DIR> {59567DE0-8960-4C9F-BEAC-48317E50D433} 05.12.2013 20:23 <DIR> {74057EDE-5D6F-4FB1-876A-A456095630FD} 18.11.2012 17:26 <DIR> {844EBDEB-82C0-417C-A24C-48EA48460FBF} 04.12.2012 09:43 <DIR> {99D6D419-0BD4-4451-B333-9628E6093727} 28.05.2013 09:01 <DIR> {A003241E-01BE-4B32-ADB5-00718A4AB763} 18.11.2012 17:25 <DIR> {AE1CBCDB-297C-4CB4-8CC1-3883151C785B} 07.10.2012 19:12 <DIR> {B007F200-E151-459E-A423-C801CB211093} 28.05.2013 14:27 <DIR> {B9A9FBA9-F8B0-4C13-A95E-D0967006F6FF} 28.05.2013 15:59 <DIR> {D21924E4-F3C7-407E-9A3C-45EF6921FA34} 30.12.2012 22:18 <DIR> {D44FA661-1BA3-4B3F-B454-FCE5B1A2DA55} 14.11.2013 17:27 <DIR> {DD02E62F-6684-4844-A89F-FAC5493B18AF} 31.05.2013 15:36 <DIR> {E1CA6399-2910-4350-8530-89FFA84F4716} 01.06.2014 19:33 <DIR> {E9D6F425-8B85-4338-96D5-759940DCCA8B} 07.10.2012 19:12 <DIR> {EB599082-6E9E-4D4F-A497-418735CB518F} 15.12.2012 19:45 <DIR> {EB8B6AF0-57C1-46AA-A5A5-63A27E74856D} 17.12.2013 21:47 <DIR> {FA51B2DF-944E-42AC-AE14-A38BF13ABFF2} 2 Datei(en), 69.889 Bytes 62 Verzeichnis(se), 94.416.982.016 Bytes frei ========= Ende von CMD: ========= ========= dir "%CommonProgramFiles(x86)%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\Program Files (x86)\Common Files 14.01.2017 21:28 <DIR> . 14.01.2017 21:28 <DIR> .. 04.02.2016 20:28 <DIR> Adobe 29.05.2014 19:28 <DIR> Ahead 03.11.2011 19:37 <DIR> CyberLink 15.05.2014 12:21 <DIR> DESIGNER 26.12.2014 18:51 <DIR> Hewlett-Packard 26.12.2014 18:51 <DIR> HP 03.11.2011 18:01 <DIR> InstallShield 25.03.2016 18:10 <DIR> Java 14.10.2016 23:56 <DIR> Microsoft Shared 06.03.2016 10:29 <DIR> Nero 03.11.2011 18:29 <DIR> Samsung 16.07.2016 12:47 <DIR> Services 14.01.2017 21:28 <DIR> Skype 14.10.2016 23:56 <DIR> SpeechEngines 20.05.2013 16:49 <DIR> Symantec Shared 16.07.2016 23:50 <DIR> System 03.11.2011 19:12 <DIR> Windows Live 0 Datei(en), 0 Bytes 19 Verzeichnis(se), 94.416.973.824 Bytes frei ========= Ende von CMD: ========= ========= dir "%CommonProgramW6432%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\Program Files\Common Files 14.10.2016 23:56 <DIR> . 14.10.2016 23:56 <DIR> .. 14.04.2016 18:03 <DIR> Bitdefender 14.10.2016 23:56 <DIR> microsoft shared 16.07.2016 12:47 <DIR> Services 14.10.2016 23:56 <DIR> SpeechEngines 16.07.2016 23:50 <DIR> System 0 Datei(en), 0 Bytes 7 Verzeichnis(se), 94.416.977.920 Bytes frei ========= Ende von CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt HKU\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt HKU\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt ========= Ende von RemoveProxy: ========= ========= ipconfig /flushdns ========= Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. ========= Ende von CMD: ========= ========= netsh winsock reset ========= Der Winsock-Katalog wurde zurckgesetzt. Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen. ========= Ende von CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 145194273 B Java, Flash, Steam htmlcache => 6468 B Windows/system/drivers => 53494415 B Edge => 250141513 B Chrome => 0 B Firefox => 36849709 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 5448159 B LocalService => 68646 B NetworkService => 14146 B Silvia => 992009105 B DefaultAppPool => 0 B RecycleBin => 3467767195 B EmptyTemp: => 4.6 GB temporäre Dateien entfernt. ================================ Das System musste neu gestartet werden. ==== Ende von Fixlog 13:53:19 ==== AdwCleander: Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 12/03/2017 um 14:15:51 # Aktualisiert am 28/02/2017 von Malwarebytes # Datenbank : 2017-03-12.1 [Server] # Betriebssystem : Windows 10 Home (X64) # Benutzername : Silvia - SILVIA-PC # Gestartet von : C:\Users\Silvia\Desktop\AdwCleaner_6.044.exe # Modus: Löschen # Unterstützung : https://www.malwarebytes.com/support ***** [ Dienste ] ***** ***** [ Ordner ] ***** [-] Ordner gelöscht: C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer [-] Ordner gelöscht: C:\Program Files\WajaWebEnhancer [-] Ordner gelöscht: C:\Program Files\WInterEn [-] Ordner gelöscht: C:\ProgramData\apn [-] Ordner gelöscht: C:\ProgramData\Ask [-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player [-] Ordner gelöscht: C:\Program Files (x86)\FLV Player ***** [ Dateien ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} [-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Schlüssel gelöscht: HKU\.DEFAULT\Software\AskPartnerNetwork [-] Schlüssel gelöscht: HKU\S-1-5-21-983883370-204824152-491102941-1000\Software\WajIEnhance [#] Schlüssel mit Neustart gelöscht: HKU\S-1-5-18\Software\AskPartnerNetwork [#] Schlüssel mit Neustart gelöscht: HKCU\Software\WajIEnhance [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam Web Enhancer [#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\WajIEnhance [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Wajam Web Enhancer [-] Wert gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon] [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FLVPlayer.exe ***** [ Browser ] ***** [-] Firefox Einstellungen bereinigt: "browser.newtab.url" - "chrome://unitedtb/content/newtab/newtab-page.xhtml" ************************* :: "Tracing" Schlüssel gelöscht :: Winsock Einstellungen zurückgesetzt :: "Prefetch" Dateien gelöscht :: Proxy Einstellungen zurückgesetzt :: Firewall Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2722 Bytes] - [12/03/2017 14:15:51] C:\AdwCleaner\AdwCleaner[S0].txt - [2844 Bytes] - [12/03/2017 14:09:25] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2868 Bytes] ########## MBAM: Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 12.03.17 Scan-Zeit: 14:29 Protokolldatei: Malewarebytes.txt Administrator: Ja -Softwaredaten- Version: 3.0.6.1469 Komponentenversion: 1.0.75 Version des Aktualisierungspakets: 1.0.1394 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Silvia-PC\Silvia -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Ergebnis: Abgeschlossen Gescannte Objekte: 472104 Abgelaufene Zeit: 24 Min., 0 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 0 (keine bösartigen Elemente erkannt) Physischer Sektor: 0 (keine bösartigen Elemente erkannt) (end) FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01 durchgeführt von Silvia (Administrator) auf SILVIA-PC (12-03-2017 15:01:48) Gestartet von C:\Users\Silvia\Desktop Geladene Profile: Silvia (Verfügbare Profile: Silvia & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-20] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Run: [Dropbox Update] => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) HKU\S-1-5-21-983883370-204824152-491102941-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-12-26] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-04-13] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-11] ShortcutTarget: Dropbox.lnk -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{d96e33c9-9c49-41b5-9ccb-f54ed90cc9d8}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-983883370-204824152-491102941-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-25] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-25] (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\270o59bb.default-1489091303183 [2017-03-12] FF Extension: (WEB.DE MailCheck) - C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\270o59bb.default-1489091303183\Extensions\mailcheck@web.de [2017-03-12] FF Extension: (UITBAutoInstaller) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-02] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-26] [ist nicht signiert] FF HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-23] () FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll [2013-07-28] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-23] () FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-25] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-09-09] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3883544 2016-12-22] (devolo AG) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] U2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [Datei ist nicht signiert] R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [111320 2016-01-22] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1574744 2016-01-29] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1622512 2016-01-22] (BitDefender) R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [806344 2016-01-22] (BitDefender) S3 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-12-03] (BitDefender LLC) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] () R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-12] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-12] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-12] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-12] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2015-09-28] (Riverbed Technology, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-02-09] (Windows (R) 2003 DDK 3790 provider) R2 SGDrv; C:\WINDOWS\System32\drivers\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-03-12 15:01 - 2017-03-12 15:06 - 00017751 _____ C:\Users\Silvia\Desktop\FRST.txt 2017-03-12 14:56 - 2017-03-12 14:56 - 00001245 _____ C:\Users\Silvia\Desktop\mbam.txt 2017-03-12 14:28 - 2017-03-12 15:01 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-03-12 14:28 - 2017-03-12 15:01 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-03-12 14:27 - 2017-03-12 15:01 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-03-12 14:27 - 2017-03-12 15:00 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-03-12 14:27 - 2017-03-12 14:27 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-03-12 14:27 - 2017-03-12 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-12 14:27 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-03-12 14:26 - 2017-03-12 14:26 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-12 14:26 - 2017-03-12 14:26 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-12 14:23 - 2017-03-12 14:26 - 57131432 _____ (Malwarebytes ) C:\Users\Silvia\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-12 14:20 - 2017-03-12 14:20 - 00002962 _____ C:\Users\Silvia\Desktop\AdwCleaner[C0].txt 2017-03-12 14:01 - 2017-03-12 14:15 - 00000000 ____D C:\AdwCleaner 2017-03-12 14:00 - 2017-03-12 14:01 - 04031440 _____ C:\Users\Silvia\Desktop\AdwCleaner_6.044.exe 2017-03-12 13:45 - 2017-03-12 13:45 - 00028190 _____ C:\ProgramData\agent.1489322704.bdinstall.bin 2017-03-12 13:43 - 2017-03-12 13:53 - 00030992 _____ C:\Users\Silvia\Desktop\Fixlog.txt 2017-03-12 13:37 - 2017-03-12 13:38 - 00000000 ____D C:\Users\Silvia\Desktop\Virus 2017-03-11 20:19 - 2017-03-11 20:52 - 00523380 _____ C:\TDSSKiller.3.1.0.12_11.03.2017_20.19.08_log.txt 2017-03-11 20:18 - 2017-03-11 20:18 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Silvia\Desktop\tdsskiller.exe 2017-03-11 20:03 - 2017-03-11 20:04 - 02424320 _____ (Farbar) C:\Users\Silvia\Desktop\FRST64.exe 2017-03-11 19:45 - 2017-03-11 19:45 - 00000000 ____D C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-03-09 22:40 - 2017-03-09 22:42 - 00066908 _____ C:\Users\Silvia\Downloads\Addition.txt 2017-03-09 22:38 - 2017-03-12 15:01 - 00000000 ____D C:\FRST 2017-03-09 22:38 - 2017-03-09 22:42 - 00025098 _____ C:\Users\Silvia\Downloads\FRST.txt 2017-03-09 22:37 - 2017-03-09 22:37 - 02423808 _____ (Farbar) C:\Users\Silvia\Downloads\FRST64.exe 2017-03-09 21:33 - 2017-03-09 21:33 - 00097882 _____ C:\ProgramData\1489091590.bdinstall.bin 2017-03-09 21:28 - 2017-03-09 21:28 - 00000000 ____D C:\Users\Silvia\Desktop\Alte Firefox-Daten 2017-03-03 11:11 - 2017-03-03 11:11 - 00032740 _____ C:\Users\Silvia\Downloads\Dinkel Pizzateig - 2016-09-10.pdf 2017-02-23 20:17 - 2017-02-23 20:48 - 00000000 ____D C:\Users\Silvia\Desktop\Igel Fotostick 2017-02-15 10:14 - 2017-02-15 10:14 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-15 10:14 - 2017-02-15 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-03-12 15:04 - 2016-10-14 23:51 - 01951094 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-03-12 15:04 - 2016-07-16 23:51 - 00715542 _____ C:\WINDOWS\system32\perfh007.dat 2017-03-12 15:04 - 2016-07-16 23:51 - 00160732 _____ C:\WINDOWS\system32\perfc007.dat 2017-03-12 15:02 - 2013-09-18 18:17 - 00000000 ___RD C:\Users\Silvia\Dropbox 2017-03-12 15:00 - 2016-03-25 17:32 - 00000000 ____D C:\Program Files\Bitdefender Agent 2017-03-12 14:58 - 2016-10-15 00:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-12 14:58 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-03-12 14:57 - 2013-05-20 18:36 - 00149290 _____ C:\bdlog.txt 2017-03-12 13:56 - 2016-07-16 07:04 - 00131072 _____ C:\WINDOWS\system32\config\ELAM 2017-03-12 13:55 - 2016-11-24 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-03-12 13:55 - 2012-08-19 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-12 13:45 - 2016-10-14 23:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-12 13:44 - 2013-05-20 17:06 - 00000000 ____D C:\ProgramData\BDLogging 2017-03-11 19:58 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-11 19:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-11 19:46 - 2013-09-18 18:15 - 00000000 ____D C:\Users\Silvia\AppData\Roaming\Dropbox 2017-03-09 22:42 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-03-09 15:05 - 2013-05-20 16:16 - 02426440 _____ C:\Users\Silvia\Desktop\bitdefender_antivirus2013.exe 2017-03-09 10:17 - 2015-06-12 22:02 - 00000000 ____D C:\Users\Silvia\AppData\Local\Dropbox 2017-03-01 12:03 - 2016-10-14 23:52 - 00000000 ____D C:\Users\Silvia 2017-03-01 11:20 - 2012-08-19 11:26 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-24 09:05 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-24 09:01 - 2013-07-28 21:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-23 22:07 - 2012-08-22 20:49 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-23 20:49 - 2014-08-18 15:46 - 00000000 ____D C:\Users\Silvia\AppData\Local\Adobe 2017-02-23 20:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-23 20:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-18 11:09 - 2016-12-07 07:42 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-18 11:08 - 2016-03-06 13:22 - 00002421 _____ C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-02-18 11:08 - 2016-03-06 13:22 - 00000000 ___RD C:\Users\Silvia\OneDrive 2017-02-15 10:14 - 2012-08-19 07:37 - 00000000 ____D C:\Program Files (x86)\Google ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-04-19 08:08 - 2012-04-19 08:08 - 141590843 _____ () C:\Program Files\openofficeorg1.cab 2012-04-19 07:59 - 2012-04-19 07:59 - 3125248 _____ () C:\Program Files\openofficeorg34.msi 2016-05-23 20:52 - 2016-05-23 20:52 - 0000385 _____ () C:\Users\Silvia\AppData\Roaming\user_gensett.xml 2012-10-07 17:24 - 2012-10-07 17:24 - 0000393 _____ () C:\Users\Silvia\AppData\Local\HamsterVideoConverterSettings.cfg 2016-04-14 18:41 - 2016-04-14 18:41 - 0627349 _____ () C:\ProgramData\1460653227.bdinstall.bin 2016-06-15 06:33 - 2016-06-15 06:33 - 0026781 _____ () C:\ProgramData\1465968770.bdinstall.bin 2017-03-09 21:33 - 2017-03-09 21:33 - 0097882 _____ () C:\ProgramData\1489091590.bdinstall.bin 