| |
| |||||||
Log-Analyse und Auswertung: RootkitverdachtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.05.2017, 22:45
| #1 |
 |  Rootkitverdacht Hallo Leute Habe den Verdacht von einem fiesen Rootkit heimgesucht worden zu sein. Ich wäre sehr froh wen ihr mir helft könnt. Der sysinspector von Eset und auch sysinternals findet verdächtige Prozesse : Code:
ATTFilter Modul" = "d:\windows\assembly\nativeimages_v4.0.30319_64\smsvchost\a1bca43857f8d35aea9dee66e3d4534b\smsvchost.ni.exe" ( 7: Risikoreich ) ; SMSvcHost.exe ; Microsoft Corporation ; pid 2484
"Modul" = "d:\windows\assembly\nativeimages_v4.0.30319_64\smsvchost\a1bca43857f8d35aea9dee66e3d4534b\smsvchost.ni.exe" ( 7: Risikoreich ) ; SMSvcHost.exe ; Microsoft Corporation ; pid 3284
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-05-2017
durchgeführt von Nada (02-05-2017 23:35:06)
Gestartet von D:\Users\käptnBlaubär\Downloads
Windows 10 Pro Version 1607 (X64) (2016-10-09 18:13:36)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2210758347-1204338499-507655992-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2210758347-1204338499-507655992-503 - Limited - Disabled)
Gast (S-1-5-21-2210758347-1204338499-507655992-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2210758347-1204338499-507655992-1002 - Limited - Enabled)
Nada (S-1-5-21-2210758347-1204338499-507655992-1000 - Administrator - Enabled) => D:\Users\käptnBlaubär
RSS_504C72360D464B11 (S-1-5-21-2210758347-1204338499-507655992-1004 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Returnil System Safe 2011 (Enabled - Up to date) {B1F99400-BE58-E5B3-88CF-FB21D431A392}
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AdBlockerHelper (HKLM-x32\...\{7923DD5E-8FFC-4DE8-A7DC-D4B83797F3C0}) (Version: - AdBlockerHelper)
Apowersoft kostenloser Bildschirmrekorder V3.0.6 (HKLM-x32\...\{24a5c90b-5128-4fc9-91f5-113d64087118}_is1) (Version: 3.0.6 - APOWERSOFT LIMITED)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{1f8bb480-f5d7-4414-a6ea-28e005509ae4}) (Version: 1.2.81.6390 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.6390 - Avira Operations GmbH & Co. KG) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CMS2017 2.0 (HKLM-x32\...\{91190DD8-7271-4F6A-BF98-96B72E835A15}) (Version: - M.S)
Command & Conquer 3 (HKLM-x32\...\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer(TM) Generäle (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer(TM) Generäle (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and Conquer(TM) Generäle Die Stunde Null (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and Conquer(TM) Generäle Die Stunde Null (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
EasySetup 2.0.6 (HKLM-x32\...\{7CD2DA07-6695-4FFE-A2A6-5F7055F1A8FA}) (Version: - Thorsten Hoeppner)
Emsisoft HiJackFree 4.5 (HKLM-x32\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH)
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{4705DBFD-9D5E-4D23-817C-8CA7359B7BDE}) (Version: 11.1.20810.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HTML Help Workshop (HKLM-x32\...\HTML Help Workshop) (Version: - )
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Linkverwaltung 2.0 (HKLM-x32\...\{3AC6AA2F-8C74-48AC-A064-707CDB7461D8}) (Version: - M.S)
MD5Hasch 2.0.0 (HKLM-x32\...\{9C0D084E-423E-452F-9935-F96A2A840C61}) (Version: - M.S)
MeineDaten 2.0 (HKLM-x32\...\{1A25CEB9-5A89-43AB-93CD-BF8B0149F684}) (Version: - M.S)
MeineDatenBank 2.0 (HKLM-x32\...\{7EA04711-607D-424B-A210-900296D7B874}) (Version: - M.S)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM-x32\...\{00040407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office Access Runtime (German) 2007 (HKLM-x32\...\{90120000-001C-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 (Deutsch) (HKLM-x32\...\{FA440BE8-EC2F-4478-A01A-077DA0606501}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual FoxPro OLE DB Provider (HKLM-x32\...\{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}) (Version: 1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (HKLM-x32\...\{69ec32be-d994-44de-9eae-6d86ced6f352}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0 (x64 de) (HKLM\...\Mozilla Firefox 53.0 (x64 de)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NetObjects Fusion Essentials (HKLM-x32\...\{8508AD2F-9837-4CC3-AC3C-05DB64D20275}) (Version: 13.0 - NetObjects)
NetObjects Fusion Essentials (x32 Version: 13.00.0000.5598 - NetObjects) Hidden
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.80 - Symantec Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Grafiktreiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.9.38188 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 3.0.19.0 - Goversoft LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Returnil System Safe 2011 (HKLM-x32\...\{92AF8F5C-4F36-4276-ADC7-AC95F348235B}) (Version: 3.2.10853 - CJSC Returnil Software)
RogueKiller Version 12.10.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.6.0 - Adlice Software)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: - Samsung Electronics CO.,LTD)
SanityCheck 2.02 (HKLM\...\SanityCheck_is1) (Version: - Resplendence Software Projects Sp.)
Serif PagePlus X2 (HKLM-x32\...\{B00B1355-DD54-4314-90B1-161C6A7D3FD3}) (Version: 12.0.0.012 - Serif (Europe) Ltd)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TrojanHunter 6.0 (HKLM-x32\...\TrojanHunter_is1) (Version: 6.0 - Bytelayer AB)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17362 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01D4B8E8-467A-4035-90A1-6A5D225FBF40} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {0271E4B5-0CBB-4FBD-BF90-A81C65725AA4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {0AE4797F-C5A4-4793-A9F9-B58F04895C3D} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd)
Task: {0C59C8F3-5851-4422-A8EB-C1C2E79851EA} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {0D876791-6730-4569-91A1-16C55356B8D7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {0DA3D330-6608-429D-8C7F-772E1B18F40A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {22093BCE-0D5C-4DE1-97BA-2DE8FBB4AC7B} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {283FE97C-0921-46FD-89AA-0964480D6676} - System32\Tasks\BDAntiCryptoWallTask => D:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [2016-05-16] ()
Task: {2CE6F91D-AD61-4A5B-A47E-7BDA0D5CC3EE} - System32\Tasks\Apple\AppleSoftwareUpdate => D:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {2CFBDC09-4D64-44E6-9ECF-CC7F0F76D9BF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {2FD69397-024B-4ED2-9C5F-29C651355DE4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3B5223C3-3DF8-4660-9F71-06FA0C9AC531} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {3D2FDB4D-CAC6-4CE1-A3EA-06B7D18227A5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {6EADAB68-C306-4603-AAAC-2714B530E405} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7F5F7452-6161-4DD5-91D9-FCFE41EC5B08} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {7F871D47-7D40-4C22-8BF0-7084448DCE1C} - System32\Tasks\{E7EB9F2C-A589-4420-A190-2EBD4D9356C5} => pcalua.exe -a D:\Users\käptnBlaubär\Downloads\MDAC_TYP.EXE -d D:\Users\käptnBlaubär\Downloads
Task: {8B70AB37-B99E-4BC4-8D87-F711C3643B21} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {95E9774F-A4C2-4FBD-A92D-D0CE10521609} - System32\Tasks\Norton Security Scan for Nada => D:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.80\Nss.exe [2016-11-03] (Symantec Corporation)
Task: {9B8180B6-C3BC-4406-B40D-C9247E07DC26} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {AB65F659-6576-490A-9175-C613E99BAF1E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {ABB7C120-8C3C-4B0D-87F9-B1FB6910205F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AD543F3E-A6BA-4963-B9D4-65399B2608F0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {DB45A22E-95DB-417E-B2F4-942A0E3F37A3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {DFD1099D-3BBF-445F-A770-310BDD089ABA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E7953A10-891C-4E02-8853-7BFF209B64A5} - System32\Tasks\PrivaZer_SkipUAC => D:\Program Files (x86)\PrivaZer\PrivaZer.exe [2017-04-02] (Goversoft LLC)
Task: {FC71D964-1996-43EF-BCD8-211A7E12C037} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {FD040641-285A-4D1B-87CA-569A58C603B6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () D:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-11 19:36 - 2017-03-28 08:22 - 02681200 _____ () D:\WINDOWS\system32\CoreUIComponents.dll
2016-02-01 19:25 - 2008-06-04 16:53 - 00027648 _____ () D:\WINDOWS\System32\spd__l6.dll
2016-02-01 19:25 - 2009-03-18 14:05 - 00685568 _____ () D:\WINDOWS\system32\spool\DRIVERS\x64\3\spd__du.dll
2014-10-03 20:56 - 2015-09-29 20:38 - 00076152 _____ () D:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-04-20 16:01 - 2017-03-22 09:39 - 00169656 _____ () D:\Program Files\CyberGhost 6\Data\Firewall\x64\nfapi.DLL
2017-04-11 19:36 - 2017-03-28 08:22 - 02681200 _____ () D:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-09 20:17 - 2016-10-09 20:17 - 00959168 _____ () D:\Users\käptnBlaubär\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-10-05 15:38 - 2016-10-07 21:54 - 03525431 _____ () D:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2016-09-21 22:16 - 2016-09-21 22:16 - 00230064 _____ () D:\Program Files\Notepad++\NppShell_06.dll
2016-10-10 12:07 - 2016-09-07 06:56 - 00134656 _____ () D:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 17:55 - 2017-03-04 08:31 - 00474112 _____ () D:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 17:55 - 2017-03-04 08:12 - 09760768 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 17:55 - 2017-03-04 08:05 - 01401856 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 17:55 - 2017-03-04 08:05 - 00757248 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 19:36 - 2017-03-28 07:08 - 02424320 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 19:36 - 2017-03-28 07:11 - 04853760 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-29 10:52 - 2016-05-16 16:25 - 01318488 _____ () D:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
2017-04-29 10:52 - 2015-08-14 14:49 - 00614400 _____ () D:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDMetrics.dll
2017-05-02 20:49 - 2016-12-12 02:16 - 00271280 _____ () D:\Users\käptnBlaubär\Downloads\prozesseChecken\cce_x64\themes\CCE.THEME
2017-05-02 20:49 - 2016-03-16 12:25 - 00073912 _____ () D:\Users\käptnBlaubär\Downloads\prozesseChecken\cce_x64\scanners\smart.cav
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: D:\ProgramData\TEMP:341E39B2 [127]
AlternateDataStreams: D:\ProgramData\TEMP:55B41E6A [122]
AlternateDataStreams: D:\ProgramData\TEMP:9A870F8B [932]
AlternateDataStreams: D:\ProgramData\TEMP:AC64BB05 [131]
AlternateDataStreams: D:\ProgramData\TEMP:CB0AACC9 [320]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\localhost -> hxxps://localhost
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2016-12-29 17:30 - 00000938 _____ D:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\Control Panel\Desktop\\Wallpaper -> d:\users\käptnblaubär\appdata\local\microsoft\windows\themes\img10.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: HDDlife HDD Access service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVIDIA Wireless Controller Service => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: RUBotSrv => 2
MSCONFIG\Services: Samsung UPD Service => 3
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Malwarebytes Anti-Ransomware.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RSS 2011.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\StartupFolder: => "MALWAREBYTES ANTI-RANSOMWARE.LNK"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "Kaspersky Software Updater"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "KSS"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "CyberGhost"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-dcom] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RVM-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteDesktop-Shadow-In-TCP] => (Block) %SystemRoot%\system32\RdpSa.exe
FirewallRules: [{7F769B1A-858C-458B-9A95-FCF7E5EFA399}] => (Allow) D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\RpcSandraSrv.exe
FirewallRules: [{41724820-1BA1-49E5-BE8C-9DF9A7514327}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{20B3855F-1D77-488C-A050-B71C2E34D227}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F76BB3A0-1177-4D72-BBDF-383DFAE32FBB}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A13DC88-D16A-4C3D-8925-88FCED9383EA}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{78948828-5201-497F-9ED0-DBAB838215D6}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{824E0CB4-2954-46A1-9499-1D88D3360982}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{6F41A2D2-BB0F-4472-8855-6FBB7119011A}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{10AFA1D6-1B82-425C-813B-4CF0928E8C60}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AA6D773E-F25C-4A29-B21D-F255C0EFB9F7}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0C4085FB-E4A8-494B-B93A-8CD6532DE3A8}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E0B059C6-F1D4-4441-9780-D8553F11B575}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [{E83FB76E-9205-4B6B-8264-196650AF4E39}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{9EBF74DB-BC08-40B6-9575-D8D213608D0A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{941EDF7C-AC2E-43A4-8F97-03BB134C3A76}] => (Allow) D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe
FirewallRules: [{B1FB53ED-8CBF-4BD7-B2E1-6F7037D2C96D}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E69C2C7A-2AE5-4E02-B62F-28AFE47B84B1}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AD7DB536-19D1-4741-B5CA-38074D5E1A78}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3344C11A-A8FE-4C9A-A9DD-BEEA3D386BF9}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2384AD3A-D15A-4F07-994F-EBAFEC09606D}] => (Allow) D:\Windows\System32\SUPDSvc.exe
FirewallRules: [{CB56C37F-E60F-44CB-A761-A3E48F5845AA}] => (Allow) D:\Windows\System32\SUPDSvc.exe
FirewallRules: [{49EAE512-EEE3-49B1-9BC4-32F5A7F2FEEC}] => (Allow) D:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5BD170FA-F34F-4319-8887-B087D7380D33}] => (Allow) D:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{9CE0734A-6829-49A3-81D6-8034B1FECDD0}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6D6BFBEA-9B0A-4F8F-AD28-79BA423DB5D5}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1E574917-8CE3-4A76-A3F1-3F565C77BA0F}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{478E522C-A52C-44EA-8670-B3E6C5E89A15}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6F94AA1F-8281-48E4-9FE4-335A3C70952E}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{631237D1-47B0-48CB-930E-FE9A63BDD72A}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe
FirewallRules: [UDP Query User{79479189-1BE3-4180-8F59-FF21B7EA6F40}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe
FirewallRules: [TCP Query User{2C07FB38-2308-41C4-8EA1-3DDE4F628B43}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe
FirewallRules: [UDP Query User{B887583F-AF8C-41D9-AEA1-3A5C9CE84EE1}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe
FirewallRules: [TCP Query User{56F9FDED-A005-4E74-9A7F-2FEFBCC8BC73}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe
FirewallRules: [UDP Query User{E4569F72-193F-45C8-B231-2A3B0ED01148}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe
FirewallRules: [TCP Query User{5E2B3BAD-54EE-438C-AC3C-1F309DA1993F}M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [UDP Query User{1FB60CBB-26D5-4F74-9C58-A75F86DE2937}M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [TCP Query User{171C4656-4433-4F65-97D4-6CF2B47E7A39}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [UDP Query User{8526678C-D896-49D7-87C9-BC30E338E603}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [{DF89024D-2B67-4DA0-9C70-25F04DDFD0AF}] => (Allow) D:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{053641C4-8E62-423E-830A-D1BCA1D101FE}] => (Allow) D:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{47366012-3301-451E-B967-326DA431DB42}] => (Allow) D:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69B051BA-DDF0-4670-9130-E5299DDCB00D}] => (Allow) D:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{15C47165-9F69-45AD-B585-0115FD36FBFB}D:\program files\mozilla firefox\firefox.exe] => (Block) D:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{10937510-0CE9-4228-AC1A-2E4453E174F8}D:\program files\mozilla firefox\firefox.exe] => (Block) D:\program files\mozilla firefox\firefox.exe
FirewallRules: [{312AD574-CAF1-4AB3-84D3-3C9936F5111E}] => (Allow) D:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3FAC850C-2CB5-4E7C-A3DF-353FC2451365}] => (Allow) LPort=2869
FirewallRules: [{AEFE14F6-3CDA-438C-B783-08410C687D01}] => (Allow) LPort=1900
FirewallRules: [{E62DE134-693D-44A0-BE77-A4DD434723E5}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{5919157E-1C8C-4E91-AE5C-7AF5171615B9}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{20ADF67F-6DAC-41BB-8BAA-0995BAF0A1E0}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
FirewallRules: [{0767923C-CD9E-4991-8A43-09B1226DDE4E}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
==================== Wiederherstellungspunkte =========================
27-04-2017 14:50:16 Microsoft Visual C++ 2005 Redistributable wird installiert
27-04-2017 15:00:26 JRT Pre-Junkware Removal
01-05-2017 09:53:56 Windows Update
01-05-2017 09:54:39 Windows Update
01-05-2017 10:33:34 Installed Compatibility Pack for the 2007 Office system
02-05-2017 17:44:02 Installed SafenSoft SysWatch.
02-05-2017 17:48:03 Installed SafenSoft SysWatch.
02-05-2017 17:56:03 Removed SafenSoft SysWatch.
02-05-2017 20:15:14 Returnil System Safe 2011 wird installiert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/02/2017 11:26:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des Avira Antivirus-Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).
Error: (05/02/2017 11:26:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des Avira Antivirus-Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).
Error: (05/02/2017 11:16:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des Avira Antivirus-Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).
Error: (05/02/2017 11:16:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des Avira Antivirus-Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).
Error: (05/02/2017 11:06:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des Avira Antivirus-Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).
Error: (05/02/2017 11:06:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des Avira Antivirus-Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).
Error: (05/02/2017 10:56:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des Avira Antivirus-Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).
Error: (05/02/2017 10:56:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des Avira Antivirus-Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).
Error: (05/02/2017 10:46:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des Avira Antivirus-Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).
Error: (05/02/2017 10:46:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des Avira Antivirus-Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).
Systemfehler:
=============
Error: (05/02/2017 09:10:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual Studio 2012 (KB3002339)
Error: (05/02/2017 09:10:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual Studio 2012 (KB2781514)
Error: (05/02/2017 09:09:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Returnil System Safe Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/02/2017 09:06:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "CDPUserSvc_34db1" wurde mit folgendem Fehler beendet:
Unbekannter Fehler
Error: (05/02/2017 09:03:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (05/02/2017 09:03:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (05/02/2017 09:02:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WMPNetworkSvc" ist vom Dienst "WSearch" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (05/02/2017 09:02:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "rvsmonn" ist vom Dienst "rvsmon" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Ein an das System angeschlossenes Gerät funktioniert nicht.
Error: (05/02/2017 09:02:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "rvsmonf" ist vom Dienst "rvsmon" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Ein an das System angeschlossenes Gerät funktioniert nicht.
Error: (05/02/2017 08:42:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
CodeIntegrity:
===================================
Date: 2017-04-27 12:20:22.419
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\käptnBlaubär\Desktop\security\security\sysinternals\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.450
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.439
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.427
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.410
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.396
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.389
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:38:10.011
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 10:45:07.782
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 10:44:47.507
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Ende von Addition.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05-2017
durchgeführt von Nada (Administrator) auf NONNAME (02-05-2017 23:33:31)
Gestartet von D:\Users\käptnBlaubär\Downloads
Geladene Profile: Nada (Verfügbare Profile: Nada)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) D:\Windows\System32\mqsvc.exe
() D:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(CyberGhost S.R.L) D:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Microsoft Corporation) D:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() D:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(F-Secure Corporation) D:\Users\käptnBlaubär\Downloads\fseasyclean.exe
(COMODO) D:\Users\käptnBlaubär\Downloads\prozesseChecken\cce_x64\CCE.exe
(Microsoft Corporation) D:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) D:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [NvBackend] => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => D:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => D:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\Run: [CyberGhost] => D:\Program Files\CyberGhost 6\CyberGhost.exe [1229360 2017-03-22] (CyberGhost S.R.L.)
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-11] (Piriform Ltd)
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\MountPoints2: {96ef2f02-b7e1-11e6-affc-00241dcdd299} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\MountPoints2: {96ef3006-b7e1-11e6-affc-00241dcdd299} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\MountPoints2: {982a3fa4-8bac-11e6-8259-ac6d6fc2ffef} - "L:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled [2017-05-02] ()
GroupPolicy: Beschränkung <======= ACHTUNG
GroupPolicyScripts: Beschränkung <======= ACHTUNG
GroupPolicyScripts\User: Beschränkung <======= ACHTUNG
GroupPolicyScripts-x32: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{5fc12dcf-8f58-4b1e-b714-1f3f22a18988}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5fc12dcf-8f58-4b1e-b714-1f3f22a18988}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{76bd2376-4dec-4907-811f-8ccb99843d19}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-10] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-10] (Oracle Corporation)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: D:\Users\käptnBlaubär\AppData\Roaming\Nvu\Profiles\rsb2mpcf.default [2016-12-27]
FF ProfilePath: D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904 [2017-05-02]
FF Homepage: Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904 -> Google.ch
FF NetworkProxy: Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904 -> type", 0
FF Extension: (Advanced Cookie Manager) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\cookiemgr@jayapal.com [2016-10-22]
FF Extension: (SQLite Manager) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-12-06]
FF Extension: (NoScript) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-22]
FF Extension: (Video DownloadHelper) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
FF Extension: (Adblock Plus) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (BetterPrivacy) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-12-21]
FF Extension: (DownThemAll!) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-20]
FF Extension: (Shield Recipe Client) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\features\{e75cc523-2972-4051-acdc-9ff1e83de574}\shield-recipe-client@mozilla.org.xpi [2017-04-29]
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\pandasecuritytb.xml [2017-01-02]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> D:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> D:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> D:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> D:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [Keine Datei]
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> D:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [Keine Datei]
Opera:
=======
OPR Extension: (360 Internet Protection) - D:\Users\käptnBlaubär\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2016-07-09]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; D:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; D:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-21] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.ServiceHost; D:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349096 2017-01-19] (Avira Operations GmbH & Co. KG)
R2 CG6Service; D:\Program Files\CyberGhost 6\CyberGhost.Service.exe [87088 2017-03-22] (CyberGhost S.R.L)
S3 IEEtwCollectorService; D:\Windows\system32\IEEtwCollector.exe [114688 2015-08-15] (Microsoft Corporation) [Datei ist nicht signiert]
S3 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 NvContainerLocalSystem; D:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S4 NvContainerNetworkService; D:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S4 NVIDIA Wireless Controller Service; D:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
S4 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2147216 2017-04-18] (Electronic Arts)
S2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3116440 2017-04-18] (Electronic Arts)
R2 PnkBstrA; D:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-09-29] ()
S4 RUBotSrv; D:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
S2 RVSMONBL; D:\Program Files (x86)\Returnil\RVS3\rvsmon.exe [1714696 2010-10-22] (CJSC Returnil Software)
S4 SandraAgentSrv; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe [73200 2014-10-06] (SiSoftware) [Datei ist nicht signiert]
S3 Sense; D:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; D:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
S3 WinDefend; D:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; D:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; D:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 avnetflt; D:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-21] (Avira Operations GmbH & Co. KG)
R0 avusbflt; D:\WINDOWS\System32\Drivers\avusbflt.sys [48584 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 cgnetfilter1521; D:\WINDOWS\System32\drivers\cgnetfilter1521.sys [84768 2017-03-22] (Windows (R) Win 7 DDK provider)
S3 eeCtrl; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-28] (Symantec Corporation)
S3 EraserUtilDrv11521; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [156912 2016-04-28] (Symantec Corporation)
R3 esihdrv; D:\Users\käptnBlaubär\AppData\Local\Temp\esihdrv.sys [191664 2017-05-02] (ESET) <==== ACHTUNG
R1 HssDRV6; D:\WINDOWS\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S3 MEMSWEEP2; D:\WINDOWS\system32\BEC5.tmp [6144 2009-06-18] (Sophos Plc) [Datei ist nicht signiert]
S3 MFE_RR; D:\Users\käptnBlaubär\AppData\Local\Temp\mfe_rr.sys [24120 2017-05-02] (McAfee, Inc.) <==== ACHTUNG
S3 NetAdapterCx; D:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; D:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R2 NPF; D:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NvStreamKms; D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; D:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
S3 PORTMON; D:\Users\käptnBlaubär\Desktop\security\security\sysinternals\PORTMSYS.SYS [28656 2017-04-27] (Systems Internals) [Datei ist nicht signiert]
U5 PROCMON23; D:\Windows\System32\Drivers\PROCMON23.sys [92344 2017-05-02] (Sysinternals - www.sysinternals.com)
S3 PSKMAD; D:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 rkhdrv40; D:\Windows\SysWow64\Drivers\rkhdrv40.sys [24320 2017-03-04] () [Datei ist nicht signiert]
S3 rspSanity; D:\WINDOWS\System32\DRIVERS\rspSanity64.sys [29752 2011-05-04] (Resplendence Software Projects Sp.)
R3 rt640x64; D:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S1 rvsmon; D:\WINDOWS\system32\DRIVERS\rvsmon.sys [165664 2010-10-18] (CJSC Returnil Software)
S2 rvsmonf; D:\WINDOWS\System32\DRIVERS\rvsmonf.sys [1436136 2010-10-18] (CJSC Returnil Software)
S2 rvsmonn; D:\WINDOWS\system32\DRIVERS\rvsmonn2.sys [21920 2010-10-18] (CJSC Returnil Software)
R0 RVSystem; D:\WINDOWS\System32\Drivers\RVSystem.sys [61072 2017-05-02] (CJSC Returnil Software)
S3 SANDRA; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 taphss6; D:\WINDOWS\System32\drivers\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 tapSF0901; D:\WINDOWS\System32\DRIVERS\tapSF0901.sys [39104 2015-07-31] (Spotflux, Inc.)
S3 WdBoot; D:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; D:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; D:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
U3 idsvc; kein ImagePath
U2 TMAgent; kein ImagePath
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-02-15 17:22 - 2017-02-16 09:17 - 0083644 _____ () D:\Program Files (x86)\Debugtest.html
2017-03-19 14:13 - 2017-03-28 09:33 - 0133314 _____ () D:\Users\käptnBlaubär\AppData\Local\ars.cache
2017-03-19 14:13 - 2017-03-28 09:33 - 0388629 _____ () D:\Users\käptnBlaubär\AppData\Local\census.cache
2017-03-19 13:45 - 2017-03-19 13:45 - 0000036 _____ () D:\Users\käptnBlaubär\AppData\Local\housecall.guid.cache
2017-04-07 09:01 - 2017-04-07 09:01 - 0006819 _____ () D:\Users\käptnBlaubär\AppData\Local\recently-used.xbel
2017-04-29 11:19 - 2017-04-29 11:19 - 0001293 _____ () D:\Users\käptnBlaubär\AppData\Local\Temp1.html
2017-04-29 11:19 - 2017-04-29 11:19 - 0012562 _____ () D:\Users\käptnBlaubär\AppData\Local\Temp34.html
Einige Dateien in TEMP:
====================
2017-05-01 17:48 - 2017-05-01 17:48 - 5441776 _____ (APOWERSOFT LIMITED ) D:\Users\käptnBlaubär\AppData\Local\Temp\ApowersoftVideoEditor-x0r3jzwl.svp.exe
2017-05-02 17:42 - 2016-11-11 12:13 - 1886344 _____ (Microsoft Corporation) D:\Users\käptnBlaubär\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
D:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
D:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
D:\WINDOWS\explorer.exe => Datei ist digital signiert
D:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
D:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
D:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
D:\WINDOWS\system32\services.exe => Datei ist digital signiert
D:\WINDOWS\system32\User32.dll => Datei ist digital signiert
D:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
D:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
D:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
D:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
D:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
D:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
D:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-04-24 11:33
==================== Ende von FRST.txt ============================
|
|
03.05.2017, 16:37
| #2 |
| /// TB-Ausbilder   | Rootkitverdacht Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
03.05.2017, 17:20
| #3 |
| | Rootkitverdacht Hallo Matthias
__________________Danke vielmals für Deine Hilfe  Code:
ATTFilter 18:10:12.0413 0x1d90 TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
18:10:19.0546 0x1d90 ============================================================
18:10:19.0546 0x1d90 Current date / time: 2017/05/03 18:10:19.0546
18:10:19.0546 0x1d90 SystemInfo:
18:10:19.0546 0x1d90
18:10:19.0546 0x1d90 OS Version: 10.0.14393 ServicePack: 0.0
18:10:19.0546 0x1d90 Product type: Workstation
18:10:19.0546 0x1d90 ComputerName: NONNAME
18:10:19.0546 0x1d90 UserName: Nada
18:10:19.0546 0x1d90 Windows directory: D:\WINDOWS
18:10:19.0546 0x1d90 System windows directory: D:\WINDOWS
18:10:19.0546 0x1d90 Running under WOW64
18:10:19.0546 0x1d90 Processor architecture: Intel x64
18:10:19.0546 0x1d90 Number of processors: 8
18:10:19.0546 0x1d90 Page size: 0x1000
18:10:19.0546 0x1d90 Boot type: Normal boot
18:10:19.0546 0x1d90 CodeIntegrityOptions = 0x00000001
18:10:19.0546 0x1d90 ============================================================
18:10:20.0076 0x1d90 KLMD registered as D:\WINDOWS\system32\drivers\63063534.sys
18:10:20.0076 0x1d90 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.1066, osProperties = 0x19
18:10:20.0589 0x1d90 System UUID: {3B6518FC-846A-E26E-E1F0-94B8A22FB807}
18:10:21.0624 0x1d90 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:10:21.0633 0x1d90 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:10:21.0651 0x1d90 ============================================================
18:10:21.0651 0x1d90 \Device\Harddisk1\DR1:
18:10:21.0651 0x1d90 MBR partitions:
18:10:21.0651 0x1d90 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:10:21.0651 0x1d90 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0xC350000
18:10:21.0651 0x1d90 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xC3B4800, BlocksNum 0x4FCB1800
18:10:21.0667 0x1d90 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x5C066800, BlocksNum 0x1869F000
18:10:21.0667 0x1d90 \Device\Harddisk0\DR0:
18:10:21.0667 0x1d90 MBR partitions:
18:10:21.0676 0x1d90 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBA4527C, BlocksNum 0x3EB4DD8A
18:10:21.0707 0x1d90 ============================================================
18:10:21.0729 0x1d90 C: <-> \Device\Harddisk1\DR1\Partition2
18:10:21.0788 0x1d90 D: <-> \Device\Harddisk0\DR0\Partition1
18:10:21.0807 0x1d90 E: <-> \Device\Harddisk1\DR1\Partition3
18:10:21.0807 0x1d90 M: <-> \Device\Harddisk1\DR1\Partition4
18:10:21.0807 0x1d90 ============================================================
18:10:21.0807 0x1d90 Initialize success
18:10:21.0807 0x1d90 ============================================================
18:10:31.0852 0x1e00 ============================================================
18:10:31.0852 0x1e00 Scan started
18:10:31.0852 0x1e00 Mode: Manual; SigCheck; TDLFS;
18:10:31.0852 0x1e00 ============================================================
18:10:31.0852 0x1e00 KSN ping started
18:10:32.0149 0x1e00 KSN ping finished: true
18:10:34.0399 0x1e00 ================ Scan system memory ========================
18:10:34.0399 0x1e00 System memory - ok
18:10:34.0399 0x1e00 ================ Scan services =============================
18:10:34.0571 0x1e00 [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci D:\WINDOWS\System32\drivers\1394ohci.sys
18:10:34.0649 0x1e00 1394ohci - ok
18:10:34.0665 0x1e00 [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware D:\WINDOWS\system32\drivers\3ware.sys