2016-09-20 11:32 - 2016-09-20 11:32 - 0026838 _____ () C:\ProgramData\agent.1474367523.bdinstall.bin 2016-11-02 14:41 - 2016-11-02 14:41 - 0028759 _____ () C:\ProgramData\agent.1478094058.bdinstall.bin 2017-03-12 13:45 - 2017-03-12 13:45 - 0028190 _____ () C:\ProgramData\agent.1489322704.bdinstall.bin 2016-10-14 23:48 - 2016-10-14 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-12-26 18:49 - 2014-12-26 21:42 - 0000836 _____ () C:\ProgramData\hpzinstall.log 2011-11-03 19:44 - 2011-11-03 19:45 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-11-03 19:37 - 2011-11-03 19:37 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2011-11-03 19:41 - 2011-11-03 19:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-11-03 19:38 - 2011-11-03 19:41 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-11-03 19:42 - 2011-11-03 19:44 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-03-09 10:39 ==================== Ende von FRST.txt ============================ Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01 durchgeführt von Silvia (12-03-2017 15:06:33) Gestartet von C:\Users\Silvia\Desktop Windows 10 Home Version 1607 (X64) (2016-10-14 23:30:32) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-983883370-204824152-491102941-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-983883370-204824152-491102941-503 - Limited - Disabled) Gast (S-1-5-21-983883370-204824152-491102941-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-983883370-204824152-491102941-1002 - Limited - Enabled) Silvia (S-1-5-21-983883370-204824152-491102941-1000 - Administrator - Enabled) => C:\Users\Silvia ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Bitdefender-Virenschutz (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} AS: Bitdefender-Spyware-Schutz (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden 4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Albelli Fotobücher (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli) ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1423 - Bitdefender) Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 19.6.0.326 - Bitdefender) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.2.0 - devolo AG) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG) DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.44 - Samsung) ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.2.19144 - Landesfinanzdirektion Thüringen) Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Finanzplaner PRO (HKLM-x32\...\Finanzplaner PRO) (Version: - FinanzPortal24 GmbH) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden fotokasten comfort 5.0 (HKLM-x32\...\fotokasten comfort_is1) (Version: - ) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.8.0.6273 - Mozilla) Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 2016 (HKLM-x32\...\{049045D5-0C46-4E78-A83F-83E993D91A7F}) (Version: 17.0.02300 - Nero AG) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org) Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung) SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent) WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{E47A3570-59A0-4948-A678-A930FEE8AAC7}) (Version: 21.00.8480 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{B999EF65-7140-47E1-BED0-6A32E64A0D7D}) (Version: 22.00.8811 - Buhl Data Service GmbH) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1399D005-9179-4EB0-B62B-C71085F1CB81} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000Core1d238be2862dc7c => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {1B0CAC01-78B1-46EA-AAD0-A5C0C9A9EEBD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {1BBE6E19-EAC8-48F9-A650-29AC264EC91B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {27018021-93D3-4181-A414-70E233096DA8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {2E4CFDEB-63DC-4061-BBED-999970D6C986} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2013\bdproductdata.exe Task: {2F0D4068-C9FA-4B45-A7FC-625D0F57B02A} - System32\Tasks\{EE305C4B-2645-4AD4-AB31-8774E0D9EF4D} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Ahead\Nero StartSmart\NeroStartSmart.exe" Task: {34185101-2D74-4011-908B-B1FC4B4C4BE7} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Easy Support Center\SSCKbdHk.exe Task: {40CA2C1C-8985-452E-B5F1-23E374E19F48} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {4A1A75AC-E505-48A8-ACAD-2FB594C0BB58} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {4BD94884-E059-4F7C-8455-62E2AA5A3DBE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23] (Adobe Systems Incorporated) Task: {5996EC8B-1C65-4C80-84F9-96E88B7A1A86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {6300AB21-F4AE-4D28-97B2-6921A3833149} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {73CC6AD6-7914-402D-B519-52F325732A2B} - System32\Tasks\{C7DA0173-A309-4F90-B5F2-89918793E3A1} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.0.105.411/de/abandoninstall?page=tsProgressBar Task: {7556EB99-AC76-4EE7-9CB3-0B4CCE2DCDB0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {75B74FA7-121A-45AF-A58F-CE8474E83919} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {850E9F07-2096-4FE9-A733-FE077D4AABE5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {8B334E28-4173-4E7B-B70D-2239A7897ADC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {8C128A29-BC22-409A-B3B4-B6A225FC4454} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink) Task: {9A651807-3F5E-4BD4-AAAF-938487ACD279} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {9C7B57B7-F799-4A6C-929D-59D86F528183} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {9D3B18C5-480C-4532-A960-D319D34E5EE7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {9FED81DA-52A7-4C9D-8AB0-16EFCF8E0626} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {A2A0F0F1-0AD4-4693-9963-A68C0DEBC0CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {AB30CF4B-78EE-43C6-84AF-18B9600D7A09} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {AF8E0C35-0478-480E-AB08-8B82E504A785} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {B24C4704-4B41-438C-A0D8-EB1B1B19B584} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {BCF1F663-95A5-46DA-A8D2-EEE34805A0B3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {C491C115-391E-4D12-8322-67457D3CA592} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000UA1d238be289e236d => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {CB902C20-D63C-4BA9-ABDC-BF90E0F37791} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D1A7B405-6102-4350-8033-19B49D45750C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D64C454A-E02D-4972-99F7-BF6AEF595F22} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {D89CE4B1-DC7B-42F9-98E6-F9C8DE7003A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {DC02FBDE-D986-497A-9492-9186C3C240E6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {DEF7D778-88F3-48E0-8236-1247220EDAA7} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {F1B6F95C-CAB2-4BFF-AA66-C6BB1E217B19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {F31AABE0-BE26-427E-8159-BF36BA8A0C32} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Silvia\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {F645E1B5-0C8C-49DE-8DF7-045D7C9C022E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender) Task: {FB5C8F08-3D93-43D7-9E1F-FB95C61673F9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {FC32A813-B554-47A0-B581-AD88FB648F7B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000Core1d238be2862dc7c.job => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000UA1d238be289e236d.job => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-14 18:19 - 2015-11-04 13:06 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll 2016-04-14 18:18 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll 2016-04-14 18:19 - 2016-03-02 15:08 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui 2017-02-07 16:40 - 2017-02-07 16:40 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpbr.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpdsp.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpph.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttprbl.mdl 2015-08-21 21:09 - 2015-08-21 21:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2015-08-21 21:09 - 2015-08-21 21:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2011-11-03 19:41 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2017-03-12 14:26 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-03-12 14:27 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-15 00:32 - 2016-10-15 00:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-16 11:07 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-16 11:05 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-16 11:05 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-01-16 11:05 - 2016-12-21 07:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll 2014-04-13 08:41 - 2015-04-14 10:05 - 01428760 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe 2014-04-13 08:35 - 2015-04-14 10:05 - 09741592 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll 2014-04-13 08:35 - 2015-04-14 10:06 - 03929880 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02872600 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02136856 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01960728 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 04463896 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01593624 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 05308184 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02392344 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01171224 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01633560 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01341720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 07374616 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01296664 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll 2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2017-03-11 19:44 - 2017-03-06 21:59 - 00807232 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll 2017-03-11 19:45 - 2017-02-09 03:19 - 00035792 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00100296 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00018888 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\select.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00019776 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00694224 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00020824 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2017-03-11 19:45 - 2017-02-09 03:20 - 00123856 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 01682768 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00020816 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00145864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2017-03-11 19:44 - 2017-02-09 03:20 - 00019408 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00116688 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2017-03-11 19:45 - 2017-02-09 03:22 - 00105928 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32api.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00038712 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\fastpath.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00060736 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024528 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32event.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00175560 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32gui.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00392144 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2017-03-11 19:44 - 2017-02-09 03:22 - 00020936 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00116176 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32security.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00381760 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00124880 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32file.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00026456 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024016 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00030160 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00043472 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32process.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00048592 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32service.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00057808 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024016 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32profile.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00246608 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00027488 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-03-11 19:45 - 2017-02-09 03:21 - 00241104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_jpegtran.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00022336 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00025432 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00028616 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32ts.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 01826104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2017-03-11 19:45 - 2017-02-09 03:20 - 00083912 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\sip.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 01972536 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 03928896 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00531264 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00053072 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00133432 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00224064 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00207680 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00069968 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022872 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00021848 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022872 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00350152 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00103232 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00023896 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00025936 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2017-03-11 19:44 - 2017-02-09 03:17 - 00036296 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\librsync.dll 2017-03-11 19:44 - 2017-03-06 22:01 - 00033112 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd 2017-03-11 19:44 - 2016-12-02 22:44 - 00293392 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll 2017-03-11 19:44 - 2017-03-06 22:01 - 00084288 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2017-03-11 19:44 - 2017-02-09 03:27 - 00017864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\libEGL.dll 2017-03-11 19:44 - 2017-02-09 03:27 - 01631184 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2017-03-11 19:45 - 2017-03-06 22:01 - 00042816 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00171336 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00357688 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00060880 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32print.