18:10:34.0681 0x1e00 3ware - ok
18:10:34.0743 0x1e00 [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI D:\WINDOWS\system32\drivers\ACPI.sys
18:10:34.0774 0x1e00 ACPI - ok
18:10:34.0790 0x1e00 [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev D:\WINDOWS\System32\drivers\AcpiDev.sys
18:10:34.0806 0x1e00 AcpiDev - ok
18:10:34.0821 0x1e00 [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex D:\WINDOWS\system32\Drivers\acpiex.sys
18:10:34.0837 0x1e00 acpiex - ok
18:10:34.0852 0x1e00 [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr D:\WINDOWS\System32\drivers\acpipagr.sys
18:10:34.0868 0x1e00 acpipagr - ok
18:10:34.0899 0x1e00 [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi D:\WINDOWS\System32\drivers\acpipmi.sys
18:10:34.0915 0x1e00 AcpiPmi - ok
18:10:34.0915 0x1e00 [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime D:\WINDOWS\System32\drivers\acpitime.sys
18:10:34.0931 0x1e00 acpitime - ok
18:10:34.0977 0x1e00 [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX D:\WINDOWS\system32\drivers\ADP80XX.SYS
18:10:35.0009 0x1e00 ADP80XX - ok
18:10:35.0056 0x1e00 [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD D:\WINDOWS\system32\drivers\afd.sys
18:10:35.0087 0x1e00 AFD - ok
18:10:35.0118 0x1e00 [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache D:\WINDOWS\system32\DRIVERS\ahcache.sys
18:10:35.0149 0x1e00 ahcache - ok
18:10:35.0165 0x1e00 [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter D:\WINDOWS\System32\AJRouter.dll
18:10:35.0181 0x1e00 AJRouter - ok
18:10:35.0212 0x1e00 [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG D:\WINDOWS\System32\alg.exe
18:10:35.0227 0x1e00 ALG - ok
18:10:35.0243 0x1e00 [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8 D:\WINDOWS\System32\drivers\amdk8.sys
18:10:35.0259 0x1e00 AmdK8 - ok
18:10:35.0274 0x1e00 [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM D:\WINDOWS\System32\drivers\amdppm.sys
18:10:35.0290 0x1e00 AmdPPM - ok
18:10:35.0306 0x1e00 [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata D:\WINDOWS\system32\drivers\amdsata.sys
18:10:35.0321 0x1e00 amdsata - ok
18:10:35.0337 0x1e00 [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs D:\WINDOWS\system32\drivers\amdsbs.sys
18:10:35.0352 0x1e00 amdsbs - ok
18:10:35.0368 0x1e00 [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata D:\WINDOWS\system32\drivers\amdxata.sys
18:10:35.0384 0x1e00 amdxata - ok
18:10:35.0493 0x1e00 [ E6CEE7C270AD1CAE17EA910C85211BAE, 1DEB7185CEDC5918C20353C13AA0398D739A318729700F057B13821FF0FF5C97 ] AntiVirMailService D:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
18:10:35.0540 0x1e00 AntiVirMailService - ok
18:10:35.0571 0x1e00 [ 9658B76971381D9053E48E896256D5EB, 48C763BAF349E663D0E41657779BF5D1106A7C3E7F8C898185DC5D1998C0CDAF ] AntiVirSchedulerService D:\Program Files (x86)\Avira\Antivirus\sched.exe
18:10:35.0602 0x1e00 AntiVirSchedulerService - ok
18:10:35.0634 0x1e00 [ 9658B76971381D9053E48E896256D5EB, 48C763BAF349E663D0E41657779BF5D1106A7C3E7F8C898185DC5D1998C0CDAF ] AntiVirService D:\Program Files (x86)\Avira\Antivirus\avguard.exe
18:10:35.0649 0x1e00 AntiVirService - ok
18:10:35.0696 0x1e00 [ B62E24EEC8C4B6E8A173CAD069B5033A, 719F7C51D615591E70D549552AC66343526902007480278C0E56AA7E1F406F96 ] AntiVirWebService D:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
18:10:35.0743 0x1e00 AntiVirWebService - ok
18:10:35.0806 0x1e00 [ 5B0F4FB165256DE463A51E3A3127969E, 6751ADFFE95FA671C584427A9624EEB79518DE08132FD7A83148700B75487316 ] AppHostSvc D:\WINDOWS\system32\inetsrv\apphostsvc.dll
18:10:35.0821 0x1e00 AppHostSvc - ok
18:10:35.0852 0x1e00 [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID D:\WINDOWS\system32\drivers\appid.sys
18:10:35.0868 0x1e00 AppID - ok
18:10:35.0884 0x1e00 [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc D:\WINDOWS\System32\appidsvc.dll
18:10:35.0899 0x1e00 AppIDSvc - ok
18:10:35.0915 0x1e00 [ 79A87DD43331290A276C02DC396BF530, D0781DC027EE60C94831A2C9C3DD741F8F2100A253CD847E7FCFA59919014278 ] Appinfo D:\WINDOWS\System32\appinfo.dll
18:10:35.0946 0x1e00 Appinfo - ok
18:10:36.0056 0x1e00 [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:10:36.0056 0x1e00 Apple Mobile Device Service - ok
18:10:36.0071 0x1e00 [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr D:\WINDOWS\system32\drivers\applockerfltr.sys
18:10:36.0087 0x1e00 applockerfltr - ok
18:10:36.0118 0x1e00 [ 76A12AC673B0F8A607ACDD0583C247D4, CBC6C0EB82C7A8E3998344280BBB5A697AFA7206CA2BADFDA7ED6E7DD20E3DAC ] AppMgmt D:\WINDOWS\System32\appmgmts.dll
18:10:36.0134 0x1e00 AppMgmt - ok
18:10:36.0149 0x1e00 [ 32155E028491267CF2DB6085A0B7E359, 562831841293E4849CD01992DECE39B9B3C0835DCD352994CA2E2FE1C76A7CB3 ] AppReadiness D:\WINDOWS\system32\AppReadiness.dll
18:10:36.0196 0x1e00 AppReadiness - ok
18:10:36.0243 0x1e00 [ 99CA3E622070FDBD7B75EB7E86B2DE40, 12BDD092667250EBC99B4D597897C1B2C83115CD83ECCDEAC36B2D9C9BEA77B6 ] AppVClient D:\WINDOWS\system32\AppVClient.exe
18:10:36.0274 0x1e00 AppVClient - ok
18:10:36.0306 0x1e00 [ B66ED2CB37F7E4696A51612AFBA08834, 70BA67AF7F1290E3145B873B53516F138E50D8AAC80CD00CBA66467ABC6643CB ] AppvStrm D:\WINDOWS\system32\drivers\AppvStrm.sys
18:10:36.0321 0x1e00 AppvStrm - ok
18:10:36.0352 0x1e00 [ 8DC924848E20F890BEFC6B31136D46BE, B7603425B4970F505B5A3EB0F6652A9CDD188059BDC945D6DF2BADC2DF8F4B5D ] AppvVemgr D:\WINDOWS\system32\drivers\AppvVemgr.sys
18:10:36.0368 0x1e00 AppvVemgr - ok
18:10:36.0399 0x1e00 [ 9ADC5A8BEE10E174F95349E9232D8E76, F322991323DCDC51199BB3AB0DA20F6C3CC7EE6E804400B473C610FDB895F0AE ] AppvVfs D:\WINDOWS\system32\drivers\AppvVfs.sys
18:10:36.0399 0x1e00 AppvVfs - ok
18:10:36.0509 0x1e00 [ 95415C7C5C43882F7163CA07D956ADA2, 5A082F36A39BE9ABC47AE8A72972554BA577EB04D8018EC862615EA2130FA0E3 ] AppXSvc D:\WINDOWS\system32\appxdeploymentserver.dll
18:10:36.0602 0x1e00 AppXSvc - ok
18:10:36.0634 0x1e00 [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas D:\WINDOWS\system32\drivers\arcsas.sys
18:10:36.0649 0x1e00 arcsas - ok
18:10:36.0759 0x1e00 [ 5EE26734A882478AF6696092E2E0F352, 6CACFF521B3B839F73EBEB6EFBFDCCA8A8BC319DDB254BE3EFE29A39040B2C26 ] aspnet_state D:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:10:36.0774 0x1e00 aspnet_state - ok
18:10:36.0806 0x1e00 [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac D:\WINDOWS\System32\drivers\asyncmac.sys
18:10:36.0821 0x1e00 AsyncMac - ok
18:10:36.0852 0x1e00 [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi D:\WINDOWS\system32\drivers\atapi.sys
18:10:36.0852 0x1e00 atapi - ok
18:10:36.0915 0x1e00 [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder D:\WINDOWS\System32\AudioEndpointBuilder.dll
18:10:36.0946 0x1e00 AudioEndpointBuilder - ok
18:10:36.0993 0x1e00 [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv D:\WINDOWS\System32\Audiosrv.dll
18:10:37.0040 0x1e00 Audiosrv - ok
18:10:37.0071 0x1e00 [ 11F3AAFB5D279AFBCBB0AD9FF76A24F8, 06C5FA1BD64EB54691629363DD0771394F81E4EB216E489D5169395736E80D99 ] avgntflt D:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:10:37.0087 0x1e00 avgntflt - ok
18:10:37.0118 0x1e00 [ F8520E88246641E51108922944FB34A6, 326DCB8114439FB1F75E9DB6E5F7818654FAAC4CD957B80DEE17B850676A737F ] avipbb D:\WINDOWS\system32\DRIVERS\avipbb.sys
18:10:37.0134 0x1e00 avipbb - ok
18:10:37.0196 0x1e00 [ 586FCB1EEC849C06A8DDDDAB276AF113, E193FA64A86C27B2B7AA43E74A196BCBF79A9644F94C96E84E6CC76A405193B6 ] Avira.ServiceHost D:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
18:10:37.0212 0x1e00 Avira.ServiceHost - ok
18:10:37.0227 0x1e00 [ 2CBA09A7983B1D39531B768BCED08C20, B40968DFE1A648CCB9260033E1EA57B5D496274A335B000354156B0DB740EDE0 ] avkmgr D:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:10:37.0227 0x1e00 avkmgr - ok
18:10:37.0259 0x1e00 [ 8D18C6406FF8DC39028177E1E5675182, 44985DEE74F235567FB849350256F342BCE26EF66439D761FA3F6EDA22882092 ] avnetflt D:\WINDOWS\system32\DRIVERS\avnetflt.sys
18:10:37.0274 0x1e00 avnetflt - ok
18:10:37.0290 0x1e00 [ D50D54178CA7BF63BD60ABEC8E7772CC, 19EFE0808C2660A22DD69158FEC30F8CB83167D832C3EBE12C99261C6FB79ADF ] avusbflt D:\WINDOWS\system32\Drivers\avusbflt.sys
18:10:37.0306 0x1e00 avusbflt - ok
18:10:37.0337 0x1e00 [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV D:\WINDOWS\System32\AxInstSV.dll
18:10:37.0352 0x1e00 AxInstSV - ok
18:10:37.0352 0x1e00 b06bdrv - ok
18:10:37.0368 0x1e00 [ 94D6B95485BFA35D81524B0EBA0F7569, 14A32CD501B1D816526A75A9EB3782E6C4FF78831628F257050AD2BA73733F57 ] BasicDisplay D:\WINDOWS\System32\drivers\BasicDisplay.sys
18:10:37.0384 0x1e00 BasicDisplay - ok
18:10:37.0415 0x1e00 [ 2E78B31C90766FD086D2B766528E9AEA, D0D9ED8AD90E3D400DA4231AB313B4B2869930DADC3034D6FCDEA000E424F843 ] BasicRender D:\WINDOWS\System32\drivers\BasicRender.sys
18:10:37.0431 0x1e00 BasicRender - ok
18:10:37.0446 0x1e00 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn D:\WINDOWS\System32\drivers\bcmfn.sys
18:10:37.0462 0x1e00 bcmfn - ok
18:10:37.0462 0x1e00 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 D:\WINDOWS\System32\drivers\bcmfn2.sys
18:10:37.0477 0x1e00 bcmfn2 - ok
18:10:37.0524 0x1e00 [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC D:\WINDOWS\System32\bdesvc.dll
18:10:37.0540 0x1e00 BDESVC - ok
18:10:37.0571 0x1e00 [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep D:\WINDOWS\system32\drivers\Beep.sys
18:10:37.0587 0x1e00 Beep - ok
18:10:37.0634 0x1e00 [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE D:\WINDOWS\System32\bfe.dll
18:10:37.0681 0x1e00 BFE - ok
18:10:37.0743 0x1e00 [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS D:\WINDOWS\System32\qmgr.dll
18:10:37.0806 0x1e00 BITS - ok
18:10:37.0852 0x1e00 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service D:\Program Files\Bonjour\mDNSResponder.exe
18:10:37.0868 0x1e00 Bonjour Service - ok
18:10:37.0899 0x1e00 [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser D:\WINDOWS\system32\DRIVERS\bowser.sys
18:10:37.0915 0x1e00 bowser - ok
18:10:37.0962 0x1e00 [ 6A15C5140B6F7D9479A32276AC2BA108, 0A8C6DB88148C6DB61226DD2FF816BDF3FED9E7A60EF17CCA17FA7D9EEC01C71 ] BrokerInfrastructure D:\WINDOWS\System32\bisrv.dll
18:10:38.0009 0x1e00 BrokerInfrastructure - ok
18:10:38.0024 0x1e00 [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser D:\WINDOWS\System32\browser.dll
18:10:38.0056 0x1e00 Browser - ok
18:10:38.0071 0x1e00 [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg D:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:10:38.0087 0x1e00 BthAvrcpTg - ok
18:10:38.0087 0x1e00 [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum D:\WINDOWS\System32\drivers\bthhfenum.sys
18:10:38.0102 0x1e00 BthHFEnum - ok
18:10:38.0118 0x1e00 [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid D:\WINDOWS\System32\drivers\BthHFHid.sys
18:10:38.0134 0x1e00 bthhfhid - ok
18:10:38.0149 0x1e00 [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv D:\WINDOWS\System32\BthHFSrv.dll
18:10:38.0181 0x1e00 BthHFSrv - ok
18:10:38.0196 0x1e00 [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM D:\WINDOWS\System32\drivers\bthmodem.sys
18:10:38.0212 0x1e00 BTHMODEM - ok
18:10:38.0227 0x1e00 [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv D:\WINDOWS\system32\bthserv.dll
18:10:38.0243 0x1e00 bthserv - ok
18:10:38.0274 0x1e00 [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter D:\WINDOWS\System32\drivers\buttonconverter.sys
18:10:38.0290 0x1e00 buttonconverter - ok
18:10:38.0306 0x1e00 [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg D:\WINDOWS\System32\drivers\capimg.sys
18:10:38.0321 0x1e00 CapImg - ok
18:10:38.0352 0x1e00 [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs D:\WINDOWS\system32\DRIVERS\cdfs.sys
18:10:38.0368 0x1e00 cdfs - ok
18:10:38.0399 0x1e00 [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc D:\WINDOWS\System32\CDPSvc.dll
18:10:38.0431 0x1e00 CDPSvc - ok
18:10:38.0446 0x1e00 [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc D:\WINDOWS\System32\CDPUserSvc.dll
18:10:38.0477 0x1e00 CDPUserSvc - ok
18:10:38.0524 0x1e00 [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom D:\WINDOWS\System32\drivers\cdrom.sys
18:10:38.0556 0x1e00 cdrom - ok
18:10:38.0602 0x1e00 [ E189727B3C9909A85B33A16B290E192E, 2C273A9F44EDC5E5435904E9681973854B2F3EBB6100021BB139FF0CCCE9BF20 ] CertPropSvc D:\WINDOWS\System32\certprop.dll
18:10:38.0618 0x1e00 CertPropSvc - ok
18:10:38.0696 0x1e00 [ A4574046504E8EBD017CE6D0AA3B9034, 05D9CA03B61D170B7DDB297C8AAD3727BAC3D63EF7D6FCD6744F2D6E7E921E6F ] CG6Service D:\Program Files\CyberGhost 6\CyberGhost.Service.exe
18:10:38.0712 0x1e00 CG6Service - ok
18:10:38.0759 0x1e00 [ 44293BF717CA39DC925C6A05453D8D34, 7A0761662C2B79F38CE24DC04509500BD818E6CF27252949072659AB39716A7F ] cgnetfilter1521 D:\WINDOWS\system32\drivers\cgnetfilter1521.sys
18:10:38.0759 0x1e00 cgnetfilter1521 - ok
18:10:38.0774 0x1e00 [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi D:\WINDOWS\system32\drivers\cht4sx64.sys
18:10:38.0806 0x1e00 cht4iscsi - ok
18:10:38.0868 0x1e00 [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd D:\WINDOWS\System32\drivers\cht4vx64.sys
18:10:38.0946 0x1e00 cht4vbd - ok
18:10:38.0962 0x1e00 [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass D:\WINDOWS\System32\drivers\circlass.sys
18:10:38.0977 0x1e00 circlass - ok
18:10:39.0009 0x1e00 [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS D:\WINDOWS\system32\drivers\CLFS.sys
18:10:39.0024 0x1e00 CLFS - ok
18:10:39.0071 0x1e00 [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC D:\WINDOWS\System32\ClipSVC.dll
18:10:39.0102 0x1e00 ClipSVC - ok
18:10:39.0134 0x1e00 [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg D:\WINDOWS\System32\drivers\registry.sys
18:10:39.0149 0x1e00 clreg - ok
18:10:39.0181 0x1e00 [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt D:\WINDOWS\System32\drivers\CmBatt.sys
18:10:39.0181 0x1e00 CmBatt - ok
18:10:39.0227 0x1e00 [ 4289C913D7E2FE963ABB096AA99CB1F7, 49D9008C5E18F62751D2312CE4F49DFBC04ACBBFDD950F0437F35AC21318041B ] CNG D:\WINDOWS\system32\Drivers\cng.sys
18:10:39.0259 0x1e00 CNG - ok
18:10:39.0274 0x1e00 [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist D:\WINDOWS\system32\DRIVERS\cnghwassist.sys
18:10:39.0290 0x1e00 cnghwassist - ok
18:10:39.0368 0x1e00 [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus D:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
18:10:39.0384 0x1e00 CompositeBus - ok
18:10:39.0384 0x1e00 COMSysApp - ok
18:10:39.0399 0x1e00 [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv D:\WINDOWS\system32\drivers\condrv.sys
18:10:39.0415 0x1e00 condrv - ok
18:10:39.0462 0x1e00 [ 9E3B10C490D860F3ED8F61FD0FD5B828, A21CB206A09053C7D9C94F2B71F53A40B3810D02A70C3D6AA0B48676BA5753BD ] CoreMessagingRegistrar D:\WINDOWS\system32\coremessaging.dll
18:10:39.0493 0x1e00 CoreMessagingRegistrar - ok
18:10:39.0509 0x1e00 [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc D:\WINDOWS\system32\cryptsvc.dll
18:10:39.0540 0x1e00 CryptSvc - ok
18:10:39.0571 0x1e00 [ EC2EA2F6C6D23315C20B4829F00D0440, BF1F47C3485E9112FB64F582DFA4679455203574F82A5ADB222BDA1FED1601E6 ] CSC D:\WINDOWS\system32\drivers\csc.sys
18:10:39.0602 0x1e00 CSC - ok
18:10:39.0649 0x1e00 [ BE35D1BAC3F18C9EB1C1CFBA31ED95E3, 4255475D173868A0E5583E844A1884E819E229838C4DEACAC47F1A4DEF388C9D ] CscService D:\WINDOWS\System32\cscsvc.dll
18:10:39.0696 0x1e00 CscService - ok
18:10:39.0727 0x1e00 [ 3BBD0073265DA6D3EFBA54B26E5D8236, 3C10C8BEC0D8AC41A3FBD589F41A83D6345C1FDD04B8B99063B2F5670CF10B18 ] dam D:\WINDOWS\system32\drivers\dam.sys
18:10:39.0727 0x1e00 dam - ok
18:10:39.0821 0x1e00 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch D:\WINDOWS\system32\rpcss.dll
18:10:39.0868 0x1e00 DcomLaunch - ok
18:10:39.0884 0x1e00 [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc D:\WINDOWS\system32\dcpsvc.dll
18:10:39.0915 0x1e00 DcpSvc - ok
18:10:39.0946 0x1e00 [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc D:\WINDOWS\System32\defragsvc.dll
18:10:39.0977 0x1e00 defragsvc - ok
18:10:40.0009 0x1e00 [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService D:\WINDOWS\system32\das.dll
18:10:40.0040 0x1e00 DeviceAssociationService - ok
18:10:40.0071 0x1e00 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall D:\WINDOWS\system32\umpnpmgr.dll
18:10:40.0102 0x1e00 DeviceInstall - ok
18:10:40.0134 0x1e00 [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker D:\WINDOWS\system32\DevQueryBroker.dll
18:10:40.0149 0x1e00 DevQueryBroker - ok
18:10:40.0181 0x1e00 [ 4BC21E937E9F9F408672D2C2CBE4A153, 2F27560D09D184ABB7B4415146F5B8DE56C84FF74A4042596635EF896E39CBC4 ] Dfsc D:\WINDOWS\system32\Drivers\dfsc.sys
18:10:40.0196 0x1e00 Dfsc - ok
18:10:40.0227 0x1e00 [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp D:\WINDOWS\system32\dhcpcore.dll
18:10:40.0259 0x1e00 Dhcp - ok
18:10:40.0306 0x1e00 [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service D:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
18:10:40.0321 0x1e00 diagnosticshub.standardcollector.service - ok
18:10:40.0399 0x1e00 [ EE32B36EA7CBD9BBA26B137C84943E23, BD5DDA2DEAF2D2CF6B24AED81C3EDBFECF6402A7B6A5D49FEDF334FF03CACB86 ] DiagTrack D:\WINDOWS\system32\diagtrack.dll
18:10:40.0493 0x1e00 DiagTrack - ok
18:10:40.0509 0x1e00 [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk D:\WINDOWS\system32\drivers\disk.sys
18:10:40.0524 0x1e00 disk - ok
18:10:40.0571 0x1e00 [ A1D7F926ABE7895D18467FF9A5EE7FC7, 2922C92D31EA50A126594967D325B21936432D1BB9C941416989B6848DF890E2 ] DmEnrollmentSvc D:\WINDOWS\system32\Windows.Internal.Management.dll
18:10:40.0618 0x1e00 DmEnrollmentSvc - ok
18:10:40.0618 0x1e00 [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc D:\WINDOWS\System32\drivers\dmvsc.sys
18:10:40.0634 0x1e00 dmvsc - ok
18:10:40.0681 0x1e00 [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice D:\WINDOWS\system32\dmwappushsvc.dll
18:10:40.0696 0x1e00 dmwappushservice - ok
18:10:40.0727 0x1e00 [ 86E507EE1457D7FA463BBF05BA76EB1E, 2D2D05CED57C22F41684DC6DD00ACECDF708407493286B2D4007068154E436FF ] Dnscache D:\WINDOWS\System32\dnsrslvr.dll
18:10:40.0743 0x1e00 Dnscache - ok
18:10:40.0774 0x1e00 [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc D:\WINDOWS\System32\dot3svc.dll
18:10:40.0790 0x1e00 dot3svc - ok
18:10:40.0821 0x1e00 [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS D:\WINDOWS\system32\dps.dll
18:10:40.0852 0x1e00 DPS - ok
18:10:40.0852 0x1e00 [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud D:\WINDOWS\system32\DRIVERS\drmkaud.sys
18:10:40.0868 0x1e00 drmkaud - ok
18:10:40.0915 0x1e00 [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc D:\WINDOWS\System32\DeviceSetupManager.dll
18:10:40.0931 0x1e00 DsmSvc - ok
18:10:40.0962 0x1e00 [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc D:\WINDOWS\System32\DsSvc.dll
18:10:40.0977 0x1e00 DsSvc - ok
18:10:41.0056 0x1e00 [ 2DD9CF863320D5EDEA3ED9B8ED280BB0, CC35571FBA2E6E617CF93F778351ED3B3EA16F0B301C5433E94AD328E6EEA0FF ] DXGKrnl D:\WINDOWS\System32\drivers\dxgkrnl.sys
18:10:41.0134 0x1e00 DXGKrnl - ok
18:10:41.0165 0x1e00 [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost D:\WINDOWS\System32\eapsvc.dll
18:10:41.0196 0x1e00 EapHost - ok
18:10:41.0306 0x1e00 [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv D:\WINDOWS\system32\drivers\evbda.sys
18:10:41.0415 0x1e00 ebdrv - ok
18:10:41.0477 0x1e00 [ E5C10FCFA331D2BA13B211D0454FEA38, 9363545317C655EED282BA1FE7C71B26E2C3599F35E42E7496F413961303A24D ] eeCtrl D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:10:41.0493 0x1e00 eeCtrl - ok
18:10:41.0524 0x1e00 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS D:\WINDOWS\System32\lsass.exe
18:10:41.0540 0x1e00 EFS - ok
18:10:41.0571 0x1e00 [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass D:\WINDOWS\system32\drivers\EhStorClass.sys
18:10:41.0587 0x1e00 EhStorClass - ok
18:10:41.0618 0x1e00 [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv D:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
18:10:41.0634 0x1e00 EhStorTcgDrv - ok
18:10:41.0649 0x1e00 [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode D:\WINDOWS\System32\embeddedmodesvc.dll
18:10:41.0681 0x1e00 embeddedmode - ok
18:10:41.0712 0x1e00 [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc D:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
18:10:41.0727 0x1e00 EntAppSvc - ok
18:10:41.0806 0x1e00 [ 2BD3F1059975CE90F8D968DADD790DFF, 9FD4FA7DB54B0E1E4A48863435F728220978A271D2A28BB3E9E112C1A59B1D4C ] EraserUtilDrv11521 D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys
18:10:41.0806 0x1e00 EraserUtilDrv11521 - ok
18:10:41.0837 0x1e00 [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev D:\WINDOWS\System32\drivers\errdev.sys
18:10:41.0852 0x1e00 ErrDev - ok
18:10:41.0977 0x1e00 [ 9D6112514743B85C5B4328E71C4BF1FE, D4CBD86C260B980050F3DFE65ECE9072BD9363D122777CE2D5861BF9272EB786 ] esihdrv D:\Users\KPTNBL~1\AppData\Local\Temp\esihdrv.sys
18:10:41.0993 0x1e00 esihdrv - ok
18:10:42.0040 0x1e00 [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem D:\WINDOWS\system32\es.dll
18:10:42.0071 0x1e00 EventSystem - ok
18:10:42.0087 0x1e00 [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat D:\WINDOWS\system32\drivers\exfat.sys
18:10:42.0118 0x1e00 exfat - ok
18:10:42.0149 0x1e00 [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat D:\WINDOWS\system32\drivers\fastfat.sys
18:10:42.0165 0x1e00 fastfat - ok
18:10:42.0212 0x1e00 [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax D:\WINDOWS\system32\fxssvc.exe
18:10:42.0243 0x1e00 Fax - ok
18:10:42.0259 0x1e00 [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc D:\WINDOWS\System32\drivers\fdc.sys
18:10:42.0274 0x1e00 fdc - ok
18:10:42.0306 0x1e00 [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost D:\WINDOWS\system32\fdPHost.dll
18:10:42.0321 0x1e00 fdPHost - ok
18:10:42.0337 0x1e00 [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub D:\WINDOWS\system32\fdrespub.dll
18:10:42.0352 0x1e00 FDResPub - ok
18:10:42.0384 0x1e00 [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc D:\WINDOWS\system32\fhsvc.dll
18:10:42.0399 0x1e00 fhsvc - ok
18:10:42.0415 0x1e00 [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt D:\WINDOWS\system32\drivers\filecrypt.sys
18:10:42.0431 0x1e00 FileCrypt - ok
18:10:42.0446 0x1e00 [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo D:\WINDOWS\system32\drivers\fileinfo.sys
18:10:42.0462 0x1e00 FileInfo - ok
18:10:42.0477 0x1e00 [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace D:\WINDOWS\system32\drivers\filetrace.sys
18:10:42.0493 0x1e00 Filetrace - ok
18:10:42.0509 0x1e00 [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk D:\WINDOWS\System32\drivers\flpydisk.sys
18:10:42.0524 0x1e00 flpydisk - ok
18:10:42.0540 0x1e00 [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr D:\WINDOWS\system32\drivers\fltmgr.sys
18:10:42.0571 0x1e00 FltMgr - ok
18:10:42.0634 0x1e00 [ 2E193D24CE8460A9C703D0F193192BEF, CD95928BC240D556DFEA265A09A655FFE157A36D2230CD10BBAD4CA15CB98412 ] FontCache D:\WINDOWS\system32\FntCache.dll
18:10:42.0727 0x1e00 FontCache - ok
18:10:42.0837 0x1e00 [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 D:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:10:42.0837 0x1e00 FontCache3.0.0.0 - ok
18:10:42.0884 0x1e00 [ CD7CD19E72EA2F597D01FC68ECD2F28E, 4E8BAA4AEF28B043780E2FEFFEB5E4DF4E2FB3211CE617D2DBAFB6C7B7DBBDFD ] FrameServer D:\WINDOWS\system32\FrameServer.dll
18:10:42.0931 0x1e00 FrameServer - ok
18:10:42.0946 0x1e00 [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends D:\WINDOWS\system32\drivers\FsDepends.sys
18:10:42.0962 0x1e00 FsDepends - ok
18:10:42.0977 0x1e00 [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec D:\WINDOWS\system32\drivers\Fs_Rec.sys
18:10:42.0993 0x1e00 Fs_Rec - ok
18:10:43.0040 0x1e00 [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol D:\WINDOWS\system32\DRIVERS\fvevol.sys
18:10:43.0071 0x1e00 fvevol - ok
18:10:43.0087 0x1e00 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:10:43.0102 0x1e00 GEARAspiWDM - ok
18:10:43.0134 0x1e00 [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter D:\WINDOWS\System32\drivers\vmgencounter.sys
18:10:43.0149 0x1e00 gencounter - ok
18:10:43.0212 0x1e00 [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn D:\WINDOWS\System32\drivers\genericusbfn.sys
18:10:43.0212 0x1e00 genericusbfn - ok
18:10:43.0227 0x1e00 [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101 D:\WINDOWS\system32\Drivers\msgpioclx.sys
18:10:43.0243 0x1e00 GPIOClx0101 - ok
18:10:43.0306 0x1e00 [ 8997353398C8466ECD183942D5FCC65B, C73FD5FFD71003F7FDDC17F59812BD6860992FA35EC0ECC8DE37D935606B485B ] gpsvc D:\WINDOWS\System32\gpsvc.dll
18:10:43.0368 0x1e00 gpsvc - ok
18:10:43.0399 0x1e00 [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv D:\WINDOWS\system32\drivers\gpuenergydrv.sys
18:10:43.0415 0x1e00 GpuEnergyDrv - ok
18:10:43.0431 0x1e00 [ 217230B984AB2954E2FA5E36578D7B08, BB7B79EA7501A28EB2A0303FDF66FB9D59D567994C25A1523CD6D2081C403AF6 ] HdAudAddService D:\WINDOWS\system32\DRIVERS\HdAudio.sys
18:10:43.0462 0x1e00 HdAudAddService - ok
18:10:43.0477 0x1e00 [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus D:\WINDOWS\System32\drivers\HDAudBus.sys
18:10:43.0493 0x1e00 HDAudBus - ok
18:10:43.0509 0x1e00 [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt D:\WINDOWS\System32\drivers\HidBatt.sys
18:10:43.0524 0x1e00 HidBatt - ok
18:10:43.0556 0x1e00 [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth D:\WINDOWS\System32\drivers\hidbth.sys
18:10:43.0571 0x1e00 HidBth - ok
18:10:43.0587 0x1e00 [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c D:\WINDOWS\System32\drivers\hidi2c.sys
18:10:43.0587 0x1e00 hidi2c - ok
18:10:43.0602 0x1e00 [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt D:\WINDOWS\System32\drivers\hidinterrupt.sys
18:10:43.0618 0x1e00 hidinterrupt - ok
18:10:43.0634 0x1e00 [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr D:\WINDOWS\System32\drivers\hidir.sys
18:10:43.0649 0x1e00 HidIr - ok
18:10:43.0665 0x1e00 [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv D:\WINDOWS\system32\hidserv.dll
18:10:43.0681 0x1e00 hidserv - ok
18:10:43.0727 0x1e00 [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb D:\WINDOWS\System32\drivers\hidusb.sys
18:10:43.0743 0x1e00 HidUsb - ok
18:10:43.0774 0x1e00 [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener D:\WINDOWS\system32\ListSvc.dll
18:10:43.0806 0x1e00 HomeGroupListener - ok
18:10:43.0837 0x1e00 [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider D:\WINDOWS\system32\provsvc.dll
18:10:43.0868 0x1e00 HomeGroupProvider - ok
18:10:43.0899 0x1e00 [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD D:\WINDOWS\system32\drivers\HpSAMD.sys
18:10:43.0899 0x1e00 HpSAMD - ok
18:10:43.0946 0x1e00 [ 0063ACEBB5BBE8C563A6ADB09155E644, BC7C9AFB83F5345065BB070A5D992DCE13CB35027D8FE402B338D775C896317B ] HssDRV6 D:\WINDOWS\system32\DRIVERS\hssdrv6.sys
18:10:43.0946 0x1e00 HssDRV6 - ok
18:10:44.0009 0x1e00 [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP D:\WINDOWS\system32\drivers\HTTP.sys
18:10:44.0056 0x1e00 HTTP - ok
18:10:44.0071 0x1e00 [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost D:\WINDOWS\System32\hvhostsvc.dll
18:10:44.0087 0x1e00 HvHost - ok
18:10:44.0118 0x1e00 [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice D:\WINDOWS\system32\drivers\hvservice.sys
18:10:44.0134 0x1e00 hvservice - ok
18:10:44.0149 0x1e00 [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy D:\WINDOWS\system32\drivers\hwpolicy.sys
18:10:44.0181 0x1e00 hwpolicy - ok
18:10:44.0196 0x1e00 [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd D:\WINDOWS\System32\drivers\hyperkbd.sys
18:10:44.0196 0x1e00 hyperkbd - ok
18:10:44.0243 0x1e00 [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt D:\WINDOWS\System32\drivers\i8042prt.sys
18:10:44.0259 0x1e00 i8042prt - ok
18:10:44.0274 0x1e00 [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio D:\WINDOWS\System32\drivers\iagpio.sys
18:10:44.0274 0x1e00 iagpio - ok
18:10:44.0290 0x1e00 [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c D:\WINDOWS\System32\drivers\iai2c.sys
18:10:44.0321 0x1e00 iai2c - ok
18:10:44.0339 0x1e00 [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2 D:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
18:10:44.0354 0x1e00 iaLPSS2i_GPIO2 - ok
18:10:44.0368 0x1e00 [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C D:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
18:10:44.0381 0x1e00 iaLPSS2i_I2C - ok
18:10:44.0398 0x1e00 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO D:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
18:10:44.0416 0x1e00 iaLPSSi_GPIO - ok
18:10:44.0427 0x1e00 [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C D:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
18:10:44.0443 0x1e00 iaLPSSi_I2C - ok
18:10:44.0474 0x1e00 [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV D:\WINDOWS\system32\drivers\iaStorAV.sys
18:10:44.0521 0x1e00 iaStorAV - ok
18:10:44.0536 0x1e00 [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV D:\WINDOWS\system32\drivers\iaStorV.sys
18:10:44.0552 0x1e00 iaStorV - ok
18:10:44.0583 0x1e00 [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus D:\WINDOWS\System32\drivers\ibbus.sys
18:10:44.0614 0x1e00 ibbus - ok
18:10:44.0646 0x1e00 [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc D:\WINDOWS\System32\tetheringservice.dll
18:10:44.0677 0x1e00 icssvc - ok
18:10:44.0677 0x1e00 IEEtwCollectorService - ok
18:10:44.0724 0x1e00 [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT D:\WINDOWS\System32\ikeext.dll
18:10:44.0786 0x1e00 IKEEXT - ok
18:10:44.0802 0x1e00 [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd D:\WINDOWS\System32\drivers\IndirectKmd.sys
18:10:44.0817 0x1e00 IndirectKmd - ok
18:10:44.0849 0x1e00 [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide D:\WINDOWS\system32\drivers\intelide.sys
18:10:44.0849 0x1e00 intelide - ok
18:10:44.0864 0x1e00 [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep D:\WINDOWS\system32\drivers\intelpep.sys
18:10:44.0880 0x1e00 intelpep - ok
18:10:44.0896 0x1e00 [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm D:\WINDOWS\System32\drivers\intelppm.sys
18:10:44.0911 0x1e00 intelppm - ok
18:10:44.0942 0x1e00 [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate D:\WINDOWS\system32\drivers\iorate.sys
18:10:44.0958 0x1e00 iorate - ok
18:10:44.0974 0x1e00 [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:10:44.0989 0x1e00 IpFilterDriver - ok
18:10:45.0036 0x1e00 [ 68C50E8E4265698BE6835156F4DD5008, 5B9CBBCE99315E5569E6733F13E91A687A36F536A68A2B670CC24C4BCC4EAFF4 ] iphlpsvc D:\WINDOWS\System32\iphlpsvc.dll
18:10:45.0083 0x1e00 iphlpsvc - ok
18:10:45.0130 0x1e00 [ 10D01A3657AC8E8004C83D613163DE1E, F9389F1BF87A2D28899F50D270DA6F48B0912CFAF06CEE566697B041DBE92F9C ] IPMIDRV D:\WINDOWS\System32\drivers\IPMIDrv.sys