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00026456 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00546104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\AdwCleaner_6.044.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\tdsskiller.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ALDI Bestellsoftware Setup.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Barchart-windows64-online.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ccsetup402_slim.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\devolo-cockpit-v4-3-2.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Dropbox 2.0.26.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-14.3.20130522u.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.0.20150113k.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.1.20150309u(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.1.20150309u.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\flvplayer_setup20_25.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-0-6(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-0-6.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-3-13(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-3-13.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-4-8(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-4-8.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer15x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer16x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer17x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jre-7u25-windows-x64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(2).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(3).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(4).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(5).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(6).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Nero Burning ROM Classic - CHIP-Installer.exe:BDU [1] AlternateDataStreams: C:\Users\Silvia\Downloads\Nero2016-17.09.2015_stub_trial.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\OJ4500vG510a-f_Full_13.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\SkypeSetup.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\SuperTuxKart - CHIP-Installer.exe:BDU [0] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-983883370-204824152-491102941-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Silvia\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{bbeb6448-8619-4f01-847d-26d45d85e6ac}.JPG DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe ==================== Wiederherstellungspunkte ========================= 13-02-2017 12:24:37 Geplanter Prüfpunkt 23-02-2017 22:00:27 Windows Update 01-03-2017 20:02:06 Windows-Sicherung ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (03/12/2017 01:59:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/12/2017 01:59:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/09/2017 10:53:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/02/2017 12:01:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/01/2017 08:04:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:16 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:16 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Systemfehler: ============= Error: (03/12/2017 03:00:04 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/12/2017 02:59:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. Error: (03/12/2017 02:17:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. Error: (03/12/2017 02:15:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: Es wird bereits eine Instanz des Dienstes ausgeführt. Error: (03/12/2017 02:15:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/12/2017 02:15:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/12/2017 02:15:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/12/2017 02:15:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Client Virtualization Handler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/12/2017 02:15:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/12/2017 02:15:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "ProductAgentService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. ==================== Speicherinformationen =========================== Prozessor: AMD A4-3305M APU with Radeon(tm) HD Graphics Prozentuale Nutzung des RAM: 54% Installierter physikalischer RAM: 3563.87 MB Verfügbarer physikalischer RAM: 1617.72 MB Summe virtueller Speicher: 7147.87 MB Verfügbarer virtueller Speicher: 4892.46 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:178 GB) (Free:92.7 GB) NTFS Drive d: () (Fixed) (Total:266.26 GB) (Free:72.32 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 933609DD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=266.3 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=21.4 GB) - (Type=27) ==================== Ende von Addition.txt ============================ |
12.03.2017, 21:28 | #9 |
/// TB-Ausbilder | Myfilestore.com Virus eingefangen? Servus, Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: CMD: dir "%ProgramFiles%" CMD: dir "%ProgramFiles(x86)%" CMD: dir "%ProgramData%" CMD: dir "%Appdata%" CMD: dir "%LocalAppdata%" end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
13.03.2017, 05:56 | #10 |
| Myfilestore.com Virus eingefangen? Servus Matthias, Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-03-2017 durchgeführt von Silvia (12-03-2017 22:08:43) Run:2 Gestartet von C:\Users\Silvia\Desktop Geladene Profile: Silvia (Verfügbare Profile: Silvia & DefaultAppPool) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** start CloseProcesses: CMD: dir "%ProgramFiles%" CMD: dir "%ProgramFiles(x86)%" CMD: dir "%ProgramData%" CMD: dir "%Appdata%" CMD: dir "%LocalAppdata%" end ***************** Prozesse erfolgreich geschlossen. ========= dir "%ProgramFiles%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\Program Files 12.03.2017 14:26 <DIR> . 12.03.2017 14:26 <DIR> .. 14.10.2016 23:56 <DIR> AMD 03.11.2011 17:59 <DIR> ATI 14.10.2016 23:48 <DIR> ATI Technologies 14.04.2016 18:03 <DIR> Bitdefender 12.03.2017 22:03 <DIR> Bitdefender Agent 14.10.2016 23:56 <DIR> Common Files 15.03.2013 10:22 <DIR> DIFX 06.03.2016 12:09 <DIR> DVD Maker 05.12.2016 22:13 <DIR> Elantech 19.08.2012 14:56 <DIR> Google 16.01.2017 13:18 <DIR> Internet Explorer 28.07.2013 10:24 <DIR> Java 19.08.2012 12:08 <DIR> licenses 12.03.2017 14:26 <DIR> Malwarebytes 14.10.2016 23:56 <DIR> Microsoft Games 01.01.2013 09:07 <DIR> Microsoft Office 13.10.2016 06:25 <DIR> Microsoft Silverlight 15.10.2016 00:18 <DIR> MSBuild 19.04.2012 08:08 141.590.843 openofficeorg1.cab 19.04.2012 07:59 3.125.248 openofficeorg34.msi 19.08.2012 12:08 <DIR> readmes 14.10.2016 23:47 <DIR> Realtek 19.08.2012 12:08 <DIR> redist 15.10.2016 00:18 <DIR> Reference Assemblies 03.11.2011 18:33 <DIR> Samsung 02.03.2014 18:17 <DIR> Sweet Home 3D 15.10.2016 00:36 <DIR> Windows Defender 03.11.2011 19:15 <DIR> Windows Live 14.10.2016 23:56 <DIR> Windows Mail 02.11.2016 23:28 <DIR> Windows Media Player 16.07.2016 12:47 <DIR> Windows Multimedia Platform 15.10.2016 00:30 <DIR> Windows NT 15.10.2016 00:36 <DIR> Windows Photo Viewer 16.07.2016 12:47 <DIR> Windows Portable Devices 16.07.2016 12:47 <DIR> WindowsPowerShell 2 Datei(en), 144.716.091 Bytes 35 Verzeichnis(se), 99.554.213.888 Bytes frei ========= Ende von CMD: ========= ========= dir "%ProgramFiles(x86)%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\Program Files (x86) 12.03.2017 14:15 <DIR> . 12.03.2017 14:15 <DIR> .. 04.02.2016 20:28 <DIR> Adobe 05.03.2016 18:57 <DIR> Ahead 02.09.2013 07:21 <DIR> ALDI Bestellsoftware 03.11.2011 18:01 <DIR> AMD 03.11.2011 18:01 <DIR> AMD APP 03.11.2011 18:04 <DIR> Atheros 14.10.2016 23:48 <DIR> ATI Technologies 03.12.2015 20:04 <DIR> CDBurnerXP 14.01.2017 21:28 <DIR> Common Files 03.11.2011 19:46 <DIR> CyberLink 14.01.2017 13:00 <DIR> devolo 14.10.2012 19:58 <DIR> dm 10.04.2016 19:43 <DIR> ElsterFormular 24.11.2012 14:46 <DIR> Finanzportal24 04.12.2015 17:07 <DIR> fotokasten comfort 15.02.2017 10:14 <DIR> Google 02.06.2015 19:58 <DIR> HP 16.01.2017 13:18 <DIR> Internet Explorer 25.03.2016 18:11 <DIR> Java 17.03.2013 21:23 <DIR> Microsoft 13.05.2015 22:04 <DIR> Microsoft Application Virtualization Client 01.01.2013 09:07 <DIR> Microsoft Office 13.10.2016 06:25 <DIR> Microsoft Silverlight 03.11.2011 19:21 <DIR> Microsoft SQL Server Compact Edition 16.07.2016 12:47 <DIR> Microsoft.NET 03.06.2015 15:07 <DIR> Mozilla Firefox 12.03.2017 13:55 <DIR> Mozilla Maintenance Service 12.03.2017 13:55 <DIR> Mozilla Thunderbird 15.10.2016 00:18 <DIR> MSBuild 17.03.2013 18:56 <DIR> MSXML 4.0 06.03.2016 10:29 <DIR> Nero 07.06.2013 12:30 <DIR> Nokia 19.08.2012 12:11 <DIR> OpenOffice.org 3 03.11.2011 18:03 <DIR> Realtek 15.10.2016 00:18 <DIR> Reference Assemblies 06.03.2016 12:09 <DIR> Samsung 14.01.2017 21:28 <DIR> Skype 01.03.2015 13:23 <DIR> SuperTuxKart 03.11.2011 18:40 <DIR> Symantec 01.03.2015 12:27 <DIR> WEB.DE MailCheck 03.11.2011 18:40 <DIR> WildGames 15.10.2016 00:36 <DIR> Windows Defender 03.11.2011 19:36 <DIR> Windows Live 14.10.2016 23:56 <DIR> Windows Mail 02.11.2016 23:28 <DIR> Windows Media Player 16.07.2016 12:47 <DIR> Windows Multimedia Platform 16.07.2016 12:47 <DIR> Windows NT 15.10.2016 00:36 <DIR> Windows Photo Viewer 16.07.2016 12:47 <DIR> Windows Portable Devices 16.07.2016 12:47 <DIR> WindowsPowerShell 06.09.2015 08:54 <DIR> WISO 0 Datei(en), 0 Bytes 53 Verzeichnis(se), 99.554.152.448 Bytes frei ========= Ende von CMD: ========= ========= dir "%ProgramData%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\ProgramData 14.04.2016 18:41 627.349 1460653227.bdinstall.bin 15.06.2016 06:33 26.781 1465968770.bdinstall.bin 09.03.2017 21:33 97.882 1489091590.bdinstall.bin 04.02.2016 20:28 <DIR> Adobe 20.09.2016 11:32 26.838 agent.1474367523.bdinstall.bin 02.11.2016 14:41 28.759 agent.1478094058.bdinstall.bin 12.03.2017 13:45 28.190 agent.1489322704.bdinstall.bin 14.10.2016 23:48 <DIR> AMD 03.11.2011 18:04 <DIR> Atheros 06.03.2016 13:19 <DIR> ATI 20.05.2013 16:31 <DIR> Avira 11.05.2014 17:56 <DIR> bdch 12.03.2017 13:44 <DIR> BDLogging 14.04.2016 18:28 <DIR> Bitdefender 25.03.2016 17:33 <DIR> Bitdefender Agent 09.05.2013 18:45 <DIR> Buhl Data Service GmbH 03.12.2015 20:05 <DIR> Canneverbe Limited 16.07.2016 12:47 <DIR> Comms 28.12.2012 22:17 <DIR> CyberLink 12.06.2015 22:02 <DIR> Dropbox 10.04.2016 20:08 <DIR> elsterformular 24.11.2012 14:50 <DIR> Finanzportal24 12.07.2013 07:42 <DIR> fotokasten comfort 26.12.2014 21:42 <DIR> HP 26.12.2014 18:53 <DIR> HP Product Assistant 26.08.2013 18:25 <DIR> hps 26.12.2014 21:42 836 hpzinstall.log 12.03.2017 14:26 <DIR> Malwarebytes 15.10.2016 06:40 <DIR> Microsoft OneDrive 19.08.2012 15:02 <DIR> Mozilla 06.03.2016 10:29 <DIR> Nero 07.06.2013 12:30 <DIR> Nokia 15.03.2013 10:19 <DIR> NokiaInstallerCache 20.05.2013 16:50 <DIR> Norton 03.11.2011 18:40 <DIR> NortonInstaller 25.03.2016 18:18 <DIR> Oracle 14.10.2016 23:56 <DIR> Package Cache 15.03.2013 10:24 <DIR> PC Suite 15.10.2016 00:05 <DIR> regid.1991-06.com.microsoft 14.08.2012 19:20 <DIR> SAMSUNG 14.01.2017 21:28 <DIR> Skype 16.07.2016 12:47 <DIR> SoftwareDistribution 09.03.2013 09:02 <DIR> Sun 03.11.2011 18:40 <DIR> Symantec 03.11.2011 19:45 <DIR> Temp 25.12.2013 09:37 <DIR> tmp 15.10.2016 00:12 <DIR> USOPrivate 15.10.2016 00:12 <DIR> USOShared 01.01.2013 18:14 <DIR> VirtualizedApplications 26.12.2014 21:43 <DIR> WEBREG 03.11.2011 18:40 <DIR> WildTangent 05.03.2016 18:29 <DIR> WinClon 03.11.2011 19:45 109 {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 03.11.2011 19:37 113 {34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 03.11.2011 19:42 105 {40BF1E83-20EB-11D8-97C5-0009C5020658}.log 03.11.2011 19:41 106 {80E158EA-7181-40FE-A701-301CE6BE64AB}.log 03.11.2011 19:44 110 {CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 12 Datei(en), 837.178 Bytes 45 Verzeichnis(se), 99.553.533.952 Bytes frei ========= Ende von CMD: ========= ========= dir "%Appdata%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\Users\Silvia\AppData\Roaming 12.03.2017 14:15 <DIR> . 12.03.2017 14:15 <DIR> .. 19.08.2012 07:39 <DIR> Adobe 29.05.2014 19:36 <DIR> Ahead 07.10.2012 17:33 <DIR> AnvSoft 14.08.2012 19:27 <DIR> ATI 14.04.2016 18:25 <DIR> Bitdefender 09.05.2013 18:45 <DIR> Buhl Data Service 03.12.2015 20:04 <DIR> Canneverbe Limited 28.11.2013 21:24 <DIR> com.barchart.platform.release 29.05.2014 19:57 <DIR> CyberLink 14.01.2017 13:01 <DIR> de.devolo.dLAN.Cockpit 01.03.2015 12:31 <DIR> dlg 11.03.2017 19:46 <DIR> Dropbox 28.01.2015 04:55 <DIR> elsterformular 24.11.2012 14:50 <DIR> Finanzportal24 25.01.2015 14:36 <DIR> HP 16.06.2015 21:59 <DIR> HpUpdate 14.08.2012 19:25 <DIR> Identities 10.03.2014 20:26 <DIR> JWrapper-Barchart 14.08.2012 19:57 <DIR> Macromedia 04.11.2011 08:52 <DIR> Media Center Programs 19.08.2012 15:02 <DIR> Mozilla 22.10.2015 21:42 <DIR> Nero 19.08.2012 12:16 <DIR> OpenOffice.org 07.11.2014 10:04 <DIR> Oracle 15.03.2013 10:24 <DIR> PC Suite 20.05.2013 16:53 <DIR> QuickScan 02.02.2017 20:51 <DIR> Skype 17.01.2017 21:53 <DIR> SoftGrid Client 27.09.2015 12:12 <DIR> Sun 19.08.2012 15:08 <DIR> Thunderbird 01.01.2013 09:10 <DIR> TP 23.05.2016 20:52 385 user_gensett.xml 1 Datei(en), 385 Bytes 33 Verzeichnis(se), 99.553.464.320 Bytes frei ========= Ende von CMD: ========= ========= dir "%LocalAppdata%" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3000-7D82 Verzeichnis von C:\Users\Silvia\AppData\Local 12.03.2017 22:04 <DIR> . 12.03.2017 22:04 <DIR> .. 