18:10:45.0130 0x1e00 IPMIDRV - ok
18:10:45.0146 0x1e00 [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT D:\WINDOWS\system32\drivers\ipnat.sys
18:10:45.0177 0x1e00 IPNAT - ok
18:10:45.0193 0x1e00 [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda D:\WINDOWS\system32\drivers\irda.sys
18:10:45.0208 0x1e00 irda - ok
18:10:45.0224 0x1e00 [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM D:\WINDOWS\system32\drivers\irenum.sys
18:10:45.0239 0x1e00 IRENUM - ok
18:10:45.0271 0x1e00 [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon D:\WINDOWS\System32\irmon.dll
18:10:45.0286 0x1e00 irmon - ok
18:10:45.0302 0x1e00 [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp D:\WINDOWS\system32\drivers\isapnp.sys
18:10:45.0317 0x1e00 isapnp - ok
18:10:45.0333 0x1e00 [ CA20F4621AB8CD3F69199DE21B5B41C4, 0AFFC66DD10D4D15139337E5ED343A2ABBB26CC8A83B3BDF6AD10C68B3931A7C ] iScsiPrt D:\WINDOWS\System32\drivers\msiscsi.sys
18:10:45.0364 0x1e00 iScsiPrt - ok
18:10:45.0364 0x1e00 [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass D:\WINDOWS\System32\drivers\kbdclass.sys
18:10:45.0380 0x1e00 kbdclass - ok
18:10:45.0411 0x1e00 [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid D:\WINDOWS\System32\drivers\kbdhid.sys
18:10:45.0427 0x1e00 kbdhid - ok
18:10:45.0443 0x1e00 [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic D:\WINDOWS\System32\drivers\kdnic.sys
18:10:45.0458 0x1e00 kdnic - ok
18:10:45.0474 0x1e00 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso D:\WINDOWS\system32\lsass.exe
18:10:45.0489 0x1e00 KeyIso - ok
18:10:45.0521 0x1e00 [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD D:\WINDOWS\system32\Drivers\ksecdd.sys
18:10:45.0536 0x1e00 KSecDD - ok
18:10:45.0583 0x1e00 [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg D:\WINDOWS\system32\Drivers\ksecpkg.sys
18:10:45.0599 0x1e00 KSecPkg - ok
18:10:45.0614 0x1e00 [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk D:\WINDOWS\system32\drivers\ksthunk.sys
18:10:45.0630 0x1e00 ksthunk - ok
18:10:45.0677 0x1e00 [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm D:\WINDOWS\system32\msdtckrm.dll
18:10:45.0708 0x1e00 KtmRm - ok
18:10:45.0755 0x1e00 [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer D:\WINDOWS\system32\srvsvc.dll
18:10:45.0786 0x1e00 LanmanServer - ok
18:10:45.0817 0x1e00 [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation D:\WINDOWS\System32\wkssvc.dll
18:10:45.0849 0x1e00 LanmanWorkstation - ok
18:10:45.0864 0x1e00 [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc D:\WINDOWS\System32\lfsvc.dll
18:10:45.0880 0x1e00 lfsvc - ok
18:10:45.0911 0x1e00 [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager D:\WINDOWS\system32\LicenseManagerSvc.dll
18:10:45.0927 0x1e00 LicenseManager - ok
18:10:45.0958 0x1e00 [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio D:\WINDOWS\system32\drivers\lltdio.sys
18:10:45.0974 0x1e00 lltdio - ok
18:10:45.0989 0x1e00 [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc D:\WINDOWS\System32\lltdsvc.dll
18:10:46.0021 0x1e00 lltdsvc - ok
18:10:46.0052 0x1e00 [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts D:\WINDOWS\System32\lmhsvc.dll
18:10:46.0067 0x1e00 lmhosts - ok
18:10:46.0083 0x1e00 [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS D:\WINDOWS\system32\drivers\lsi_sas.sys
18:10:46.0099 0x1e00 LSI_SAS - ok
18:10:46.0130 0x1e00 [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i D:\WINDOWS\system32\drivers\lsi_sas2i.sys
18:10:46.0146 0x1e00 LSI_SAS2i - ok
18:10:46.0161 0x1e00 [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i D:\WINDOWS\system32\drivers\lsi_sas3i.sys
18:10:46.0177 0x1e00 LSI_SAS3i - ok
18:10:46.0177 0x1e00 [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS D:\WINDOWS\system32\drivers\lsi_sss.sys
18:10:46.0192 0x1e00 LSI_SSS - ok
18:10:46.0239 0x1e00 [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM D:\WINDOWS\System32\lsm.dll
18:10:46.0286 0x1e00 LSM - ok
18:10:46.0302 0x1e00 [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv D:\WINDOWS\system32\drivers\luafv.sys
18:10:46.0317 0x1e00 luafv - ok
18:10:46.0349 0x1e00 [ 9F699136FA1A8A170C2C05D7790A5FC0, 4363C527BD2FC9FD8937E9866CA200809AC87B64EA57084491BAB6DEB8ED9E87 ] MapsBroker D:\WINDOWS\System32\moshost.dll
18:10:46.0364 0x1e00 MapsBroker - ok
18:10:46.0583 0x1e00 [ 804E3246E3E73D4A936F2F4BCDC53A2D, BF1F9B4AC292238FA6EE541E325B220F311977F9D87D5BC7F90AD058FBF0B35A ] MBAMService D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
18:10:46.0708 0x1e00 MBAMService - ok
18:10:46.0755 0x1e00 [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas D:\WINDOWS\system32\drivers\megasas.sys
18:10:46.0771 0x1e00 megasas - ok
18:10:46.0802 0x1e00 [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i D:\WINDOWS\system32\drivers\MegaSas2i.sys
18:10:46.0817 0x1e00 megasas2i - ok
18:10:46.0849 0x1e00 [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr D:\WINDOWS\system32\drivers\megasr.sys
18:10:46.0880 0x1e00 megasr - ok
18:10:46.0927 0x1e00 [ 1595FECFFBE9EA2417E06D5FD0BFA4C4, 96006C7F19FDC1700EEBA870F96433D3260DEA06AD7215EAD8F1D74C953E1B50 ] MEMSWEEP2 D:\WINDOWS\system32\BEC5.tmp
18:10:46.0927 0x1e00 MEMSWEEP2 - detected UnsignedFile.Multi.Generic ( 1 )
18:10:47.0192 0x1e00 Detect skipped due to KSN trusted
18:10:47.0192 0x1e00 MEMSWEEP2 - ok
18:10:47.0224 0x1e00 [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService D:\WINDOWS\System32\MessagingService.dll
18:10:47.0239 0x1e00 MessagingService - ok
18:10:47.0349 0x1e00 MFE_RR - ok
18:10:47.0380 0x1e00 [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus D:\WINDOWS\System32\drivers\mlx4_bus.sys
18:10:47.0411 0x1e00 mlx4_bus - ok
18:10:47.0442 0x1e00 [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS D:\WINDOWS\system32\drivers\mmcss.sys
18:10:47.0458 0x1e00 MMCSS - ok
18:10:47.0489 0x1e00 [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem D:\WINDOWS\system32\drivers\modem.sys
18:10:47.0505 0x1e00 Modem - ok
18:10:47.0521 0x1e00 [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor D:\WINDOWS\System32\drivers\monitor.sys
18:10:47.0536 0x1e00 monitor - ok
18:10:47.0536 0x1e00 [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass D:\WINDOWS\System32\drivers\mouclass.sys
18:10:47.0552 0x1e00 mouclass - ok
18:10:47.0567 0x1e00 [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid D:\WINDOWS\System32\drivers\mouhid.sys
18:10:47.0583 0x1e00 mouhid - ok
18:10:47.0599 0x1e00 [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr D:\WINDOWS\system32\drivers\mountmgr.sys
18:10:47.0614 0x1e00 mountmgr - ok
18:10:47.0677 0x1e00 [ 4235B16E8C2E277EECB9BFD4579C428E, BCACE6E4D61E5C8A3BA417A361121A5B2F2B3D6E103B005C3F5738D4915B5FF4 ] MozillaMaintenance D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:10:47.0692 0x1e00 MozillaMaintenance - ok
18:10:47.0692 0x1e00 [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv D:\WINDOWS\system32\drivers\mpsdrv.sys
18:10:47.0708 0x1e00 mpsdrv - ok
18:10:47.0755 0x1e00 [ A231E1861F7AA9CCC24B97176BBA838D, CDAB9A25CC55B71E8A83E50504B12E948D7A88F035918E4F94E3624E4AA0A28D ] MpsSvc D:\WINDOWS\system32\mpssvc.dll
18:10:47.0802 0x1e00 MpsSvc - ok
18:10:47.0833 0x1e00 [ 4FC62380457DE25B69011D3542E954AC, D212DDD2446618A6215CF9FC370FA2634F027BC92D1D4999E019BEF8A86AA6EB ] MQAC D:\WINDOWS\system32\drivers\mqac.sys
18:10:47.0864 0x1e00 MQAC - ok
18:10:47.0896 0x1e00 [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV D:\WINDOWS\system32\drivers\mrxdav.sys
18:10:47.0911 0x1e00 MRxDAV - ok
18:10:47.0942 0x1e00 [ D559FF28B1AD9B1E15A4186E785E61F6, 4B22A740E86CA10B1B43E36CBE9A50B53D1E5504C25694C8FF3A514DF699E99C ] mrxsmb D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:10:47.0974 0x1e00 mrxsmb - ok
18:10:48.0005 0x1e00 [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10 D:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
18:10:48.0021 0x1e00 mrxsmb10 - ok
18:10:48.0036 0x1e00 [ 0698B15E21EA1B8742F2E7BB3142B754, 0DB79841E863F08452F895DA47CEEF6CA4D527A616EB616FDFF5F7431487E5F7 ] mrxsmb20 D:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
18:10:48.0052 0x1e00 mrxsmb20 - ok
18:10:48.0083 0x1e00 [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge D:\WINDOWS\system32\drivers\bridge.sys
18:10:48.0114 0x1e00 MsBridge - ok
18:10:48.0146 0x1e00 [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC D:\WINDOWS\System32\msdtc.exe
18:10:48.0161 0x1e00 MSDTC - ok
18:10:48.0177 0x1e00 [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs D:\WINDOWS\system32\drivers\Msfs.sys
18:10:48.0192 0x1e00 Msfs - ok
18:10:48.0208 0x1e00 [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32 D:\WINDOWS\System32\drivers\msgpiowin32.sys
18:10:48.0224 0x1e00 msgpiowin32 - ok
18:10:48.0224 0x1e00 [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf D:\WINDOWS\System32\drivers\mshidkmdf.sys
18:10:48.0239 0x1e00 mshidkmdf - ok
18:10:48.0255 0x1e00 [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf D:\WINDOWS\System32\drivers\mshidumdf.sys
18:10:48.0271 0x1e00 mshidumdf - ok
18:10:48.0271 0x1e00 [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv D:\WINDOWS\system32\drivers\msisadrv.sys
18:10:48.0286 0x1e00 msisadrv - ok
18:10:48.0333 0x1e00 [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI D:\WINDOWS\system32\iscsiexe.dll
18:10:48.0349 0x1e00 MSiSCSI - ok
18:10:48.0349 0x1e00 msiserver - ok
18:10:48.0380 0x1e00 [ 4586CDA25B7866DD9505CEECF9DB3C74, B94CE1A7C1B6FFEF7AA33AEC30C27E01E44E6E56A4274705684BFBB738F95BCF ] MSKSSRV D:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
18:10:48.0396 0x1e00 MSKSSRV - ok
18:10:48.0411 0x1e00 [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp D:\WINDOWS\system32\drivers\mslldp.sys
18:10:48.0427 0x1e00 MsLldp - ok
18:10:48.0458 0x1e00 [ F3EF38D07A4ADCDF922EEEAF0FED7D4D, B9D436BFA29AA0A7B00889D96C4F8BC33C1809E19B7A71A69AB2E534E9794BF0 ] MSMQ D:\WINDOWS\system32\mqsvc.exe
18:10:48.0474 0x1e00 MSMQ - ok
18:10:48.0489 0x1e00 [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK D:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
18:10:48.0505 0x1e00 MSPCLOCK - ok
18:10:48.0505 0x1e00 [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM D:\WINDOWS\system32\DRIVERS\MSPQM.sys
18:10:48.0536 0x1e00 MSPQM - ok
18:10:48.0552 0x1e00 [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC D:\WINDOWS\system32\drivers\MsRPC.sys
18:10:48.0583 0x1e00 MsRPC - ok
18:10:48.0599 0x1e00 [ 7ACFE7435317E791FF9EED2F49B402F2, EAF2CE12403A9D975112A22EDBC313EE63B926C070B35E62D515403DD34BD88D ] MsSecFlt D:\WINDOWS\system32\drivers\mssecflt.sys
18:10:48.0614 0x1e00 MsSecFlt - ok
18:10:48.0630 0x1e00 [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios D:\WINDOWS\System32\drivers\mssmbios.sys
18:10:48.0646 0x1e00 mssmbios - ok
18:10:48.0661 0x1e00 [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE D:\WINDOWS\system32\DRIVERS\MSTEE.sys
18:10:48.0677 0x1e00 MSTEE - ok
18:10:48.0692 0x1e00 [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig D:\WINDOWS\System32\drivers\MTConfig.sys
18:10:48.0708 0x1e00 MTConfig - ok
18:10:48.0724 0x1e00 [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup D:\WINDOWS\system32\Drivers\mup.sys
18:10:48.0739 0x1e00 Mup - ok
18:10:48.0755 0x1e00 [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis D:\WINDOWS\system32\drivers\mvumis.sys
18:10:48.0771 0x1e00 mvumis - ok
18:10:48.0817 0x1e00 [ A5FA29F748BBF38FC3FAE4B54FA20A93, 8912F08967CFDD2A74593C9D23F43D6487D1920969C380B39BA8EA4672B24C3B ] NativeWifiP D:\WINDOWS\system32\DRIVERS\nwifi.sys
18:10:48.0849 0x1e00 NativeWifiP - ok
18:10:48.0880 0x1e00 [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc D:\WINDOWS\System32\ncasvc.dll
18:10:48.0896 0x1e00 NcaSvc - ok
18:10:48.0927 0x1e00 [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService D:\WINDOWS\System32\ncbservice.dll
18:10:48.0958 0x1e00 NcbService - ok
18:10:48.0974 0x1e00 [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup D:\WINDOWS\System32\NcdAutoSetup.dll
18:10:49.0005 0x1e00 NcdAutoSetup - ok
18:10:49.0021 0x1e00 [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr D:\WINDOWS\System32\drivers\ndfltr.sys
18:10:49.0036 0x1e00 ndfltr - ok
18:10:49.0099 0x1e00 [ 63560E6BC9BCA978A6B72DF65F7A8930, 278AAB22ED6001E7E336EFC027073EDA727A3D333FF2576D087C92F8E6D768B2 ] NDIS D:\WINDOWS\system32\drivers\ndis.sys
18:10:49.0146 0x1e00 NDIS - ok
18:10:49.0146 0x1e00 [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap D:\WINDOWS\system32\drivers\ndiscap.sys
18:10:49.0161 0x1e00 NdisCap - ok
18:10:49.0192 0x1e00 [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform D:\WINDOWS\system32\drivers\NdisImPlatform.sys
18:10:49.0224 0x1e00 NdisImPlatform - ok
18:10:49.0224 0x1e00 [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi D:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:10:49.0255 0x1e00 NdisTapi - ok
18:10:49.0271 0x1e00 [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio D:\WINDOWS\system32\drivers\ndisuio.sys
18:10:49.0286 0x1e00 Ndisuio - ok
18:10:49.0286 0x1e00 [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus D:\WINDOWS\System32\drivers\NdisVirtualBus.sys
18:10:49.0302 0x1e00 NdisVirtualBus - ok
18:10:49.0317 0x1e00 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan D:\WINDOWS\System32\drivers\ndiswan.sys
18:10:49.0349 0x1e00 NdisWan - ok
18:10:49.0364 0x1e00 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy D:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:10:49.0396 0x1e00 ndiswanlegacy - ok
18:10:49.0411 0x1e00 [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy D:\WINDOWS\system32\DRIVERS\NDProxy.sys
18:10:49.0427 0x1e00 ndproxy - ok
18:10:49.0442 0x1e00 [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu D:\WINDOWS\system32\drivers\Ndu.sys
18:10:49.0474 0x1e00 Ndu - ok
18:10:49.0489 0x1e00 [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx D:\WINDOWS\system32\drivers\NetAdapterCx.sys
18:10:49.0505 0x1e00 NetAdapterCx - ok
18:10:49.0521 0x1e00 [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS D:\WINDOWS\system32\drivers\netbios.sys
18:10:49.0536 0x1e00 NetBIOS - ok
18:10:49.0552 0x1e00 [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT D:\WINDOWS\system32\DRIVERS\netbt.sys
18:10:49.0583 0x1e00 NetBT - ok
18:10:49.0599 0x1e00 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon D:\WINDOWS\system32\lsass.exe
18:10:49.0614 0x1e00 Netlogon - ok
18:10:49.0646 0x1e00 [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman D:\WINDOWS\System32\netman.dll
18:10:49.0677 0x1e00 Netman - ok
18:10:49.0802 0x1e00 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetMsmqActivator D:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:49.0817 0x1e00 NetMsmqActivator - ok
18:10:49.0833 0x1e00 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetPipeActivator D:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:49.0849 0x1e00 NetPipeActivator - ok
18:10:49.0896 0x1e00 [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm D:\WINDOWS\System32\netprofmsvc.dll
18:10:49.0927 0x1e00 netprofm - ok
18:10:50.0005 0x1e00 [ BA0C8F0B8B10968B63D85D665A6C280E, 94734AEF0F2698863C0570C05955B3C297B038DFE74A759896588C4AAAAB557F ] netr28ux D:\WINDOWS\System32\drivers\netr28ux.sys
18:10:50.0114 0x1e00 netr28ux - ok
18:10:50.0146 0x1e00 [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc D:\WINDOWS\System32\NetSetupSvc.dll
18:10:50.0177 0x1e00 NetSetupSvc - ok
18:10:50.0177 0x1e00 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpActivator D:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:50.0192 0x1e00 NetTcpActivator - ok
18:10:50.0192 0x1e00 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing D:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:50.0208 0x1e00 NetTcpPortSharing - ok
18:10:50.0239 0x1e00 [ E79E364AF827EB1F141BE000ABB8727D, 96218EB8B7C9E0F614AB9EAEAEC41BD4DB0E9EFE5C1D87EC749B9CB71653CEB1 ] NgcCtnrSvc D:\WINDOWS\System32\NgcCtnrSvc.dll
18:10:50.0271 0x1e00 NgcCtnrSvc - ok
18:10:50.0317 0x1e00 [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc D:\WINDOWS\system32\ngcsvc.dll
18:10:50.0364 0x1e00 NgcSvc - ok
18:10:50.0396 0x1e00 [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc D:\WINDOWS\System32\nlasvc.dll
18:10:50.0427 0x1e00 NlaSvc - ok
18:10:50.0442 0x1e00 [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF D:\WINDOWS\system32\drivers\npf.sys
18:10:50.0458 0x1e00 NPF - ok
18:10:50.0458 0x1e00 [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs D:\WINDOWS\system32\drivers\Npfs.sys
18:10:50.0489 0x1e00 Npfs - ok
18:10:50.0505 0x1e00 [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig D:\WINDOWS\System32\drivers\npsvctrig.sys
18:10:50.0521 0x1e00 npsvctrig - ok
18:10:50.0521 0x1e00 [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi D:\WINDOWS\system32\nsisvc.dll
18:10:50.0536 0x1e00 nsi - ok
18:10:50.0552 0x1e00 [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy D:\WINDOWS\system32\drivers\nsiproxy.sys
18:10:50.0567 0x1e00 nsiproxy - ok
18:10:50.0661 0x1e00 [ 98BBD81DC481E9D58EEB31C81EBDEFF5, 28FAAFCB90721C557C37D18533681C274428BC97AB3C3AAFCC75212074E9F2CA ] NTFS D:\WINDOWS\system32\drivers\NTFS.sys
18:10:50.0739 0x1e00 NTFS - ok
18:10:50.0755 0x1e00 [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null D:\WINDOWS\system32\drivers\Null.sys
18:10:50.0771 0x1e00 Null - ok
18:10:50.0896 0x1e00 [ 681E911AA54E4AC2184C8FC0CEA74EBC, 92E421EEE50E404B3EDC6864097E63BDB80F7CDF0EFEA6DC19977B4DE06F23E2 ] NvContainerLocalSystem D:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
18:10:50.0911 0x1e00 NvContainerLocalSystem - ok
18:10:50.0927 0x1e00 [ 681E911AA54E4AC2184C8FC0CEA74EBC, 92E421EEE50E404B3EDC6864097E63BDB80F7CDF0EFEA6DC19977B4DE06F23E2 ] NvContainerNetworkService D:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
18:10:50.0942 0x1e00 NvContainerNetworkService - ok
18:10:51.0036 0x1e00 [ 5BF89AFD025AC007AD31B67A2D9AD986, 16D60B506C215A6AEC3AB0DB2BCE1DF7C9846FE11AAECFF55D17798833C9290B ] NVIDIA Wireless Controller Service D:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
18:10:51.0067 0x1e00 NVIDIA Wireless Controller Service - ok
18:10:51.0458 0x1e00 [ 6764192883EA0CD324CC4305046D3B6B, 00DEB8AB69E9679EE60A628AD228C092AB1ED45D57A40A9301C2007B0A07D893 ] nvlddmkm D:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
18:10:51.0786 0x1e00 nvlddmkm - ok
18:10:51.0817 0x1e00 [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid D:\WINDOWS\system32\drivers\nvraid.sys
18:10:51.0833 0x1e00 nvraid - ok
18:10:51.0849 0x1e00 [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor D:\WINDOWS\system32\drivers\nvstor.sys
18:10:51.0864 0x1e00 nvstor - ok
18:10:51.0896 0x1e00 [ DDA83A50B7F46195281CCADD4AF43300, ABF091AED09B57DEF3000EEAE3B47612893F58CD5560C26F64438A89930A1C83 ] NvStreamKms D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
18:10:51.0896 0x1e00 NvStreamKms - ok
18:10:51.0958 0x1e00 [ FFADB2E34CE378F059F57161AD555DBF, 442C79D96012ABD76CB8A4FE1490AEB7D8CC9068170AB85DB7F8115FA807ADB0 ] nvsvc D:\WINDOWS\system32\nvvsvc.exe
18:10:51.0989 0x1e00 nvsvc - ok
18:10:52.0005 0x1e00 [ E0277CB18E86B1A37470A0CD65B3E9CC, F4DC71B00C40FD8AC79BDC27A571D27D24AB94B468BEBFA68A0102FF9B2B6590 ] nvvad_WaveExtensible D:\WINDOWS\system32\drivers\nvvad64v.sys
18:10:52.0021 0x1e00 nvvad_WaveExtensible - ok
18:10:52.0052 0x1e00 [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc D:\WINDOWS\System32\APHostService.dll
18:10:52.0083 0x1e00 OneSyncSvc - ok
18:10:52.0208 0x1e00 [ D75A76EB38AD90E9AB34CAB1E50CE39E, 63345F673DD7CB590910C40C77D082EE47BF377F146E0C6D948E3CCD17512673 ] Origin Client Service D:\Program Files (x86)\Origin\OriginClientService.exe
18:10:52.0271 0x1e00 Origin Client Service - ok
18:10:52.0380 0x1e00 [ 8901179D73E77060AD4EED7CB8924E10, 6ED27384A70499E3DF29ED43047E1D60E78F71D1A6820C5487C4621B42B0FFD5 ] Origin Web Helper Service D:\Program Files (x86)\Origin\OriginWebHelperService.exe
18:10:52.0474 0x1e00 Origin Web Helper Service - ok
18:10:52.0536 0x1e00 [ 99BF0B1BCADF83102CBBBEA4D0D22732, D8A8160CCCB1D10EDC030C2E130910FE36B00D059E8E5BCA6DC477A28F4F962D ] ose D:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:10:52.0552 0x1e00 ose - ok
18:10:52.0583 0x1e00 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc D:\WINDOWS\system32\pnrpsvc.dll
18:10:52.0614 0x1e00 p2pimsvc - ok
18:10:52.0661 0x1e00 [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc D:\WINDOWS\system32\p2psvc.dll
18:10:52.0692 0x1e00 p2psvc - ok
18:10:52.0708 0x1e00 [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport D:\WINDOWS\System32\drivers\parport.sys
18:10:52.0724 0x1e00 Parport - ok
18:10:52.0755 0x1e00 [ 0553ECB742278C8F4CFA28B43FF20EAD, ACD7F5BC36573BCEC2C3413DEA687034ECC101EDD3C1544B264BBA29EFCE3425 ] partmgr D:\WINDOWS\system32\drivers\partmgr.sys
18:10:52.0771 0x1e00 partmgr - ok
18:10:52.0802 0x1e00 [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc D:\WINDOWS\System32\pcasvc.dll
18:10:52.0833 0x1e00 PcaSvc - ok
18:10:52.0864 0x1e00 [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci D:\WINDOWS\system32\drivers\pci.sys
18:10:52.0880 0x1e00 pci - ok
18:10:52.0927 0x1e00 [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide D:\WINDOWS\system32\drivers\pciide.sys
18:10:52.0927 0x1e00 pciide - ok
18:10:52.0942 0x1e00 [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia D:\WINDOWS\system32\drivers\pcmcia.sys
18:10:52.0958 0x1e00 pcmcia - ok
18:10:52.0974 0x1e00 [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw D:\WINDOWS\system32\drivers\pcw.sys
18:10:52.0989 0x1e00 pcw - ok
18:10:53.0021 0x1e00 [ CA979960D3A580C78EDB4BBD6BD3ABCC, 2A136BC562235D26F6421027B158D406FB1D08FE7D70A50DD3E4D344B0E27205 ] pdc D:\WINDOWS\system32\drivers\pdc.sys
18:10:53.0036 0x1e00 pdc - ok
18:10:53.0083 0x1e00 [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH D:\WINDOWS\system32\drivers\peauth.sys
18:10:53.0130 0x1e00 PEAUTH - ok
18:10:53.0192 0x1e00 [ 2B55ACB1727A8E5E7514D2D75AC4EBEB, 5E7449F3EE0B15E400E405DE561ED2D3932259107A9D9320AE42CA1A5C5AB992 ] PeerDistSvc D:\WINDOWS\system32\peerdistsvc.dll
18:10:53.0302 0x1e00 PeerDistSvc - ok
18:10:53.0317 0x1e00 [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i D:\WINDOWS\system32\drivers\percsas2i.sys
18:10:53.0333 0x1e00 percsas2i - ok
18:10:53.0333 0x1e00 [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i D:\WINDOWS\system32\drivers\percsas3i.sys
18:10:53.0349 0x1e00 percsas3i - ok
18:10:53.0411 0x1e00 [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost D:\WINDOWS\SysWow64\perfhost.exe
18:10:53.0427 0x1e00 PerfHost - ok
18:10:53.0489 0x1e00 [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc D:\WINDOWS\System32\PhoneService.dll
18:10:53.0536 0x1e00 PhoneSvc - ok
18:10:53.0552 0x1e00 [ C7A94D99CDF054248EFBD9B93D096DA6, F59F0EB5B17DC078E47D044B1126A786D67DC149AC9614CDA6AA1226EEE3EF55 ] PimIndexMaintenanceSvc D:\WINDOWS\System32\PimIndexMaintenance.dll
18:10:53.0583 0x1e00 PimIndexMaintenanceSvc - ok
18:10:53.0646 0x1e00 [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla D:\WINDOWS\system32\pla.dll
18:10:53.0724 0x1e00 pla - ok
18:10:53.0755 0x1e00 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay D:\WINDOWS\system32\umpnpmgr.dll
18:10:53.0786 0x1e00 PlugPlay - ok
18:10:53.0786 0x1e00 PnkBstrA - ok
18:10:53.0802 0x1e00 [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg D:\WINDOWS\system32\pnrpauto.dll
18:10:53.0817 0x1e00 PNRPAutoReg - ok
18:10:53.0849 0x1e00 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc D:\WINDOWS\system32\pnrpsvc.dll
18:10:53.0880 0x1e00 PNRPsvc - ok
18:10:53.0896 0x1e00 [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent D:\WINDOWS\System32\ipsecsvc.dll
|
|
03.05.2017, 17:21
| #4 |
| | RootkitverdachtCode:
ATTFilter
18:10:53.0927 0x1e00 PolicyAgent - ok
18:10:54.0083 0x1e00 [ C58AE9881CD83BB1662A7E062E11CBD6, 80969EC975C15718DC14136B7E1533FFD3E1530E1A1F6B1411ED3EE0F55016E6 ] PORTMON D:\Users\käptnBlaubär\Desktop\security\security\sysinternals\PORTMSYS.SYS
18:10:54.0099 0x1e00 PORTMON - detected UnsignedFile.Multi.Generic ( 1 )
18:10:54.0380 0x1e00 Detect skipped due to KSN trusted
18:10:54.0380 0x1e00 PORTMON - ok
18:10:54.0411 0x1e00 [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power D:\WINDOWS\system32\umpo.dll
18:10:54.0427 0x1e00 Power - ok
18:10:54.0442 0x1e00 [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport D:\WINDOWS\System32\drivers\raspptp.sys
18:10:54.0474 0x1e00 PptpMiniport - ok
18:10:54.0614 0x1e00 [ 12ECCDB0C865A8CB805BABAD5A54EF41, B6E709C692EDDC2308A6944DE1ABA13155FC52905DC572C0008BCC97B3889771 ] PrintNotify D:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:10:54.0755 0x1e00 PrintNotify - ok
18:10:54.0771 0x1e00 [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor D:\WINDOWS\System32\drivers\processr.sys
18:10:54.0786 0x1e00 Processor - ok
18:10:54.0849 0x1e00 [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc D:\WINDOWS\system32\profsvc.dll
18:10:54.0880 0x1e00 ProfSvc - ok
18:10:54.0942 0x1e00 [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched D:\WINDOWS\system32\drivers\pacer.sys
18:10:54.0958 0x1e00 Psched - ok
18:10:54.0989 0x1e00 [ D271C14EE0EEEA27359CD9E14E49F0DE, C69234841EE8E9A584CABF12CE2FA965F038BD30E78C57702B28EF4B3667BD7C ] PSKMAD D:\WINDOWS\system32\DRIVERS\PSKMAD.sys
18:10:54.0989 0x1e00 PSKMAD - ok
18:10:55.0036 0x1e00 [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE D:\WINDOWS\system32\qwave.dll
18:10:55.0067 0x1e00 QWAVE - ok
18:10:55.0083 0x1e00 [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv D:\WINDOWS\system32\drivers\qwavedrv.sys
18:10:55.0099 0x1e00 QWAVEdrv - ok
18:10:55.0099 0x1e00 [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd D:\WINDOWS\system32\DRIVERS\rasacd.sys
18:10:55.0114 0x1e00 RasAcd - ok
18:10:55.0161 0x1e00 [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn D:\WINDOWS\System32\drivers\AgileVpn.sys
18:10:55.0177 0x1e00 RasAgileVpn - ok
18:10:55.0208 0x1e00 [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto D:\WINDOWS\System32\rasauto.dll
18:10:55.0224 0x1e00 RasAuto - ok
18:10:55.0239 0x1e00 [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp D:\WINDOWS\System32\drivers\rasl2tp.sys
18:10:55.0271 0x1e00 Rasl2tp - ok
18:10:55.0317 0x1e00 [ 989DBF4805124A31610947E502501696, BCB73879AEC0588D0BFAB915D1F6EB637333A24D2030ED6572B3A3C03865AE93 ] RasMan D:\WINDOWS\System32\rasmans.dll
18:10:55.0349 0x1e00 RasMan - ok
18:10:55.0364 0x1e00 [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe D:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:10:55.0380 0x1e00 RasPppoe - ok
18:10:55.0396 0x1e00 [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp D:\WINDOWS\System32\drivers\rassstp.sys
18:10:55.0427 0x1e00 RasSstp - ok
18:10:55.0458 0x1e00 [ 6132B142C5A1FA4C05F06FE43DE5E55E, CCF64C9A778501635B8B5E20BB617D39D0298329FD6911DC125FC8B31FEFEDE1 ] rdbss D:\WINDOWS\system32\DRIVERS\rdbss.sys
18:10:55.0489 0x1e00 rdbss - ok
18:10:55.0505 0x1e00 [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus D:\WINDOWS\System32\drivers\rdpbus.sys
18:10:55.0521 0x1e00 rdpbus - ok
18:10:55.0536 0x1e00 [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR D:\WINDOWS\system32\drivers\rdpdr.sys
18:10:55.0567 0x1e00 RDPDR - ok
18:10:55.0614 0x1e00 [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport D:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:10:55.0630 0x1e00 RdpVideoMiniport - ok
18:10:55.0646 0x1e00 [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost D:\WINDOWS\system32\drivers\rdyboost.sys
18:10:55.0677 0x1e00 rdyboost - ok
18:10:55.0724 0x1e00 [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1 D:\WINDOWS\system32\drivers\ReFSv1.sys
18:10:55.0755 0x1e00 ReFSv1 - ok
18:10:55.0786 0x1e00 [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess D:\WINDOWS\System32\mprdim.dll
18:10:55.0817 0x1e00 RemoteAccess - ok
18:10:55.0849 0x1e00 [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry D:\WINDOWS\system32\regsvc.dll
18:10:55.0880 0x1e00 RemoteRegistry - ok
18:10:55.0927 0x1e00 [ 62EC862859B3C6F2B7815466DF24207A, 90A108CB4E58102498F8554D2789C1F3AE505350F640F083373DD07736076554 ] RetailDemo D:\WINDOWS\system32\RDXService.dll
18:10:55.0974 0x1e00 RetailDemo - ok
18:10:55.0989 0x1e00 [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt D:\WINDOWS\system32\DRIVERS\revoflt.sys
18:10:56.0005 0x1e00 Revoflt - ok
18:10:56.0005 0x1e00 rkhdrv40 - ok
18:10:56.0036 0x1e00 [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc D:\WINDOWS\System32\RMapi.dll
18:10:56.0052 0x1e00 RmSvc - ok
18:10:56.0067 0x1e00 [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper D:\WINDOWS\System32\RpcEpMap.dll
18:10:56.0083 0x1e00 RpcEptMapper - ok
18:10:56.0114 0x1e00 [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator D:\WINDOWS\system32\locator.exe
18:10:56.0130 0x1e00 RpcLocator - ok
18:10:56.0177 0x1e00 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs D:\WINDOWS\system32\rpcss.dll
18:10:56.0239 0x1e00 RpcSs - ok
18:10:56.0255 0x1e00 [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr D:\WINDOWS\system32\drivers\rspndr.sys
18:10:56.0271 0x1e00 rspndr - ok
18:10:56.0302 0x1e00 [ 6A73FE7D70FA8CE059BFBC91B7A67A59, E80F4752AFE0709D06D8DD2755AC84F97195B76E34A0AA189945BD85BC1CF99F ] rspSanity D:\WINDOWS\system32\DRIVERS\rspSanity64.sys
18:10:56.0302 0x1e00 rspSanity - ok
18:10:56.0333 0x1e00 [ F9265C902BB9146C6BFF97BDF35C04DE, DC70B404A701CE5F60421F664F745CA84722ED86FAFC87F2A8A71BFD25CD6151 ] rt640x64 D:\WINDOWS\System32\drivers\rt640x64.sys
18:10:56.0380 0x1e00 rt640x64 - ok
18:10:56.0442 0x1e00 [ 45F606823EAA469582318C722C76A29D, 1016FBE111638AE369F7C5FF6CA33178FD6CB06D361F3B488DE6C4D85A22253A ] RUBotSrv D:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
18:10:56.0458 0x1e00 RUBotSrv - ok
18:10:56.0489 0x1e00 [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap D:\WINDOWS\System32\drivers\vms3cap.sys
18:10:56.0505 0x1e00 s3cap - ok
18:10:56.0536 0x1e00 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs D:\WINDOWS\system32\lsass.exe
18:10:56.0552 0x1e00 SamSs - ok
18:10:56.0583 0x1e00 [ C259A8B9BCD38988BD71F8F9C9927CDB, 7913F441D423974AEE4AC0CC13A98008E58EAEB07660B5401FAA0FC250C6A593 ] Samsung UPD Service D:\WINDOWS\System32\SUPDSvc.exe
18:10:56.0614 0x1e00 Samsung UPD Service - ok
18:10:56.0708 0x1e00 [ 5EFBBFCC6ADAC121C8E2FE76641ED329, 0EAB16C7F54B61620277977F8C332737081A46BC6BBDE50742B6904BDD54F502 ] SANDRA D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\Sandra.sys
18:10:56.0708 0x1e00 SANDRA - ok
18:10:56.0724 0x1e00 [ 062DF2975C23079DF834411A5CB761B0, 8CA11CDA54A7464AFA9294E6303DC62D0664BC7BDD0B4755AEC28FD80B86BB41 ] SandraAgentSrv D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe
18:10:56.0739 0x1e00 SandraAgentSrv - detected UnsignedFile.Multi.Generic ( 1 )
18:10:57.0005 0x1e00 Detect skipped due to KSN trusted
18:10:57.0005 0x1e00 SandraAgentSrv - ok
18:10:57.0052 0x1e00 [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port D:\WINDOWS\system32\drivers\sbp2port.sys
18:10:57.0067 0x1e00 sbp2port - ok
18:10:57.0099 0x1e00 [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr D:\WINDOWS\System32\SCardSvr.dll
18:10:57.0130 0x1e00 SCardSvr - ok
18:10:57.0161 0x1e00 [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum D:\WINDOWS\System32\ScDeviceEnum.dll
18:10:57.0177 0x1e00 ScDeviceEnum - ok
18:10:57.0208 0x1e00 [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter D:\WINDOWS\system32\DRIVERS\scfilter.sys
18:10:57.0224 0x1e00 scfilter - ok
18:10:57.0255 0x1e00 [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule D:\WINDOWS\system32\schedsvc.dll
18:10:57.0317 0x1e00 Schedule - ok
18:10:57.0333 0x1e00 [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus D:\WINDOWS\system32\drivers\scmbus.sys
18:10:57.0349 0x1e00 scmbus - ok
18:10:57.0364 0x1e00 [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101 D:\WINDOWS\System32\drivers\scmdisk0101.sys
18:10:57.0380 0x1e00 scmdisk0101 - ok
18:10:57.0411 0x1e00 [ E189727B3C9909A85B33A16B290E192E, 2C273A9F44EDC5E5435904E9681973854B2F3EBB6100021BB139FF0CCCE9BF20 ] SCPolicySvc D:\WINDOWS\System32\certprop.dll
18:10:57.0442 0x1e00 SCPolicySvc - ok
18:10:57.0474 0x1e00 [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus D:\WINDOWS\System32\drivers\sdbus.sys
18:10:57.0489 0x1e00 sdbus - ok
18:10:57.0505 0x1e00 [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC D:\WINDOWS\System32\SDRSVC.dll
18:10:57.0521 0x1e00 SDRSVC - ok
18:10:57.0567 0x1e00 [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor D:\WINDOWS\System32\drivers\sdstor.sys
18:10:57.0567 0x1e00 sdstor - ok
18:10:57.0583 0x1e00 [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon D:\WINDOWS\system32\seclogon.dll
18:10:57.0599 0x1e00 seclogon - ok
18:10:57.0630 0x1e00 [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS D:\WINDOWS\System32\sens.dll
18:10:57.0646 0x1e00 SENS - ok
18:10:57.0661 0x1e00 Sense - ok
18:10:57.0708 0x1e00 [ CF2AEB951CFC56D4F6CF2D66218B673C, CEA0B0E0251EA198893830080EE4CB8A9F18ADBF1F6FEFFC9C7E8AB4588D0639 ] SensorDataService D:\WINDOWS\System32\SensorDataService.exe
18:10:57.0786 0x1e00 SensorDataService - ok
18:10:57.0817 0x1e00 [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService D:\WINDOWS\system32\SensorService.dll
18:10:57.0849 0x1e00 SensorService - ok
18:10:57.0864 0x1e00 [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc D:\WINDOWS\system32\sensrsvc.dll
18:10:57.0896 0x1e00 SensrSvc - ok
18:10:57.0911 0x1e00 [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx D:\WINDOWS\system32\drivers\SerCx.sys
18:10:57.0927 0x1e00 SerCx - ok
18:10:57.0942 0x1e00 [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2 D:\WINDOWS\system32\drivers\SerCx2.sys
18:10:57.0958 0x1e00 SerCx2 - ok
18:10:57.0974 0x1e00 [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum D:\WINDOWS\System32\drivers\serenum.sys
18:10:57.0974 0x1e00 Serenum - ok
18:10:57.0989 0x1e00 [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial D:\WINDOWS\System32\drivers\serial.sys
18:10:58.0005 0x1e00 Serial - ok
18:10:58.0021 0x1e00 [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse D:\WINDOWS\System32\drivers\sermouse.sys
18:10:58.0036 0x1e00 sermouse - ok
18:10:58.0083 0x1e00 [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv D:\WINDOWS\system32\sessenv.dll
18:10:58.0114 0x1e00 SessionEnv - ok
18:10:58.0130 0x1e00 [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy D:\WINDOWS\System32\drivers\sfloppy.sys
18:10:58.0146 0x1e00 sfloppy - ok
18:10:58.0208 0x1e00 [ E38BE81F0F6D9C74E420A82BC6A02AFE, 25D7594FD1BE0B303F9777ACBA702ACD0C27B00D21F82659989C40636851A330 ] SharedAccess D:\WINDOWS\System32\ipnathlp.dll
18:10:58.0239 0x1e00 SharedAccess - ok
18:10:58.0271 0x1e00 [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection D:\WINDOWS\System32\shsvcs.dll
18:10:58.0317 0x1e00 ShellHWDetection - ok
18:10:58.0333 0x1e00 [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc D:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
18:10:58.0364 0x1e00 shpamsvc - ok
18:10:58.0380 0x1e00 [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2 D:\WINDOWS\system32\drivers\SiSRaid2.sys
18:10:58.0396 0x1e00 SiSRaid2 - ok
18:10:58.0411 0x1e00 [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4 D:\WINDOWS\system32\drivers\sisraid4.sys
18:10:58.0427 0x1e00 SiSRaid4 - ok
18:10:58.0442 0x1e00 [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost D:\WINDOWS\System32\smphost.dll
18:10:58.0458 0x1e00 smphost - ok
18:10:58.0489 0x1e00 [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter D:\WINDOWS\system32\SmsRouterSvc.dll
18:10:58.0536 0x1e00 SmsRouter - ok
18:10:58.0583 0x1e00 [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP D:\WINDOWS\System32\snmptrap.exe
18:10:58.0599 0x1e00 SNMPTRAP - ok
18:10:58.0630 0x1e00 [ 8BDB9E47D84144110F05AB757E630374, 8A49004895B8AD17C877AA8E7B6A0F14936BDDCBB88F0E5FB880DD0D816AEAB4 ] spaceport D:\WINDOWS\system32\drivers\spaceport.sys
18:10:58.0661 0x1e00 spaceport - ok
18:10:58.0677 0x1e00 [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx D:\WINDOWS\system32\drivers\SpbCx.sys
18:10:58.0692 0x1e00 SpbCx - ok
18:10:58.0739 0x1e00 [ 1DFE222F8D6A422B7ADC909E0C8840DA, 96761691CF4447710D65573044A1005F2F0F89443DF581A30B97D7944940BB70 ] Spooler D:\WINDOWS\System32\spoolsv.exe
18:10:58.0786 0x1e00 Spooler - ok
18:10:58.0974 0x1e00 [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc D:\WINDOWS\system32\sppsvc.exe
18:10:59.0161 0x1e00 sppsvc - ok
18:10:59.0271 0x1e00 [ E8276BE984738AA44070CFDE6EFC9300, F0B09D3E08BDB1B8AEBA97A700271E97AB2506793B42D96415B23DB68DA99FA8 ] SQLWriter D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:10:59.0271 0x1e00 SQLWriter - ok
18:10:59.0302 0x1e00 [ FD3C05C412BE1C9FA477AD9CF9B2AADB, 19BEF5B3A0DAF8227200C2294547A497021F0B2558211345BFFFD13678522592 ] srv D:\WINDOWS\system32\DRIVERS\srv.sys
18:10:59.0333 0x1e00 srv - ok
18:10:59.0364 0x1e00 [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2 D:\WINDOWS\system32\DRIVERS\srv2.sys
18:10:59.0411 0x1e00 srv2 - ok
18:10:59.0442 0x1e00 [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet D:\WINDOWS\system32\DRIVERS\srvnet.sys
18:10:59.0458 0x1e00 srvnet - ok
18:10:59.0489 0x1e00 [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV D:\WINDOWS\System32\ssdpsrv.dll
18:10:59.0521 0x1e00 SSDPSRV - ok
18:10:59.0536 0x1e00 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT D:\Windows\system32\Drivers\SSPORT.sys
18:10:59.0552 0x1e00 SSPORT - ok
18:10:59.0583 0x1e00 [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc D:\WINDOWS\system32\sstpsvc.dll
18:10:59.0599 0x1e00 SstpSvc - ok
18:10:59.0771 0x1e00 [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository D:\WINDOWS\system32\windows.staterepository.dll
18:10:59.0958 0x1e00 StateRepository - ok
18:11:00.0036 0x1e00 [ 843F16D234D03756B9EB6054B5C62FAA, 529E1F8C6EB4AA881C9FDE9DA6CAFA34F5770E87059E867B8F88B40FE879743D ] Stereo Service D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:11:00.0052 0x1e00 Stereo Service - ok
18:11:00.0067 0x1e00 [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor D:\WINDOWS\system32\drivers\stexstor.sys
18:11:00.0083 0x1e00 stexstor - ok
18:11:00.0114 0x1e00 [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc D:\WINDOWS\System32\wiaservc.dll
18:11:00.0161 0x1e00 stisvc - ok
18:11:00.0192 0x1e00 [ 6BC6023E866489D22CE30E18846B80D9, FD0D13332F3E267524A9FA7FEC128298D4905722807C172AE8E3DFE445C28DB1 ] storahci D:\WINDOWS\system32\drivers\storahci.sys
18:11:00.0208 0x1e00 storahci - ok
18:11:00.0239 0x1e00 [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt D:\WINDOWS\system32\drivers\vmstorfl.sys
18:11:00.0255 0x1e00 storflt - ok
18:11:00.0286 0x1e00 [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme D:\WINDOWS\system32\drivers\stornvme.sys
18:11:00.0286 0x1e00 stornvme - ok
18:11:00.0317 0x1e00 [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt D:\WINDOWS\system32\drivers\storqosflt.sys
18:11:00.0333 0x1e00 storqosflt - ok
18:11:00.0364 0x1e00 [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc D:\WINDOWS\system32\storsvc.dll
18:11:00.0396 0x1e00 StorSvc - ok
18:11:00.0396 0x1e00 [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs D:\WINDOWS\system32\drivers\storufs.sys
18:11:00.0411 0x1e00 storufs - ok
18:11:00.0427 0x1e00 [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc D:\WINDOWS\system32\drivers\storvsc.sys
18:11:00.0442 0x1e00 storvsc - ok
18:11:00.0442 0x1e00 [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc D:\WINDOWS\system32\svsvc.dll
18:11:00.0474 0x1e00 svsvc - ok
18:11:00.0474 0x1e00 [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum D:\WINDOWS\System32\drivers\swenum.sys
18:11:00.0489 0x1e00 swenum - ok
18:11:00.0521 0x1e00 [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv D:\WINDOWS\System32\swprv.dll
18:11:00.0552 0x1e00 swprv - ok
18:11:00.0583 0x1e00 [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc D:\WINDOWS\System32\drivers\Synth3dVsc.sys
18:11:00.0599 0x1e00 Synth3dVsc - ok
18:11:00.0646 0x1e00 [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain D:\WINDOWS\system32\sysmain.dll
18:11:00.0708 0x1e00 SysMain - ok
18:11:00.0739 0x1e00 [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker D:\WINDOWS\System32\SystemEventsBrokerServer.dll
18:11:00.0786 0x1e00 SystemEventsBroker - ok
18:11:00.0817 0x1e00 [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService D:\WINDOWS\System32\TabSvc.dll
18:11:00.0833 0x1e00 TabletInputService - ok
18:11:00.0864 0x1e00 [ D765F43CBEA72D14C04AF3D2B9C8E54B, 89C5CA1440DF186497CE158EB71C0C6BF570A75B6BC1880EAC7C87A0250201C0 ] tap0901 D:\WINDOWS\System32\drivers\tap0901.sys
18:11:00.0864 0x1e00 tap0901 - ok
18:11:00.0896 0x1e00 [ BCF5E78E87D258088346E399E406E501, FD75AC5A7085E08AB00A2D0CE01970873598E381B6542DC5EBAC240D727AF6D7 ] taphss6 D:\WINDOWS\System32\drivers\taphss6.sys
18:11:00.0911 0x1e00 taphss6 - ok
18:11:00.0927 0x1e00 [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv D:\WINDOWS\System32\tapisrv.dll
18:11:00.0958 0x1e00 TapiSrv - ok
18:11:00.0974 0x1e00 [ 185C2170CFD84F9D708276FBB5ABD77D, FCA00B5CC62F2C160326DBA2F6BF31746324BBE7D5E96291C345DCF2583CE324 ] tapSF0901 D:\WINDOWS\system32\DRIVERS\tapSF0901.sys
18:11:00.0989 0x1e00 tapSF0901 - ok
18:11:01.0083 0x1e00 [ F3CFBE74DAF9ABD06F0B2A037DC4C90A, 17644CD7F70CCFFC9C0881AB4017F30D030DE4884B6029C48859C9CF9CA2F14E ] Tcpip D:\WINDOWS\system32\drivers\tcpip.sys
18:11:01.0161 0x1e00 Tcpip - ok
18:11:01.0239 0x1e00 [ F3CFBE74DAF9ABD06F0B2A037DC4C90A, 17644CD7F70CCFFC9C0881AB4017F30D030DE4884B6029C48859C9CF9CA2F14E ] Tcpip6 D:\WINDOWS\system32\drivers\tcpip.sys
18:11:01.0317 0x1e00 Tcpip6 - ok
18:11:01.0364 0x1e00 [ EC9450227A4C661513661F1F9C1F7DD6, 4DB122DECEA7C76BD20A6682958609A40CA2C9EDD236DFA19E9B31C57114DA3A ] tcpipreg D:\WINDOWS\system32\drivers\tcpipreg.sys
18:11:01.0380 0x1e00 tcpipreg - ok
18:11:01.0396 0x1e00 [ 0B237F8A96952BF95A14865030E131F2, 263089672218D3A768A6FC9D28DBEFE113D6757A9ECBAB4D364A62AC5DDA8AAE ] tdx D:\WINDOWS\system32\DRIVERS\tdx.sys
18:11:01.0411 0x1e00 tdx - ok
18:11:01.0427 0x1e00 [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt D:\WINDOWS\System32\drivers\terminpt.sys
18:11:01.0442 0x1e00 terminpt - ok
18:11:01.0489 0x1e00 [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService D:\WINDOWS\System32\termsrv.dll
18:11:01.0552 0x1e00 TermService - ok
18:11:01.0567 0x1e00 [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes D:\WINDOWS\system32\themeservice.dll
18:11:01.0599 0x1e00 Themes - ok
18:11:01.0630 0x1e00 [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService D:\WINDOWS\system32\TieringEngineService.exe
18:11:01.0661 0x1e00 TieringEngineService - ok
18:11:01.0708 0x1e00 [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc D:\WINDOWS\system32\tileobjserver.dll
18:11:01.0739 0x1e00 tiledatamodelsvc - ok
18:11:01.0755 0x1e00 [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc D:\WINDOWS\System32\TimeBrokerServer.dll
18:11:01.0786 0x1e00 TimeBrokerSvc - ok
18:11:01.0817 0x1e00 [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM D:\WINDOWS\System32\drivers\tpm.sys
18:11:01.0833 0x1e00 TPM - ok
18:11:01.0849 0x1e00 [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks D:\WINDOWS\System32\trkwks.dll
18:11:01.0864 0x1e00 TrkWks - ok
18:11:01.0911 0x1e00 [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller D:\WINDOWS\servicing\TrustedInstaller.exe
18:11:01.0927 0x1e00 TrustedInstaller - ok
18:11:01.0942 0x1e00 [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt D:\WINDOWS\system32\drivers\TsUsbFlt.sys
18:11:01.0958 0x1e00 tsusbflt - ok
18:11:01.0974 0x1e00 [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD D:\WINDOWS\System32\drivers\TsUsbGD.sys
18:11:01.0989 0x1e00 TsUsbGD - ok
18:11:01.0989 0x1e00 [ 5A91FDBA4D3FCB56DAEB8C091B3EB8E1, 8AB91F4423125267FA8509A1C3A9AD1CBD642FA6A96D8789F9AB8CB75ABAD58C ] tsusbhub D:\WINDOWS\system32\drivers\tsusbhub.sys
18:11:02.0021 0x1e00 tsusbhub - ok
18:11:02.0052 0x1e00 [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel D:\WINDOWS\System32\drivers\tunnel.sys
18:11:02.0067 0x1e00 tunnel - ok
18:11:02.0099 0x1e00 [ 13781908186770ABE9F8EBCC2B45B138, 4BEC8466254E0C6492CC55CE344A6173878CFA040238C6BE5842E5209F066DEE ] tzautoupdate D:\WINDOWS\system32\tzautoupdate.dll
18:11:02.0130 0x1e00 tzautoupdate - ok
18:11:02.0161 0x1e00 [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor D:\WINDOWS\System32\drivers\uaspstor.sys
18:11:02.0161 0x1e00 UASPStor - ok
18:11:02.0177 0x1e00 [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101 D:\WINDOWS\system32\Drivers\UcmCx.sys
18:11:02.0192 0x1e00 UcmCx0101 - ok
18:11:02.0208 0x1e00 [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101 D:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
18:11:02.0224 0x1e00 UcmTcpciCx0101 - ok
18:11:02.0239 0x1e00 [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi D:\WINDOWS\System32\drivers\UcmUcsi.sys
18:11:02.0255 0x1e00 UcmUcsi - ok
18:11:02.0255 0x1e00 [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000 D:\WINDOWS\system32\drivers\ucx01000.sys
18:11:02.0286 0x1e00 Ucx01000 - ok
18:11:02.0286 0x1e00 [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx D:\WINDOWS\system32\drivers\udecx.sys
18:11:02.0302 0x1e00 UdeCx - ok
18:11:02.0333 0x1e00 [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs D:\WINDOWS\system32\DRIVERS\udfs.sys
18:11:02.0364 0x1e00 udfs - ok
18:11:02.0380 0x1e00 [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI D:\WINDOWS\System32\drivers\UEFI.sys
18:11:02.0396 0x1e00 UEFI - ok
18:11:02.0411 0x1e00 [ 166B17AE1DD24D8BA8CA474C7C31148F, D34E786277093278F58EFAC957279DC4ED43A190538C875B80F5B1E0A0C30381 ] UevAgentDriver D:\WINDOWS\system32\drivers\UevAgentDriver.sys
18:11:02.0411 0x1e00 UevAgentDriver - ok
18:11:02.0474 0x1e00 [ FCA4D901FB9934DAB82ED31C4EE89A11, 8EDF8DD71C13DE77AC83D1086670E9E90C69DE379F1CF768C8B9C789254C04AA ] UevAgentService D:\WINDOWS\system32\AgentService.exe
18:11:02.0536 0x1e00 UevAgentService - ok
18:11:02.0567 0x1e00 [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000 D:\WINDOWS\system32\drivers\ufx01000.sys