06.03.:glaskugel2:2016 13:18 <DIR> ActiveSync 23.02.2017 20:49 <DIR> Adobe 26.09.2012 09:05 <DIR> Albelli Fotobcher 03.01.2017 16:46 <DIR> AMD 14.08.2012 19:27 <DIR> ATI 08.10.2015 21:54 <DIR> bdch 06.09.2015 09:17 <DIR> Buhl 09.05.2013 18:45 <DIR> Buhl Data Service 18.02.2016 22:00 <DIR> CEF 06.03.2016 13:36 <DIR> Comms 15.10.2016 16:32 <DIR> ConnectedDevicesPlatform 05.03.2016 11:55 <DIR> CrashDumps 20.09.2015 09:08 <DIR> Diagnostics 09.03.2017 10:17 <DIR> Dropbox 11.11.2014 21:39 <DIR> fotokasten comfort 26.12.2014 21:47 69.496 GDIPFONTCACHEV1.DAT 15.11.2012 18:31 <DIR> Google 02.06.2015 05:47 <DIR> GWX 07.10.2012 17:24 393 HamsterVideoConverterSettings.cfg 26.12.2014 21:42 <DIR> HP 19.08.2012 15:29 <DIR> Macromedia 09.12.2016 22:26 <DIR> Microsoft 18.07.2015 21:21 <DIR> Microsoft Games 12.03.2016 17:09 <DIR> MicrosoftEdge 19.09.2013 09:13 <DIR> Mozilla 08.02.2017 11:13 <DIR> Nero 19.03.2016 08:56 <DIR> Nero_AG 06.03.2016 13:19 <DIR> NetworkTiles 15.03.2013 10:27 <DIR> Nokia 07.06.2013 12:30 <DIR> NokiaAccount 02.12.2016 14:59 <DIR> Packages 14.08.2012 19:26 <DIR> Power2Go 02.03.2014 18:17 <DIR> Programs 06.03.2016 13:15 <DIR> Publishers 15.08.2012 17:48 <DIR> Samsung 01.01.2013 09:09 <DIR> SoftGrid Client 12.03.2017 22:08 <DIR> Temp 12.03.2015 08:13 <DIR> Thunderbird 06.03.2016 13:14 <DIR> TileDataLayer 12.07.2013 09:27 <DIR> VirtualStore 19.10.2013 20:41 <DIR> {06B238D4-4EE0-4870-8FE9-DF6E7ADED892} 24.03.2013 17:18 <DIR> {10A67E1E-1067-4C0B-86EC-3AD94A063770} 29.07.2013 20:19 <DIR> {2B6AE229-DD74-4963-B3F9-0163DABFF600} 28.05.2013 09:01 <DIR> {3D538D20-E113-4B9C-9852-9EE55E1DAFCE} 28.05.2013 09:02 <DIR> {3F1EDAC8-4C24-4F4D-8261-1C7E5654C112} 28.05.2013 14:25 <DIR> {500ED4B8-871E-4E51-BBF6-ACEB4167364A} 30.05.2013 10:03 <DIR> {59567DE0-8960-4C9F-BEAC-48317E50D433} 05.12.2013 20:23 <DIR> {74057EDE-5D6F-4FB1-876A-A456095630FD} 18.11.2012 17:26 <DIR> {844EBDEB-82C0-417C-A24C-48EA48460FBF} 04.12.2012 09:43 <DIR> {99D6D419-0BD4-4451-B333-9628E6093727} 28.05.2013 09:01 <DIR> {A003241E-01BE-4B32-ADB5-00718A4AB763} 18.11.2012 17:25 <DIR> {AE1CBCDB-297C-4CB4-8CC1-3883151C785B} 07.10.2012 19:12 <DIR> {B007F200-E151-459E-A423-C801CB211093} 28.05.2013 14:27 <DIR> {B9A9FBA9-F8B0-4C13-A95E-D0967006F6FF} 28.05.2013 15:59 <DIR> {D21924E4-F3C7-407E-9A3C-45EF6921FA34} 30.12.2012 22:18 <DIR> {D44FA661-1BA3-4B3F-B454-FCE5B1A2DA55} 14.11.2013 17:27 <DIR> {DD02E62F-6684-4844-A89F-FAC5493B18AF} 31.05.2013 15:36 <DIR> {E1CA6399-2910-4350-8530-89FFA84F4716} 01.06.2014 19:33 <DIR> {E9D6F425-8B85-4338-96D5-759940DCCA8B} 07.10.2012 19:12 <DIR> {EB599082-6E9E-4D4F-A497-418735CB518F} 15.12.2012 19:45 <DIR> {EB8B6AF0-57C1-46AA-A5A5-63A27E74856D} 17.12.2013 21:47 <DIR> {FA51B2DF-944E-42AC-AE14-A38BF13ABFF2} 2 Datei(en), 69.889 Bytes 62 Verzeichnis(se), 99.554.021.376 Bytes frei ========= Ende von CMD: ========= Das System musste neu gestartet werden. ==== Ende von Fixlog 22:08:57 ==== SystemLook: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 22:17 on 12/03/2017 by Silvia Administrator - Elevation successful ========== filefind ========== Searching for "*Wajam*" C:\AdwCleaner\quarantine\files\kcembrbjwfhdttqbsbzhyxotcphxvoci\wajam.ico --a---- 4286 bytes [13:15 12/03/2017] [15:03 25/02/2015] 21CD11B8FF9612BDBB451CAEE61CA98C C:\AdwCleaner\quarantine\files\kcembrbjwfhdttqbsbzhyxotcphxvoci\wajam_goblin_64.dll --a---- 1422848 bytes [13:15 12/03/2017] [19:33 23/07/2015] 6FC37DD9912DF65AE825E70F2414F374 C:\AdwCleaner\quarantine\files\kcembrbjwfhdttqbsbzhyxotcphxvoci\logos\wajam.ico --a---- 4286 bytes [13:15 12/03/2017] [15:03 25/02/2015] 21CD11B8FF9612BDBB451CAEE61CA98C C:\AdwCleaner\quarantine\files\qxcakhvyxyjnzcxauwkuxopurbwjrcig\Wajam Website.lnk --a---- 1214 bytes [13:15 12/03/2017] [11:28 01/03/2015] 985AD6AEECB397F9FF776017818EDAE4 C:\AdwCleaner\quarantine\files\znaxkihlysvnpwugnthnpoitxgpllogh\wajam.ico --a---- 4286 bytes [13:15 12/03/2017] [17:35 27/10/2015] 1EC3DFF86801E09498E525A227212B14 C:\AdwCleaner\quarantine\files\znaxkihlysvnpwugnthnpoitxgpllogh\logos\wajam.ico --a---- 4286 bytes [13:15 12/03/2017] [17:35 27/10/2015] 1EC3DFF86801E09498E525A227212B14 Searching for "*WajaWebEnhancer*" No files found. Searching for "*WInterEn*" No files found. Searching for "*FLV Player*" C:\AdwCleaner\quarantine\files\quppdyvofbeukkfqeoqlqiltkhincobz\FLV Player.url --a---- 73 bytes [13:15 12/03/2017] [19:09 01/06/2014] 4FE86B28E689A962CDEEAFB8BB7216C5 C:\AdwCleaner\quarantine\files\yherzlkfspybaxedoqpxjskxjprvgygi\FLV Player website.lnk --a---- 1045 bytes [13:15 12/03/2017] [19:09 01/06/2014] EBB81248B88936107D23C72AC2CC64A8 C:\AdwCleaner\quarantine\files\yherzlkfspybaxedoqpxjskxjprvgygi\FLV Player.lnk --a---- 1040 bytes [13:15 12/03/2017] [19:09 01/06/2014] D6B1944F1E9940BD8B0AF07E999E6F32 C:\Users\Public\Desktop\FLV Player.lnk --a---- 1022 bytes [19:09 01/06/2014] [19:09 01/06/2014] 7BFEA1102B06D5D17CBCACE0F94F2524 Searching for "*FLVPlayer*" C:\AdwCleaner\quarantine\files\quppdyvofbeukkfqeoqlqiltkhincobz\FLVPlayer.exe --a---- 1909940 bytes [13:15 12/03/2017] [13:50 16/10/2008] 31F6A135DA6FBF556AECB2F27B45D1B2 C:\Users\Silvia\Downloads\flvplayer_setup20_25.exe --a---- 4998707 bytes [19:08 01/06/2014] [19:08 01/06/2014] 014C88A3AFB657EEBEE8D0C3851936C5 Searching for "*WajIEnhance*" No files found. Searching for "*AskPartner*" No files found. Searching for "*ApnTB*" No files found. ========== folderfind ========== Searching for "*Wajam*" C:\AdwCleaner\quarantine\files\qxcakhvyxyjnzcxauwkuxopurbwjrcig\Uninstall Wajam d------ [13:15 12/03/2017] Searching for "*WajaWebEnhancer*" No folders found. Searching for "*WInterEn*" No folders found. Searching for "*FLV Player*" No folders found. Searching for "*FLVPlayer*" No folders found. Searching for "*WajIEnhance*" No folders found. Searching for "*AskPartner*" No folders found. Searching for "*ApnTB*" No folders found. ========== regfind ========== Searching for "Wajam" No data found. Searching for "WajaWebEnhancer" No data found. Searching for "WInterEn" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WInterEn] Searching for "FLV Player" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e0e72f86_0] @="{0.0.0.00000000}.{f4c321e4-e9f1-46bd-9965-67e77e03794e}|\Device\HarddiskVolume2\Program Files (x86)\FLV Player\FLVPlayer.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e0e72f86_0] @="{0.0.0.00000000}.{f4c321e4-e9f1-46bd-9965-67e77e03794e}|\Device\HarddiskVolume2\Program Files (x86)\FLV Player\FLVPlayer.exe%b{00000000-0000-0000-0000-000000000000}" Searching for "FLVPlayer" [HKEY_CURRENT_USER\SOFTWARE\Binary Noise\mPlayer\FLVPlayer.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e0e72f86_0] @="{0.0.0.00000000}.{f4c321e4-e9f1-46bd-9965-67e77e03794e}|\Device\HarddiskVolume2\Program Files (x86)\FLV Player\FLVPlayer.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\OpenWithList] "f"="FLVPlayer.exe" [HKEY_USERS\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Binary Noise\mPlayer\FLVPlayer.exe] [HKEY_USERS\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e0e72f86_0] @="{0.0.0.00000000}.{f4c321e4-e9f1-46bd-9965-67e77e03794e}|\Device\HarddiskVolume2\Program Files (x86)\FLV Player\FLVPlayer.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\OpenWithList] "f"="FLVPlayer.exe" Searching for "WajIEnhance" No data found. Searching for "AskPartner" No data found. Searching for "ApnTB" No data found. -= EOF =- FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017 durchgeführt von Silvia (Administrator) auf SILVIA-PC (13-03-2017 05:42:37) Gestartet von C:\Users\Silvia\Desktop Geladene Profile: Silvia (Verfügbare Profile: Silvia & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-20] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Run: [Dropbox Update] => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) HKU\S-1-5-21-983883370-204824152-491102941-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-12-26] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-04-13] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-11] ShortcutTarget: Dropbox.lnk -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{d96e33c9-9c49-41b5-9ccb-f54ed90cc9d8}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-983883370-204824152-491102941-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-25] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-25] (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\270o59bb.default-1489091303183 [2017-03-12] FF Extension: (WEB.DE MailCheck) - C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\270o59bb.default-1489091303183\Extensions\mailcheck@web.de [2017-03-12] FF Extension: (UITBAutoInstaller) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-02] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-26] [ist nicht signiert] FF HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-23] () FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll [2013-07-28] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-23] () FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-25] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-09-09] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3883544 2016-12-22] (devolo AG) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [Datei ist nicht signiert] R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [111320 2016-01-22] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1574744 2016-01-29] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1622512 2016-01-22] (BitDefender) R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [806344 2016-01-22] (BitDefender) S3 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-12-03] (BitDefender LLC) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] () R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-12] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-12] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-12] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-12] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2015-09-28] (Riverbed Technology, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-02-09] (Windows (R) 2003 DDK 3790 provider) R2 SGDrv; C:\WINDOWS\System32\drivers\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-03-13 05:42 - 2017-03-13 05:43 - 00018086 _____ C:\Users\Silvia\Desktop\FRST.txt 2017-03-12 22:17 - 2017-03-13 05:41 - 00010130 _____ C:\Users\Silvia\Desktop\SystemLook.txt 2017-03-12 22:16 - 2017-03-12 22:17 - 00165376 _____ C:\Users\Silvia\Desktop\SystemLook_x64.exe 2017-03-12 22:08 - 2017-03-12 22:08 - 00015081 _____ C:\Users\Silvia\Desktop\Fixlog.txt 2017-03-12 22:08 - 2017-03-12 22:08 - 00000000 ____D C:\Users\Silvia\Desktop\FRST-OlderVersion 2017-03-12 14:28 - 2017-03-12 22:16 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-03-12 14:28 - 2017-03-12 22:12 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-03-12 14:27 - 2017-03-12 22:12 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-03-12 14:27 - 2017-03-12 22:12 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-03-12 14:27 - 2017-03-12 14:27 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-03-12 14:27 - 2017-03-12 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-12 14:27 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-03-12 14:26 - 2017-03-12 14:26 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-12 14:26 - 2017-03-12 14:26 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-12 14:23 - 2017-03-12 14:26 - 57131432 _____ (Malwarebytes ) C:\Users\Silvia\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-12 14:01 - 2017-03-12 14:15 - 00000000 ____D C:\AdwCleaner 2017-03-12 14:00 - 2017-03-12 14:01 - 04031440 _____ C:\Users\Silvia\Desktop\AdwCleaner_6.044.exe 2017-03-12 13:45 - 2017-03-12 13:45 - 00028190 _____ C:\ProgramData\agent.1489322704.bdinstall.bin 2017-03-12 13:37 - 2017-03-12 22:05 - 00000000 ____D C:\Users\Silvia\Desktop\Virus 2017-03-11 20:19 - 2017-03-11 20:52 - 00523380 _____ C:\TDSSKiller.3.1.0.12_11.03.2017_20.19.08_log.txt 2017-03-11 20:18 - 2017-03-11 20:18 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Silvia\Desktop\tdsskiller.exe 2017-03-11 20:03 - 2017-03-12 22:08 - 02424832 _____ (Farbar) C:\Users\Silvia\Desktop\FRST64.exe 2017-03-11 19:45 - 2017-03-11 19:45 - 00000000 ____D C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-03-09 22:40 - 2017-03-09 22:42 - 00066908 _____ C:\Users\Silvia\Downloads\Addition.txt 2017-03-09 22:38 - 2017-03-13 05:42 - 00000000 ____D C:\FRST 2017-03-09 22:38 - 2017-03-09 22:42 - 00025098 _____ C:\Users\Silvia\Downloads\FRST.txt 2017-03-09 22:37 - 2017-03-09 22:37 - 02423808 _____ (Farbar) C:\Users\Silvia\Downloads\FRST64.exe 2017-03-09 21:33 - 2017-03-09 21:33 - 00097882 _____ C:\ProgramData\1489091590.bdinstall.bin 2017-03-09 21:28 - 2017-03-09 21:28 - 00000000 ____D C:\Users\Silvia\Desktop\Alte Firefox-Daten 2017-03-03 11:11 - 2017-03-03 11:11 - 00032740 _____ C:\Users\Silvia\Downloads\Dinkel Pizzateig - 2016-09-10.pdf 2017-02-23 20:17 - 2017-02-23 20:48 - 00000000 ____D C:\Users\Silvia\Desktop\Igel Fotostick 2017-02-15 10:14 - 2017-02-15 10:14 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-15 10:14 - 2017-02-15 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-03-13 05:40 - 2016-03-25 17:32 - 00000000 ____D C:\Program Files\Bitdefender Agent 2017-03-13 05:39 - 2016-10-14 23:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-12 22:18 - 2013-09-18 18:17 - 00000000 ___RD C:\Users\Silvia\Dropbox 2017-03-12 22:10 - 2016-10-15 00:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-12 22:10 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-03-12 22:09 - 2013-05-20 18:36 - 00150137 _____ C:\bdlog.txt 2017-03-12 22:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-12 15:04 - 2016-10-14 23:51 - 01951094 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-03-12 15:04 - 2016-07-16 23:51 - 00715542 _____ C:\WINDOWS\system32\perfh007.dat 2017-03-12 15:04 - 2016-07-16 23:51 - 00160732 _____ C:\WINDOWS\system32\perfc007.dat 2017-03-12 13:56 - 2016-07-16 07:04 - 00131072 _____ C:\WINDOWS\system32\config\ELAM 2017-03-12 13:55 - 2016-11-24 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-03-12 13:55 - 2012-08-19 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-12 13:44 - 2013-05-20 17:06 - 00000000 ____D C:\ProgramData\BDLogging 2017-03-11 19:58 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-11 19:46 - 2013-09-18 18:15 - 00000000 ____D C:\Users\Silvia\AppData\Roaming\Dropbox 2017-03-09 22:42 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-03-09 15:05 - 2013-05-20 16:16 - 02426440 _____ C:\Users\Silvia\Desktop\bitdefender_antivirus2013.exe 2017-03-09 10:17 - 2015-06-12 22:02 - 00000000 ____D C:\Users\Silvia\AppData\Local\Dropbox 2017-03-01 12:03 - 2016-10-14 23:52 - 00000000 ____D C:\Users\Silvia 2017-03-01 11:20 - 2012-08-19 11:26 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-24 09:05 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-24 09:01 - 2013-07-28 21:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-23 22:07 - 2012-08-22 20:49 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-23 20:49 - 2014-08-18 15:46 - 00000000 ____D C:\Users\Silvia\AppData\Local\Adobe 2017-02-23 20:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-23 20:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-18 11:09 - 2016-12-07 07:42 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-18 11:08 - 2016-03-06 13:22 - 00002421 _____ C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-02-18 11:08 - 2016-03-06 13:22 - 00000000 ___RD C:\Users\Silvia\OneDrive 2017-02-15 10:14 - 2012-08-19 07:37 - 00000000 ____D C:\Program Files (x86)\Google ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-04-19 08:08 - 2012-04-19 08:08 - 141590843 _____ () C:\Program Files\openofficeorg1.cab 2012-04-19 07:59 - 2012-04-19 07:59 - 3125248 _____ () C:\Program Files\openofficeorg34.msi 2016-05-23 20:52 - 2016-05-23 20:52 - 0000385 _____ () C:\Users\Silvia\AppData\Roaming\user_gensett.xml 2012-10-07 17:24 - 2012-10-07 17:24 - 0000393 _____ () C:\Users\Silvia\AppData\Local\HamsterVideoConverterSettings.cfg 2016-04-14 18:41 - 2016-04-14 18:41 - 0627349 _____ () C:\ProgramData\1460653227.bdinstall.bin 2016-06-15 06:33 - 2016-06-15 06:33 - 0026781 _____ () C:\ProgramData\1465968770.bdinstall.bin 2017-03-09 21:33 - 2017-03-09 21:33 - 0097882 _____ () C:\ProgramData\1489091590.bdinstall.bin 2016-09-20 11:32 - 2016-09-20 11:32 - 0026838 _____ () C:\ProgramData\agent.1474367523.bdinstall.bin 2016-11-02 14:41 - 2016-11-02 14:41 - 0028759 _____ () C:\ProgramData\agent.1478094058.bdinstall.bin 2017-03-12 13:45 - 2017-03-12 13:45 - 0028190 _____ () C:\ProgramData\agent.1489322704.bdinstall.bin 2016-10-14 23:48 - 2016-10-14 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-12-26 18:49 - 2014-12-26 21:42 - 0000836 _____ () C:\ProgramData\hpzinstall.log 2011-11-03 19:44 - 2011-11-03 19:45 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-11-03 19:37 - 2011-11-03 19:37 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2011-11-03 19:41 - 2011-11-03 19:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-11-03 19:38 - 2011-11-03 19:41 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-11-03 19:42 - 2011-11-03 19:44 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-03-09 10:39 ==================== Ende von FRST.txt ============================ Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-03-2017 durchgeführt von Silvia (13-03-2017 05:45:03) Gestartet von C:\Users\Silvia\Desktop Windows 10 Home Version 1607 (X64) (2016-10-14 23:30:32) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-983883370-204824152-491102941-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-983883370-204824152-491102941-503 - Limited - Disabled) Gast (S-1-5-21-983883370-204824152-491102941-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-983883370-204824152-491102941-1002 - Limited - Enabled) Silvia (S-1-5-21-983883370-204824152-491102941-1000 - Administrator - Enabled) => C:\Users\Silvia ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Bitdefender-Virenschutz (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} AS: Bitdefender-Spyware-Schutz (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden 4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Albelli Fotobücher (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli) ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1423 - Bitdefender) Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 19.6.0.326 - Bitdefender) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.2.0 - devolo AG) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG) DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.44 - Samsung) ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.2.19144 - Landesfinanzdirektion Thüringen) Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Finanzplaner PRO (HKLM-x32\...\Finanzplaner PRO) (Version: - FinanzPortal24 GmbH) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden fotokasten comfort 5.0 (HKLM-x32\...\fotokasten comfort_is1) (Version: - ) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.8.0.6273 - Mozilla) Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 2016 (HKLM-x32\...\{049045D5-0C46-4E78-A83F-83E993D91A7F}) (Version: 17.0.02300 - Nero AG) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org) Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung) SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent) WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{E47A3570-59A0-4948-A678-A930FEE8AAC7}) (Version: 21.00.8480 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{B999EF65-7140-47E1-BED0-6A32E64A0D7D}) (Version: 22.00.8811 - Buhl Data Service GmbH) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1399D005-9179-4EB0-B62B-C71085F1CB81} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000Core1d238be2862dc7c => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {1B0CAC01-78B1-46EA-AAD0-A5C0C9A9EEBD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {1BBE6E19-EAC8-48F9-A650-29AC264EC91B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {27018021-93D3-4181-A414-70E233096DA8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {2E4CFDEB-63DC-4061-BBED-999970D6C986} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2013\bdproductdata.exe Task: {2F0D4068-C9FA-4B45-A7FC-625D0F57B02A} - System32\Tasks\{EE305C4B-2645-4AD4-AB31-8774E0D9EF4D} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Ahead\Nero StartSmart\NeroStartSmart.exe" Task: {34185101-2D74-4011-908B-B1FC4B4C4BE7} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Easy Support Center\SSCKbdHk.exe Task: {40CA2C1C-8985-452E-B5F1-23E374E19F48} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {4A1A75AC-E505-48A8-ACAD-2FB594C0BB58} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {4BD94884-E059-4F7C-8455-62E2AA5A3DBE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23] (Adobe Systems Incorporated) Task: {5996EC8B-1C65-4C80-84F9-96E88B7A1A86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {6300AB21-F4AE-4D28-97B2-6921A3833149} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {73CC6AD6-7914-402D-B519-52F325732A2B} - System32\Tasks\{C7DA0173-A309-4F90-B5F2-89918793E3A1} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.0.105.411/de/abandoninstall?page=tsProgressBar Task: {7556EB99-AC76-4EE7-9CB3-0B4CCE2DCDB0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {75B74FA7-121A-45AF-A58F-CE8474E83919} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {850E9F07-2096-4FE9-A733-FE077D4AABE5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {8B334E28-4173-4E7B-B70D-2239A7897ADC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {8C128A29-BC22-409A-B3B4-B6A225FC4454} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink) Task: {9A651807-3F5E-4BD4-AAAF-938487ACD279} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {9C7B57B7-F799-4A6C-929D-59D86F528183} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {9D3B18C5-480C-4532-A960-D319D34E5EE7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {9FED81DA-52A7-4C9D-8AB0-16EFCF8E0626} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {A2A0F0F1-0AD4-4693-9963-A68C0DEBC0CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {AB30CF4B-78EE-43C6-84AF-18B9600D7A09} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {AF8E0C35-0478-480E-AB08-8B82E504A785} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {B24C4704-4B41-438C-A0D8-EB1B1B19B584} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {BCF1F663-95A5-46DA-A8D2-EEE34805A0B3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {C491C115-391E-4D12-8322-67457D3CA592} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000UA1d238be289e236d => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {CB902C20-D63C-4BA9-ABDC-BF90E0F37791} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D1A7B405-6102-4350-8033-19B49D45750C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D64C454A-E02D-4972-99F7-BF6AEF595F22} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {D89CE4B1-DC7B-42F9-98E6-F9C8DE7003A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {DC02FBDE-D986-497A-9492-9186C3C240E6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {DEF7D778-88F3-48E0-8236-1247220EDAA7} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {F1B6F95C-CAB2-4BFF-AA66-C6BB1E217B19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {F31AABE0-BE26-427E-8159-BF36BA8A0C32} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Silvia\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {F645E1B5-0C8C-49DE-8DF7-045D7C9C022E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender) Task: {FB5C8F08-3D93-43D7-9E1F-FB95C61673F9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {FC32A813-B554-47A0-B581-AD88FB648F7B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000Core1d238be2862dc7c.job => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000UA1d238be289e236d.job => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-14 18:19 - 2015-11-04 13:06 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll 2016-04-14 18:18 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll 2016-04-14 18:19 - 2016-03-02 15:08 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui 2017-02-07 16:40 - 2017-02-07 16:40 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpbr.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpdsp.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpph.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttprbl.mdl 2015-08-21 21:09 - 2015-08-21 21:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2015-08-21 21:09 - 2015-08-21 21:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2017-03-12 14:26 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-03-12 14:27 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2011-11-03 19:41 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2016-10-15 00:32 - 2016-10-15 00:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-16 11:07 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-16 11:05 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-16 11:05 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-04-13 08:41 - 2015-04-14 10:05 - 01428760 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe 2017-02-28 11:15 - 2017-03-01 10:04 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-02-28 11:15 - 2017-03-01 10:04 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2016-06-03 15:18 - 2016-06-03 19:59 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-03-09 23:19 - 2016-03-09 23:21 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 09741592 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll 2014-04-13 08:35 - 2015-04-14 10:06 - 03929880 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02872600 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02136856 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01960728 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 04463896 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01593624 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 05308184 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02392344 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01171224 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01633560 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01341720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 07374616 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01296664 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll 2017-03-11 19:44 - 2017-03-06 21:59 - 00807232 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll 2017-03-11 19:45 - 2017-02-09 03:19 - 00035792 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00100296 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00018888 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\select.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00019776 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00694224 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00020824 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2017-03-11 19:45 - 2017-02-09 03:20 - 00123856 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 01682768 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00020816 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00145864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2017-03-11 19:44 - 2017-02-09 03:20 - 00019408 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00116688 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2017-03-11 19:45 - 2017-02-09 03:22 - 00105928 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32api.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00038712 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\fastpath.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00060736 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024528 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32event.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00175560 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32gui.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00392144 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2017-03-11 19:44 - 2017-02-09 03:22 - 00020936 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00116176 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32security.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00381760 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00124880 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32file.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00026456 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024016 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00030160 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00043472 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32process.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00048592 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32service.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00057808 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024016 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32profile.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00246608 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00027488 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-03-11 19:45 - 2017-02-09 03:21 - 00241104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_jpegtran.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00022336 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00025432 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00028616 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32ts.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 01826104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2017-03-11 19:45 - 2017-02-09 03:20 - 00083912 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\sip.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 01972536 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 03928896 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00531264 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00053072 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00133432 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00224064 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00207680 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00069968 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022872 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00021848 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022872 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00350152 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00103232 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00023896 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00025936 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2017-03-11 19:44 - 2017-02-09 03:17 - 00036296 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\librsync.dll 2017-03-11 19:44 - 2017-03-06 22:01 - 00033112 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd 2017-03-11 19:44 - 2016-12-02 22:44 - 00293392 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll 2017-03-11 19:44 - 2017-03-06 22:01 - 00084288 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2017-03-11 19:44 - 2017-02-09 03:27 - 00017864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\libEGL.dll 2017-03-11 19:44 - 2017-02-09 03:27 - 01631184 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2017-03-11 19:45 - 2017-03-06 22:01 - 00042816 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00171336 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00357688 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00060880 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32print.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00026456 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00546104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\AdwCleaner_6.044.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\SystemLook_x64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\tdsskiller.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ALDI Bestellsoftware Setup.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Barchart-windows64-online.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ccsetup402_slim.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\devolo-cockpit-v4-3-2.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Dropbox 2.0.26.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-14.3.20130522u.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.0.20150113k.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.1.20150309u(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.1.20150309u.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\flvplayer_setup20_25.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-0-6(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-0-6.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-3-13(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-3-13.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-4-8(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-4-8.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer15x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer16x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer17x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jre-7u25-windows-x64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(2).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(3).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(4).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(5).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(6).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Nero Burning ROM Classic - CHIP-Installer.exe:BDU [1] AlternateDataStreams: C:\Users\Silvia\Downloads\Nero2016-17.09.2015_stub_trial.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\OJ4500vG510a-f_Full_13.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\SkypeSetup.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\SuperTuxKart - CHIP-Installer.exe:BDU [0] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-983883370-204824152-491102941-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Silvia\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{bbeb6448-8619-4f01-847d-26d45d85e6ac}.JPG DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe ==================== Wiederherstellungspunkte ========================= 13-02-2017 12:24:37 Geplanter Prüfpunkt 23-02-2017 22:00:27 Windows Update 01-03-2017 20:02:06 Windows-Sicherung ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (03/12/2017 01:59:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/12/2017 01:59:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/09/2017 10:53:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/02/2017 12:01:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/01/2017 08:04:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:17 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:16 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Error: (03/01/2017 11:23:16 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools. Details: (HRESULT : 0x80040210) (0x80040210) Systemfehler: ============= Error: (03/12/2017 10:12:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (03/12/2017 10:11:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. Error: (03/12/2017 10:10:01 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Benutzererfahrung und Telemetrie im verbundenen Modus konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (03/12/2017 10:08:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/12/2017 10:08:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/12/2017 10:08:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/12/2017 10:08:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Norton Online Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/12/2017 10:08:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Client Virtualization Handler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/12/2017 10:08:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Net.Pipe-Listeneradapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/12/2017 10:08:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Net.Msmq-Listeneradapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. ==================== Speicherinformationen =========================== Prozessor: AMD A4-3305M APU with Radeon(tm) HD Graphics Prozentuale Nutzung des RAM: 51% Installierter physikalischer RAM: 3563.87 MB Verfügbarer physikalischer RAM: 1724.91 MB Summe virtueller Speicher: 7147.87 MB Verfügbarer virtueller Speicher: 4365.27 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:178 GB) (Free:92.22 GB) NTFS Drive d: () (Fixed) (Total:266.26 GB) (Free:72.32 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 933609DD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=266.3 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=21.4 GB) - (Type=27) ==================== Ende von Addition.txt ============================ |
13.03.2017, 17:26 | #11 |
/// TB-Ausbilder | Myfilestore.com Virus eingefangen? Servus, Wir haben es bald geschafft. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: C:\Users\Public\Desktop\FLV Player.lnk C:\Users\Silvia\Downloads\flvplayer_setup20_25.exe DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WInterEn DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e0e72f86_0 Unlock: HKEY_CURRENT_USER\SOFTWARE\Binary Noise ExportKey: HKEY_CURRENT_USER\SOFTWARE\Binary Noise DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Binary Noise\mPlayer\FLVPlayer.exe EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4
Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche? Bitte poste mit deiner nächsten Antwort
|
15.03.2017, 06:19 | #12 |
| Myfilestore.com Virus eingefangen? Servus Matthias, Deine Unterstützung finde ich klasse und werde Euch auch unterstützen! Würde sagen es läuft alles unauffällig. Kannst Du schon erkennen, ob meine Frau sich einen Virus eingefangen hat? Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-03-2017 durchgeführt von Silvia (13-03-2017 20:10:22) Run:3 Gestartet von C:\Users\Silvia\Desktop Geladene Profile: Silvia & DefaultAppPool (Verfügbare Profile: Silvia & DefaultAppPool) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** start CloseProcesses: C:\Users\Public\Desktop\FLV Player.lnk C:\Users\Silvia\Downloads\flvplayer_setup20_25.exe DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WInterEn DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e0e72f86_0 Unlock: HKEY_CURRENT_USER\SOFTWARE\Binary Noise ExportKey: HKEY_CURRENT_USER\SOFTWARE\Binary Noise DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Binary Noise\mPlayer\FLVPlayer.exe EmptyTemp: end ***************** Prozesse erfolgreich geschlossen. C:\Users\Public\Desktop\FLV Player.lnk => erfolgreich verschoben C:\Users\Silvia\Downloads\flvplayer_setup20_25.exe => erfolgreich verschoben HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WInterEn => Schlüssel erfolgreich entfernt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e0e72f86_0 => Schlüssel erfolgreich entfernt "HKEY_CURRENT_USER\SOFTWARE\Binary Noise" => Schlüssel wurde entsperrt ================== ExportKey: =================== [HKUS-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Binary Noise] [HKU\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Binary Noise\mPlayer] [HKU\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Binary Noise\mPlayer\FLVPlayer.exe] "Left"="750" "Top"="400" === Ende von ExportKey === HKEY_CURRENT_USER\SOFTWARE\Binary Noise\mPlayer\FLVPlayer.exe => Schlüssel erfolgreich entfernt =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17974648 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 629929 B Edge => 0 B Chrome => 0 B Firefox => 13575134 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 9794 B NetworkService => 0 B Silvia => 3856397 B DefaultAppPool => 0 B RecycleBin => 0 B EmptyTemp: => 34.4 MB temporäre Dateien entfernt. ================================ Das System musste neu gestartet werden. ==== Ende von Fixlog 20:10:35 ==== HitmanPro: Code:
ATTFilter
ESET: Code:
ATTFilter
FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2017 durchgeführt von Silvia (Administrator) auf SILVIA-PC (15-03-2017 05:53:22) Gestartet von C:\Users\Silvia\Desktop Geladene Profile: Silvia & DefaultAppPool (Verfügbare Profile: Silvia & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Dropbox, Inc.) C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-20] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Run: [Dropbox Update] => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) HKU\S-1-5-21-983883370-204824152-491102941-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation) HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-12-26] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-04-13] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-11] ShortcutTarget: Dropbox.lnk -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{d96e33c9-9c49-41b5-9ccb-f54ed90cc9d8}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-983883370-204824152-491102941-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-25] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-25] (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\270o59bb.default-1489091303183 [2017-03-15] FF Extension: (WEB.DE MailCheck) - C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\270o59bb.default-1489091303183\Extensions\mailcheck@web.de [2017-03-12] FF Extension: (UITBAutoInstaller) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-02] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-26] [ist nicht signiert] FF HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-23] () FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll [2013-07-28] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-23] () FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-25] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-09-09] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3883544 2016-12-22] (devolo AG) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert] R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [Datei ist nicht signiert] R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [111320 2016-01-22] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1574744 2016-01-29] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1622512 2016-01-22] (BitDefender) R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [806344 2016-01-22] (BitDefender) S3 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-12-03] (BitDefender LLC) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] () R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-13] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-13] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-13] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-13] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2015-09-28] (Riverbed Technology, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-02-09] (Windows (R) 2003 DDK 3790 provider) R2 SGDrv; C:\WINDOWS\System32\drivers\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-03-15 05:53 - 2017-03-15 05:57 - 00018769 _____ C:\Users\Silvia\Desktop\FRST.txt 2017-03-15 05:48 - 2017-03-15 05:48 - 00003431 _____ C:\Users\Silvia\Desktop\ESET log.txt 2017-03-13 22:02 - 2017-03-13 22:03 - 02870984 _____ (ESET) C:\Users\Silvia\Desktop\esetsmartinstaller_deu.exe 2017-03-13 21:38 - 2017-03-13 22:01 - 00000000 ____D C:\ProgramData\HitmanPro 2017-03-13 20:23 - 2017-03-13 21:38 - 11581544 _____ (SurfRight B.V.) C:\Users\Silvia\Desktop\HitmanPro_x64.exe 2017-03-13 20:10 - 2017-03-13 20:10 - 00002552 _____ C:\Users\Silvia\Desktop\Fixlog.txt 2017-03-13 20:03 - 2017-03-13 20:03 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini 2017-03-12 22:16 - 2017-03-12 22:17 - 00165376 _____ C:\Users\Silvia\Desktop\SystemLook_x64.exe 2017-03-12 22:08 - 2017-03-15 05:53 - 00000000 ____D C:\Users\Silvia\Desktop\FRST-OlderVersion 2017-03-12 14:28 - 2017-03-15 05:57 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-03-12 14:28 - 2017-03-13 20:12 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-03-12 14:27 - 2017-03-13 20:12 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-03-12 14:27 - 2017-03-13 20:12 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-03-12 14:27 - 2017-03-12 14:27 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-03-12 14:27 - 2017-03-12 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-12 14:27 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-03-12 14:26 - 2017-03-12 14:26 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-12 14:26 - 2017-03-12 14:26 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-12 14:23 - 2017-03-12 14:26 - 57131432 _____ (Malwarebytes ) C:\Users\Silvia\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-12 14:01 - 2017-03-12 14:15 - 00000000 ____D C:\AdwCleaner 2017-03-12 14:00 - 2017-03-12 14:01 - 04031440 _____ C:\Users\Silvia\Desktop\AdwCleaner_6.044.exe 2017-03-12 13:45 - 2017-03-12 13:45 - 00028190 _____ C:\ProgramData\agent.1489322704.bdinstall.bin 2017-03-12 13:37 - 2017-03-13 20:06 - 00000000 ____D C:\Users\Silvia\Desktop\Virus 2017-03-11 20:19 - 2017-03-11 20:52 - 00523380 _____ C:\TDSSKiller.3.1.0.12_11.03.2017_20.19.08_log.txt 2017-03-11 20:18 - 2017-03-11 20:18 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Silvia\Desktop\tdsskiller.exe 2017-03-11 20:03 - 2017-03-15 05:53 - 02424832 _____ (Farbar) C:\Users\Silvia\Desktop\FRST64.exe 2017-03-11 19:45 - 2017-03-11 19:45 - 00000000 ____D C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-03-09 22:40 - 2017-03-09 22:42 - 00066908 _____ C:\Users\Silvia\Downloads\Addition.txt 2017-03-09 22:38 - 2017-03-15 05:53 - 00000000 ____D C:\FRST 2017-03-09 22:38 - 2017-03-09 22:42 - 00025098 _____ C:\Users\Silvia\Downloads\FRST.txt 2017-03-09 22:37 - 2017-03-09 22:37 - 02423808 _____ (Farbar) C:\Users\Silvia\Downloads\FRST64.exe 2017-03-09 21:33 - 2017-03-09 21:33 - 00097882 _____ C:\ProgramData\1489091590.bdinstall.bin 2017-03-09 21:28 - 2017-03-09 21:28 - 00000000 ____D C:\Users\Silvia\Desktop\Alte Firefox-Daten 2017-03-03 11:11 - 2017-03-03 11:11 - 00032740 _____ C:\Users\Silvia\Downloads\Dinkel Pizzateig - 2016-09-10.pdf 2017-02-23 20:17 - 2017-02-23 20:48 - 00000000 ____D C:\Users\Silvia\Desktop\Igel Fotostick 2017-02-15 10:14 - 2017-02-15 10:14 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-15 10:14 - 2017-02-15 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-03-15 05:44 - 2016-10-14 23:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-15 05:44 - 2016-03-25 17:32 - 00000000 ____D C:\Program Files\Bitdefender Agent 2017-03-13 20:16 - 2016-07-16 07:04 - 00131072 _____ C:\WINDOWS\system32\config\ELAM 2017-03-13 20:16 - 2013-09-18 18:17 - 00000000 ___RD C:\Users\Silvia\Dropbox 2017-03-13 20:11 - 2016-10-15 00:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-13 20:10 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-03-13 20:10 - 2013-05-20 18:36 - 00150982 _____ C:\bdlog.txt 2017-03-13 20:03 - 2016-10-14 23:52 - 00000000 ____D C:\Users\DefaultAppPool 2017-03-12 22:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-12 15:04 - 2016-10-14 23:51 - 01951094 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-03-12 15:04 - 2016-07-16 23:51 - 00715542 _____ C:\WINDOWS\system32\perfh007.dat 2017-03-12 15:04 - 2016-07-16 23:51 - 00160732 _____ C:\WINDOWS\system32\perfc007.dat 2017-03-12 13:55 - 2016-11-24 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-03-12 13:55 - 2012-08-19 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-12 13:44 - 2013-05-20 17:06 - 00000000 ____D C:\ProgramData\BDLogging 2017-03-11 19:58 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-11 19:46 - 2013-09-18 18:15 - 00000000 ____D C:\Users\Silvia\AppData\Roaming\Dropbox 2017-03-09 22:42 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-03-09 15:05 - 2013-05-20 16:16 - 02426440 _____ C:\Users\Silvia\Desktop\bitdefender_antivirus2013.exe 2017-03-09 10:17 - 2015-06-12 22:02 - 00000000 ____D C:\Users\Silvia\AppData\Local\Dropbox 2017-03-01 12:03 - 2016-10-14 23:52 - 00000000 ____D C:\Users\Silvia 2017-03-01 11:20 - 2012-08-19 11:26 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-24 09:05 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-24 09:01 - 2013-07-28 21:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-23 22:07 - 2012-08-22 20:49 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-23 20:49 - 2014-08-18 15:46 - 00000000 ____D C:\Users\Silvia\AppData\Local\Adobe 2017-02-23 20:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-23 20:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-18 11:09 - 2016-12-07 07:42 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-18 11:08 - 2016-03-06 13:22 - 00002421 _____ C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-02-18 11:08 - 2016-03-06 13:22 - 00000000 ___RD C:\Users\Silvia\OneDrive 2017-02-15 10:14 - 2012-08-19 07:37 - 00000000 ____D C:\Program Files (x86)\Google ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-04-19 08:08 - 2012-04-19 08:08 - 141590843 _____ () C:\Program Files\openofficeorg1.cab 2012-04-19 07:59 - 2012-04-19 07:59 - 3125248 _____ () C:\Program Files\openofficeorg34.msi 2016-05-23 20:52 - 2016-05-23 20:52 - 0000385 _____ () C:\Users\Silvia\AppData\Roaming\user_gensett.xml 2012-10-07 17:24 - 2012-10-07 17:24 - 0000393 _____ () C:\Users\Silvia\AppData\Local\HamsterVideoConverterSettings.cfg 2016-04-14 18:41 - 2016-04-14 18:41 - 0627349 _____ () C:\ProgramData\1460653227.bdinstall.bin 2016-06-15 06:33 - 2016-06-15 06:33 - 0026781 _____ () C:\ProgramData\1465968770.bdinstall.bin 2017-03-09 21:33 - 2017-03-09 21:33 - 0097882 _____ () C:\ProgramData\1489091590.bdinstall.bin 2016-09-20 11:32 - 2016-09-20 11:32 - 0026838 _____ () C:\ProgramData\agent.1474367523.bdinstall.bin 2016-11-02 14:41 - 2016-11-02 14:41 - 0028759 _____ () C:\ProgramData\agent.1478094058.bdinstall.bin 2017-03-12 13:45 - 2017-03-12 13:45 - 0028190 _____ () C:\ProgramData\agent.1489322704.bdinstall.bin 2016-10-14 23:48 - 2016-10-14 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-12-26 18:49 - 2014-12-26 21:42 - 0000836 _____ () C:\ProgramData\hpzinstall.log 2011-11-03 19:44 - 2011-11-03 19:45 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-11-03 19:37 - 2011-11-03 19:37 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2011-11-03 19:41 - 2011-11-03 19:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-11-03 19:38 - 2011-11-03 19:41 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-11-03 19:42 - 2011-11-03 19:44 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-03-09 10:39 ==================== Ende von FRST.txt ============================ |
15.03.2017, 06:20 | #13 |
| Myfilestore.com Virus eingefangen? Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-03-2017 durchgeführt von Silvia (15-03-2017 05:59:48) Gestartet von C:\Users\Silvia\Desktop Windows 10 Home Version 1607 (X64) (2016-10-14 23:30:32) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-983883370-204824152-491102941-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-983883370-204824152-491102941-503 - Limited - Disabled) Gast (S-1-5-21-983883370-204824152-491102941-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-983883370-204824152-491102941-1002 - Limited - Enabled) Silvia (S-1-5-21-983883370-204824152-491102941-1000 - Administrator - Enabled) => C:\Users\Silvia ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Bitdefender-Virenschutz (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} AS: Bitdefender-Spyware-Schutz (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden 4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Albelli Fotobücher (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli) ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1423 - Bitdefender) Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 19.6.0.326 - Bitdefender) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.2.0 - devolo AG) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG) DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.44 - Samsung) ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.2.19144 - Landesfinanzdirektion Thüringen) Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Finanzplaner PRO (HKLM-x32\...\Finanzplaner PRO) (Version: - FinanzPortal24 GmbH) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden fotokasten comfort 5.0 (HKLM-x32\...\fotokasten comfort_is1) (Version: - ) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-983883370-204824152-491102941-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.8.0.6273 - Mozilla) Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 2016 (HKLM-x32\...\{049045D5-0C46-4E78-A83F-83E993D91A7F}) (Version: 17.0.02300 - Nero AG) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org) Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung) SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent) WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{E47A3570-59A0-4948-A678-A930FEE8AAC7}) (Version: 21.00.8480 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{B999EF65-7140-47E1-BED0-6A32E64A0D7D}) (Version: 22.00.8811 - Buhl Data Service GmbH) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-983883370-204824152-491102941-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1399D005-9179-4EB0-B62B-C71085F1CB81} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000Core1d238be2862dc7c => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {1B0CAC01-78B1-46EA-AAD0-A5C0C9A9EEBD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {1BBE6E19-EAC8-48F9-A650-29AC264EC91B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {27018021-93D3-4181-A414-70E233096DA8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {2E4CFDEB-63DC-4061-BBED-999970D6C986} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2013\bdproductdata.exe Task: {2F0D4068-C9FA-4B45-A7FC-625D0F57B02A} - System32\Tasks\{EE305C4B-2645-4AD4-AB31-8774E0D9EF4D} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Ahead\Nero StartSmart\NeroStartSmart.exe" Task: {34185101-2D74-4011-908B-B1FC4B4C4BE7} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Easy Support Center\SSCKbdHk.exe Task: {40CA2C1C-8985-452E-B5F1-23E374E19F48} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {4A1A75AC-E505-48A8-ACAD-2FB594C0BB58} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {4BD94884-E059-4F7C-8455-62E2AA5A3DBE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23] (Adobe Systems Incorporated) Task: {5996EC8B-1C65-4C80-84F9-96E88B7A1A86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {6300AB21-F4AE-4D28-97B2-6921A3833149} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {73CC6AD6-7914-402D-B519-52F325732A2B} - System32\Tasks\{C7DA0173-A309-4F90-B5F2-89918793E3A1} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.30.0.105.411/de/abandoninstall?page=tsProgressBar Task: {7556EB99-AC76-4EE7-9CB3-0B4CCE2DCDB0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {75B74FA7-121A-45AF-A58F-CE8474E83919} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {850E9F07-2096-4FE9-A733-FE077D4AABE5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {8B334E28-4173-4E7B-B70D-2239A7897ADC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {8C128A29-BC22-409A-B3B4-B6A225FC4454} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink) Task: {9A651807-3F5E-4BD4-AAAF-938487ACD279} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {9C7B57B7-F799-4A6C-929D-59D86F528183} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {9D3B18C5-480C-4532-A960-D319D34E5EE7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {9FED81DA-52A7-4C9D-8AB0-16EFCF8E0626} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {A2A0F0F1-0AD4-4693-9963-A68C0DEBC0CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {AB30CF4B-78EE-43C6-84AF-18B9600D7A09} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {AF8E0C35-0478-480E-AB08-8B82E504A785} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {B24C4704-4B41-438C-A0D8-EB1B1B19B584} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {BCF1F663-95A5-46DA-A8D2-EEE34805A0B3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {C491C115-391E-4D12-8322-67457D3CA592} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000UA1d238be289e236d => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {CB902C20-D63C-4BA9-ABDC-BF90E0F37791} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D1A7B405-6102-4350-8033-19B49D45750C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D64C454A-E02D-4972-99F7-BF6AEF595F22} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {D89CE4B1-DC7B-42F9-98E6-F9C8DE7003A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {DC02FBDE-D986-497A-9492-9186C3C240E6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {DEF7D778-88F3-48E0-8236-1247220EDAA7} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {F1B6F95C-CAB2-4BFF-AA66-C6BB1E217B19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {F31AABE0-BE26-427E-8159-BF36BA8A0C32} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Silvia\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {F645E1B5-0C8C-49DE-8DF7-045D7C9C022E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender) Task: {FB5C8F08-3D93-43D7-9E1F-FB95C61673F9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {FC32A813-B554-47A0-B581-AD88FB648F7B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000Core1d238be2862dc7c.job => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-983883370-204824152-491102941-1000UA1d238be289e236d.job => C:\Users\Silvia\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-14 18:19 - 2015-11-04 13:06 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll 2016-04-14 18:18 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll 2016-04-14 18:19 - 2016-03-02 15:08 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui 2017-02-07 16:40 - 2017-02-07 16:40 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpbr.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpdsp.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttpph.mdl 2017-02-07 16:40 - 2017-02-07 16:40 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_005\ashttprbl.mdl 2015-08-21 21:09 - 2015-08-21 21:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2015-08-21 21:09 - 2015-08-21 21:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2011-11-03 19:41 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2017-03-12 14:26 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-03-12 14:27 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-12-14 12:22 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-15 00:32 - 2016-10-15 00:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-16 11:07 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-16 11:05 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-16 11:05 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-16 11:05 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-04-13 08:41 - 2015-04-14 10:05 - 01428760 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe 2015-08-21 21:09 - 2015-08-21 21:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2017-02-25 09:22 - 2017-02-25 09:33 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-25 09:22 - 2017-02-25 09:33 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-25 09:22 - 2017-02-25 09:33 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-08 10:11 - 2017-02-08 10:48 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-02-28 11:15 - 2017-03-01 10:04 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2016-06-03 15:18 - 2016-06-03 19:59 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-02-28 11:15 - 2017-03-01 10:04 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-03-09 23:19 - 2016-03-09 23:21 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2017-01-16 11:05 - 2016-12-21 07:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll 2016-10-15 00:33 - 2016-10-15 00:33 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll 2016-10-15 00:33 - 2016-10-15 00:33 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 09741592 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll 2014-04-13 08:35 - 2015-04-14 10:06 - 03929880 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02872600 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll 2014-04-13 08:36 - 2015-04-14 10:05 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02136856 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01960728 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll 2014-04-13 08:35 - 2014-02-11 10:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 04463896 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01593624 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 05308184 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 02392344 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01171224 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01633560 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01341720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 07374616 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01296664 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll 2014-04-13 08:35 - 2015-04-14 10:05 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll 2017-03-11 19:44 - 2017-03-06 21:59 - 00807232 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll 2017-03-11 19:45 - 2017-02-09 03:19 - 00035792 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00100296 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00018888 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\select.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00019776 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00694224 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00020824 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2017-03-11 19:45 - 2017-02-09 03:20 - 00123856 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 01682768 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00020816 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00145864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2017-03-11 19:44 - 2017-02-09 03:20 - 00019408 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00116688 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2017-03-11 19:45 - 2017-02-09 03:22 - 00105928 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32api.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00038712 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\fastpath.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00060736 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024528 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32event.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00175560 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32gui.pyd 2017-03-11 19:45 - 2017-02-09 03:19 - 00392144 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2017-03-11 19:44 - 2017-02-09 03:22 - 00020936 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00116176 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32security.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00381760 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00124880 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32file.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00026456 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024016 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00030160 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00043472 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32process.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00048592 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32service.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00057808 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00024016 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32profile.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00246608 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00027488 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-03-11 19:45 - 2017-02-09 03:21 - 00241104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\_jpegtran.pyd 2017-02-25 09:43 - 2017-03-06 22:01 - 00022336 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00025432 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00028616 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32ts.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 01826104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2017-03-11 19:45 - 2017-02-09 03:20 - 00083912 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\sip.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 01972536 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 03928896 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00531264 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00053072 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00133432 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00224064 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00207680 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00069968 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022872 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00021848 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00022872 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00350152 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00103232 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00023896 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2017-03-11 19:44 - 2017-03-06 22:01 - 00025936 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2017-03-11 19:44 - 2017-02-09 03:17 - 00036296 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\librsync.dll 2017-03-11 19:44 - 2017-03-06 22:01 - 00033112 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd 2017-03-11 19:44 - 2016-12-02 22:44 - 00293392 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll 2017-03-11 19:44 - 2017-03-06 22:01 - 00084288 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2017-03-11 19:44 - 2017-02-09 03:27 - 00017864 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\libEGL.dll 2017-03-11 19:44 - 2017-02-09 03:27 - 01631184 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2017-03-11 19:45 - 2017-03-06 22:01 - 00042816 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00171336 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00357688 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2017-03-11 19:45 - 2017-02-09 03:22 - 00060880 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\win32print.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00026456 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-03-11 19:45 - 2017-03-06 22:01 - 00546104 _____ () C:\Users\Silvia\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\AdwCleaner_6.044.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\esetsmartinstaller_deu.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\HitmanPro_x64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\SystemLook_x64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Desktop\tdsskiller.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ALDI Bestellsoftware Setup.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Barchart-windows64-online.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ccsetup402_slim.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\devolo-cockpit-v4-3-2.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Dropbox 2.0.26.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-14.3.20130522u.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.0.20150113k.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.1.20150309u(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\ElsterFormular-16.1.20150309u.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-0-6(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-0-6.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-3-13(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-3-13.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-4-8(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\fotokasten_comfort_[2116]_5-4-8.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer15x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer16x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\install_flashplayer17x32au_mssa_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jre-7u25-windows-x64.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(1).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(2).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(3).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(4).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(5).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\jxpiinstall(6).exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\Nero2016-17.09.2015_stub_trial.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\OJ4500vG510a-f_Full_13.exe:BDU [0] AlternateDataStreams: C:\Users\Silvia\Downloads\SkypeSetup.exe:BDU [0] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-983883370-204824152-491102941-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Silvia\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{bbeb6448-8619-4f01-847d-26d45d85e6ac}.JPG HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe ==================== Wiederherstellungspunkte ========================= 23-02-2017 22:00:27 Windows Update 01-03-2017 20:02:06 Windows-Sicherung 13-03-2017 20:33:57 Geplanter Prüfpunkt ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (03/15/2017 05:47:59 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (03/15/2017 05:47:04 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (03/14/2017 11:01:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Silvia-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/14/2017 05:38:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Silvia-PC) Description: Das Paket „Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte. Error: (03/13/2017 10:06:48 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (03/13/2017 10:04:37 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (03/13/2017 10:03:44 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "c:\users\silvia\desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (03/13/2017 10:03:40 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Silvia\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (03/13/2017 10:03:25 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Silvia\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (03/13/2017 10:03:25 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Silvia\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Systemfehler: ============= Error: (03/14/2017 11:32:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: Der Treiber konnte nicht geladen werden. Error: (03/14/2017 11:32:29 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Silvia\AppData\Local\Temp\ehdrv.sys Error: (03/14/2017 11:32:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: Der Treiber konnte nicht geladen werden. Error: (03/14/2017 11:32:28 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Silvia\AppData\Local\Temp\ehdrv.sys Error: (03/14/2017 11:32:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: Der Treiber konnte nicht geladen werden. Error: (03/14/2017 11:32:28 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Silvia\AppData\Local\Temp\ehdrv.sys Error: (03/14/2017 11:32:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: Der Treiber konnte nicht geladen werden. Error: (03/14/2017 11:32:28 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Silvia\AppData\Local\Temp\ehdrv.sys Error: (03/14/2017 11:32:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: Der Treiber konnte nicht geladen werden. Error: (03/14/2017 11:32:27 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Silvia\AppData\Local\Temp\ehdrv.sys ==================== Speicherinformationen =========================== Prozessor: AMD A4-3305M APU with Radeon(tm) HD Graphics Prozentuale Nutzung des RAM: 69% Installierter physikalischer RAM: 3563.87 MB Verfügbarer physikalischer RAM: 1102.3 MB Summe virtueller Speicher: 7147.87 MB Verfügbarer virtueller Speicher: 4069.9 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:178 GB) (Free:92.31 GB) NTFS Drive d: () (Fixed) (Total:266.26 GB) (Free:72.32 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 933609DD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=266.3 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=21.4 GB) - (Type=27) ==================== Ende von Addition.txt ============================ |
15.03.2017, 15:41 | #14 |
/// TB-Ausbilder | Myfilestore.com Virus eingefangen? Servus, du hast versehentlich zweimal die Logdatei von Hitman gepostet. Bitte reiche mir noch die Logdatei von ESET nach. Anschließend beantworte ich noch offene Fragen und wir kümmern uns um den Rest. |
15.03.2017, 18:00 | #15 |
| Myfilestore.com Virus eingefangen? Sorry, kommt ... Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=563aba6e3bae8741ad1f9870876bbedb # end=init # utc_time=2017-03-13 09:04:02 # local_time=2017-03-13 10:04:02 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 32703 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=563aba6e3bae8741ad1f9870876bbedb # end=updated # utc_time=2017-03-13 09:27:18 # local_time=2017-03-13 10:27:18 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=563aba6e3bae8741ad1f9870876bbedb # engine=32703 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2017-03-14 10:32:25 # local_time=2017-03-14 11:32:25 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Bitdefender Antivirus' # compatibility_mode=2067 16777213 83 96 95368 193379654 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 13042550 30520038 0 0 # scanned=337013 # found=8 # cleaned=8 # scan_time=3907 sh=E2FFADAEB3EA8237282585757BCAAEDC6CE796E8 ft=1 fh=372ae60dad225c60 vn="Variante von Win64/Wajam.I eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\quarantine\files\kcembrbjwfhdttqbsbzhyxotcphxvoci\wajam_goblin_64.dll" sh=BDADEAF68BD430A3DF8ADE1123C9213639B5CF8B ft=1 fh=97a8936e0ed33201 vn="Win32/Wajam.AI eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\quarantine\files\kcembrbjwfhdttqbsbzhyxotcphxvoci\WWE_uninstall.exe" sh=8150B5CB0155B130FB68D5128CD01BC7BC536F2A ft=1 fh=372ae60dad225c60 vn="Variante von Win64/Wajam.I eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\quarantine\files\kcembrbjwfhdttqbsbzhyxotcphxvoci\dlls\vcqnk.dll" sh=251CA7A7B1EA269AAA24E58686BB17A386088DBF ft=1 fh=526c9d0177842dc8 vn="Variante von Win64/Wajam.B eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\quarantine\files\znaxkihlysvnpwugnthnpoitxgpllogh\05407804f36fbc9918ce751f1273da3d.exe" sh=14E9687972EC83D101EAF55F857D5AEDD9254701 ft=1 fh=9f07491f8a9d26bb vn="Variante von Win32/Wajam.AA eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\quarantine\files\znaxkihlysvnpwugnthnpoitxgpllogh\c36e7331018fd1b09847f0bb6fc6d7ad.exe" sh=AA8536D68A38DE6CE11F89F7EFCEBDC7ED9F37E9 ft=1 fh=9bf365db9a49997b vn="Win32/Wajam.AI eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\quarantine\files\znaxkihlysvnpwugnthnpoitxgpllogh\WWE_uninstall.exe" sh=6B9C8E492228773EBEF9B89C09A5CD065B3B3D92 ft=1 fh=c68f28ef81322fd9 vn="Variante von Win32/DownloadSponsor.A eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\Silvia\Downloads\Nero Burning ROM Classic - CHIP-Installer.exe" sh=EDF353EC4DF9E06C1914E3ADA40F1350633D1332 ft=1 fh=905ebfc75ab24c5f vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\Silvia\Downloads\SuperTuxKart - CHIP-Installer.exe" |
Themen zu Myfilestore.com Virus eingefangen? |
.dll, antivirus, ccsetup, defender, desktop, explorer, firefox, flash player, google, home, installation, mozilla, myfilestore, myfilestore.com, port, prozesse, realtek, registry, rundll, scan, schutz, services.exe, super, symantec, system, virus, windows, windowsapps, winlogon.exe, wiso |