18:11:02.0583 0x1e00 Ufx01000 - ok
18:11:02.0614 0x1e00 [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea D:\WINDOWS\System32\drivers\UfxChipidea.sys
18:11:02.0630 0x1e00 UfxChipidea - ok
18:11:02.0646 0x1e00 [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys D:\WINDOWS\System32\drivers\ufxsynopsys.sys
18:11:02.0661 0x1e00 ufxsynopsys - ok
18:11:02.0692 0x1e00 [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect D:\WINDOWS\system32\UI0Detect.exe
18:11:02.0708 0x1e00 UI0Detect - ok
18:11:02.0724 0x1e00 [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus D:\WINDOWS\System32\drivers\umbus.sys
18:11:02.0739 0x1e00 umbus - ok
18:11:02.0755 0x1e00 [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass D:\WINDOWS\System32\drivers\umpass.sys
18:11:02.0771 0x1e00 UmPass - ok
18:11:02.0802 0x1e00 [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService D:\WINDOWS\System32\umrdp.dll
18:11:02.0833 0x1e00 UmRdpService - ok
18:11:02.0880 0x1e00 [ 4B956444AF2A352366CF59C3A4A87C64, B5FFAF5908DCF78DDA27EA1ABF2AFDD2BDD43FFC0259D847A7107B1597E22BD6 ] UnistoreSvc D:\WINDOWS\System32\unistore.dll
18:11:02.0942 0x1e00 UnistoreSvc - ok
18:11:02.0974 0x1e00 [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost D:\WINDOWS\System32\upnphost.dll
18:11:03.0021 0x1e00 upnphost - ok
18:11:03.0052 0x1e00 [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea D:\WINDOWS\System32\drivers\urschipidea.sys
18:11:03.0052 0x1e00 UrsChipidea - ok
18:11:03.0067 0x1e00 [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000 D:\WINDOWS\system32\drivers\urscx01000.sys
18:11:03.0083 0x1e00 UrsCx01000 - ok
18:11:03.0099 0x1e00 [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys D:\WINDOWS\System32\drivers\urssynopsys.sys
18:11:03.0114 0x1e00 UrsSynopsys - ok
18:11:03.0130 0x1e00 [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp D:\WINDOWS\System32\drivers\usbccgp.sys
18:11:03.0146 0x1e00 usbccgp - ok
18:11:03.0146 0x1e00 [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir D:\WINDOWS\System32\drivers\usbcir.sys
18:11:03.0161 0x1e00 usbcir - ok
18:11:03.0177 0x1e00 [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci D:\WINDOWS\System32\drivers\usbehci.sys
18:11:03.0192 0x1e00 usbehci - ok
18:11:03.0224 0x1e00 [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub D:\WINDOWS\System32\drivers\usbhub.sys
18:11:03.0255 0x1e00 usbhub - ok
18:11:03.0286 0x1e00 [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3 D:\WINDOWS\System32\drivers\UsbHub3.sys
18:11:03.0317 0x1e00 USBHUB3 - ok
18:11:03.0333 0x1e00 [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci D:\WINDOWS\System32\drivers\usbohci.sys
18:11:03.0349 0x1e00 usbohci - ok
18:11:03.0349 0x1e00 [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint D:\WINDOWS\System32\drivers\usbprint.sys
18:11:03.0364 0x1e00 usbprint - ok
18:11:03.0380 0x1e00 [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser D:\WINDOWS\System32\drivers\usbser.sys
18:11:03.0396 0x1e00 usbser - ok
18:11:03.0411 0x1e00 [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR D:\WINDOWS\System32\drivers\USBSTOR.SYS
18:11:03.0427 0x1e00 USBSTOR - ok
18:11:03.0442 0x1e00 [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci D:\WINDOWS\System32\drivers\usbuhci.sys
18:11:03.0458 0x1e00 usbuhci - ok
18:11:03.0489 0x1e00 [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI D:\WINDOWS\System32\drivers\USBXHCI.SYS
18:11:03.0505 0x1e00 USBXHCI - ok
18:11:03.0536 0x1e00 [ 836828E40B9EEFBC77B3032DB677555C, 8AC045B43086E800B03412895D4DBCF506D1B729791CF24EB2ECA3F0F1C9BDEB ] usb_rndisx D:\WINDOWS\System32\drivers\usb8023x.sys
18:11:03.0536 0x1e00 usb_rndisx - ok
18:11:03.0614 0x1e00 [ A39AFDD26E6F2E5595FF2D3997D7E1FE, 30DE54033DE437C16A069602529E63FF971AF0ABB383885E47B4DF5E0F8483AE ] UserDataSvc D:\WINDOWS\System32\userdataservice.dll
18:11:03.0692 0x1e00 UserDataSvc - ok
18:11:03.0739 0x1e00 [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager D:\WINDOWS\System32\usermgr.dll
18:11:03.0802 0x1e00 UserManager - ok
18:11:03.0849 0x1e00 [ B0116A4304D08362EE75948BA38B76EA, 1175CA5F9281BA15ED35AFE94F13AE9080595CB16CF5B4B8C843CD22703F26D1 ] UsoSvc D:\WINDOWS\system32\usocore.dll
18:11:03.0896 0x1e00 UsoSvc - ok
18:11:03.0911 0x1e00 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc D:\WINDOWS\system32\lsass.exe
18:11:03.0927 0x1e00 VaultSvc - ok
18:11:03.0942 0x1e00 [ 95717FCA60876284568B5CD476A59C41, 9A360985F072448A89890ACC5DD2155DDA0FD1EC2FFAC4697F0CFE60548CC980 ] VBoxNetAdp D:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
18:11:03.0958 0x1e00 VBoxNetAdp - ok
18:11:03.0989 0x1e00 [ F257A2737280F0076EAE3AB489C06474, A02E37292D86E675D55C13097E9F107C73DDFD8AAC69310F7D9910A811A541D8 ] VClone D:\WINDOWS\System32\drivers\VClone.sys
18:11:04.0005 0x1e00 VClone - ok
18:11:04.0021 0x1e00 [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot D:\WINDOWS\system32\drivers\vdrvroot.sys
18:11:04.0036 0x1e00 vdrvroot - ok
18:11:04.0067 0x1e00 [ 2C5D96D0BB7EDEF9F2F8966A31007CCE, A8FB02E9E1B8ED5F2026534360C229DA7FC11BA209DE9C3222C65D0A9652FD3C ] vds D:\WINDOWS\System32\vds.exe
18:11:04.0114 0x1e00 vds - ok
18:11:04.0130 0x1e00 [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt D:\WINDOWS\system32\drivers\VerifierExt.sys
18:11:04.0161 0x1e00 VerifierExt - ok
18:11:04.0208 0x1e00 [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp D:\WINDOWS\System32\drivers\vhdmp.sys
18:11:04.0239 0x1e00 vhdmp - ok
18:11:04.0255 0x1e00 [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf D:\WINDOWS\System32\drivers\vhf.sys
18:11:04.0271 0x1e00 vhf - ok
18:11:04.0286 0x1e00 [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus D:\WINDOWS\system32\drivers\vmbus.sys
18:11:04.0302 0x1e00 vmbus - ok
18:11:04.0317 0x1e00 [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID D:\WINDOWS\System32\drivers\VMBusHID.sys
18:11:04.0333 0x1e00 VMBusHID - ok
18:11:04.0349 0x1e00 [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid D:\WINDOWS\System32\drivers\vmgid.sys
18:11:04.0349 0x1e00 vmgid - ok
18:11:04.0396 0x1e00 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface D:\WINDOWS\System32\icsvc.dll
18:11:04.0427 0x1e00 vmicguestinterface - ok
18:11:04.0442 0x1e00 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat D:\WINDOWS\System32\icsvc.dll
18:11:04.0458 0x1e00 vmicheartbeat - ok
18:11:04.0474 0x1e00 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange D:\WINDOWS\System32\icsvc.dll
18:11:04.0505 0x1e00 vmickvpexchange - ok
18:11:04.0521 0x1e00 [ F70DCCE72343449F0D12A0A92282B019, 3EFA99519387BE38C1CB482F1BFC9ED449BE9A5BD86883A1002725B8D4A5ECC1 ] vmicrdv D:\WINDOWS\System32\icsvcext.dll
18:11:04.0552 0x1e00 vmicrdv - ok
18:11:04.0567 0x1e00 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown D:\WINDOWS\System32\icsvc.dll
18:11:04.0599 0x1e00 vmicshutdown - ok
18:11:04.0599 0x1e00 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync D:\WINDOWS\System32\icsvc.dll
18:11:04.0630 0x1e00 vmictimesync - ok
18:11:04.0646 0x1e00 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession D:\WINDOWS\System32\icsvc.dll
18:11:04.0677 0x1e00 vmicvmsession - ok
18:11:04.0692 0x1e00 [ F70DCCE72343449F0D12A0A92282B019, 3EFA99519387BE38C1CB482F1BFC9ED449BE9A5BD86883A1002725B8D4A5ECC1 ] vmicvss D:\WINDOWS\System32\icsvcext.dll
18:11:04.0724 0x1e00 vmicvss - ok
18:11:04.0739 0x1e00 [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr D:\WINDOWS\system32\drivers\volmgr.sys
18:11:04.0755 0x1e00 volmgr - ok
18:11:04.0771 0x1e00 [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx D:\WINDOWS\system32\drivers\volmgrx.sys
18:11:04.0802 0x1e00 volmgrx - ok
18:11:04.0817 0x1e00 [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap D:\WINDOWS\system32\drivers\volsnap.sys
18:11:04.0849 0x1e00 volsnap - ok
18:11:04.0864 0x1e00 [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume D:\WINDOWS\system32\drivers\volume.sys
18:11:04.0880 0x1e00 volume - ok
18:11:04.0911 0x1e00 [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci D:\WINDOWS\System32\drivers\vpci.sys
18:11:04.0927 0x1e00 vpci - ok
18:11:04.0942 0x1e00 [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid D:\WINDOWS\system32\drivers\vsmraid.sys
18:11:04.0958 0x1e00 vsmraid - ok
18:11:05.0036 0x1e00 [ 6DBB20053A67EFE5D8114CE93D12BEB3, B48997FADA4A600FEBFE36B249684E9CAF01570BAD36ED1FC9DA99F2D100638E ] VSS D:\WINDOWS\system32\vssvc.exe
18:11:05.0114 0x1e00 VSS - ok
18:11:05.0192 0x1e00 [ BE6C456AE7620B86A7273CBD11A3D450, DEBBB12CB9771722D8258FDF9ECC4ED035BD7090371A975928D11F6B9EDC0C59 ] VSStandardCollectorService140 D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe
18:11:05.0192 0x1e00 VSStandardCollectorService140 - ok
18:11:05.0224 0x1e00 [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID D:\WINDOWS\system32\drivers\vstxraid.sys
18:11:05.0239 0x1e00 VSTXRAID - ok
18:11:05.0271 0x1e00 [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus D:\WINDOWS\System32\drivers\vwifibus.sys
18:11:05.0286 0x1e00 vwifibus - ok
18:11:05.0302 0x1e00 [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt D:\WINDOWS\system32\drivers\vwififlt.sys
18:11:05.0317 0x1e00 vwififlt - ok
18:11:05.0317 0x1e00 [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp D:\WINDOWS\System32\drivers\vwifimp.sys
18:11:05.0333 0x1e00 vwifimp - ok
18:11:05.0364 0x1e00 [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time D:\WINDOWS\system32\w32time.dll
18:11:05.0411 0x1e00 W32Time - ok
18:11:05.0474 0x1e00 [ 4053FB949F48647A327BC18DFEEA4374, 52511C35854A673ADCD9084FEF9BC6A339BCA0290374B81140A371D67B13A8FB ] w3logsvc D:\WINDOWS\system32\inetsrv\w3logsvc.dll
18:11:05.0489 0x1e00 w3logsvc - ok
18:11:05.0505 0x1e00 [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen D:\WINDOWS\System32\drivers\wacompen.sys
18:11:05.0521 0x1e00 WacomPen - ok
18:11:05.0552 0x1e00 [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService D:\WINDOWS\system32\WalletService.dll
18:11:05.0583 0x1e00 WalletService - ok
18:11:05.0599 0x1e00 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp D:\WINDOWS\system32\DRIVERS\wanarp.sys
18:11:05.0630 0x1e00 wanarp - ok
18:11:05.0630 0x1e00 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6 D:\WINDOWS\system32\DRIVERS\wanarp.sys
18:11:05.0661 0x1e00 wanarpv6 - ok
18:11:05.0708 0x1e00 [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] WAS D:\WINDOWS\system32\inetsrv\iisw3adm.dll
18:11:05.0739 0x1e00 WAS - ok
18:11:05.0802 0x1e00 [ 68CC5E83B6F220F5BD7B5BC394917505, 24A793E1293608D1D1DB9396627DBF5FE66C9EFD1D49CCCD832CF1762B4E0E7D ] wbengine D:\WINDOWS\system32\wbengine.exe
18:11:05.0880 0x1e00 wbengine - ok
18:11:05.0927 0x1e00 [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc D:\WINDOWS\System32\wbiosrvc.dll
18:11:05.0989 0x1e00 WbioSrvc - ok
18:11:06.0005 0x1e00 [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs D:\WINDOWS\system32\drivers\wcifs.sys
18:11:06.0021 0x1e00 wcifs - ok
18:11:06.0067 0x1e00 [ CA10C91D802ABE6E5136E2168C2CD2B4, 5979FF9ED783ED3154257ED0507C7BBAF8C77C081CC30AE835EA8AF7508AAD08 ] Wcmsvc D:\WINDOWS\System32\wcmsvc.dll
18:11:06.0114 0x1e00 Wcmsvc - ok
18:11:06.0146 0x1e00 [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc D:\WINDOWS\System32\wcncsvc.dll
18:11:06.0177 0x1e00 wcncsvc - ok
18:11:06.0192 0x1e00 [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs D:\WINDOWS\system32\drivers\wcnfs.sys
18:11:06.0208 0x1e00 wcnfs - ok
18:11:06.0224 0x1e00 [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot D:\WINDOWS\system32\drivers\WdBoot.sys
18:11:06.0239 0x1e00 WdBoot - ok
18:11:06.0271 0x1e00 [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000 D:\WINDOWS\system32\drivers\Wdf01000.sys
18:11:06.0302 0x1e00 Wdf01000 - ok
18:11:06.0333 0x1e00 [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter D:\WINDOWS\system32\drivers\WdFilter.sys
18:11:06.0349 0x1e00 WdFilter - ok
18:11:06.0364 0x1e00 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost D:\WINDOWS\system32\wdi.dll
18:11:06.0396 0x1e00 WdiServiceHost - ok
18:11:06.0396 0x1e00 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost D:\WINDOWS\system32\wdi.dll
18:11:06.0427 0x1e00 WdiSystemHost - ok
18:11:06.0474 0x1e00 [ EDC08B8D3E67F96688774841C247B82A, DB5AFAF87C74431B8EB5420DBF5428691F291B63C2FDE8282EE2E399C76F63F3 ] wdiwifi D:\WINDOWS\system32\DRIVERS\wdiwifi.sys
18:11:06.0521 0x1e00 wdiwifi - ok
18:11:06.0536 0x1e00 [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv D:\WINDOWS\system32\Drivers\WdNisDrv.sys
18:11:06.0552 0x1e00 WdNisDrv - ok
18:11:06.0567 0x1e00 WdNisSvc - ok
18:11:06.0583 0x1e00 [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient D:\WINDOWS\System32\webclnt.dll
18:11:06.0614 0x1e00 WebClient - ok
18:11:06.0646 0x1e00 [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc D:\WINDOWS\system32\wecsvc.dll
18:11:06.0677 0x1e00 Wecsvc - ok
18:11:06.0692 0x1e00 [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC D:\WINDOWS\system32\wephostsvc.dll
18:11:06.0724 0x1e00 WEPHOSTSVC - ok
18:11:06.0755 0x1e00 [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport D:\WINDOWS\System32\wercplsupport.dll
18:11:06.0771 0x1e00 wercplsupport - ok
18:11:06.0786 0x1e00 [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc D:\WINDOWS\System32\WerSvc.dll
18:11:06.0802 0x1e00 WerSvc - ok
18:11:06.0833 0x1e00 [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS D:\WINDOWS\system32\drivers\wfplwfs.sys
18:11:06.0849 0x1e00 WFPLWFS - ok
18:11:06.0880 0x1e00 [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc D:\WINDOWS\System32\wiarpc.dll
18:11:06.0896 0x1e00 WiaRpc - ok
18:11:06.0927 0x1e00 [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount D:\WINDOWS\system32\drivers\wimmount.sys
18:11:06.0942 0x1e00 WIMMount - ok
18:11:06.0942 0x1e00 WinDefend - ok
18:11:06.0958 0x1e00 [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT D:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
18:11:06.0974 0x1e00 WindowsTrustedRT - ok
18:11:07.0005 0x1e00 [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy D:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
18:11:07.0005 0x1e00 WindowsTrustedRTProxy - ok
18:11:07.0052 0x1e00 [ 4AB1AC1E60118443A14C241F91AC8FC9, 2B9237AC124874664E31B4F313BAAF8059BD0749653496784B4B89B4B7F66784 ] WinHttpAutoProxySvc D:\WINDOWS\system32\winhttp.dll
18:11:07.0114 0x1e00 WinHttpAutoProxySvc - ok
18:11:07.0130 0x1e00 [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad D:\WINDOWS\System32\drivers\winmad.sys
18:11:07.0146 0x1e00 WinMad - ok
18:11:07.0208 0x1e00 [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt D:\WINDOWS\system32\wbem\WMIsvc.dll
18:11:07.0239 0x1e00 Winmgmt - ok
18:11:07.0349 0x1e00 [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM D:\WINDOWS\system32\WsmSvc.dll
18:11:07.0489 0x1e00 WinRM - ok
18:11:07.0521 0x1e00 [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB D:\WINDOWS\System32\drivers\WinUSB.SYS
18:11:07.0536 0x1e00 WINUSB - ok
18:11:07.0552 0x1e00 [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs D:\WINDOWS\System32\drivers\winverbs.sys
18:11:07.0567 0x1e00 WinVerbs - ok
18:11:07.0614 0x1e00 [ EC80E34789681E01D3F1508EC2E13CB3, 584A043D7C58B71B8577A0B7F14BFFEFD6111B7167EE580E6E3EF395BA4059D2 ] wisvc D:\WINDOWS\system32\flightsettings.dll
18:11:07.0646 0x1e00 wisvc - ok
18:11:07.0755 0x1e00 [ 5A7AA8198156DC2BFF9F064E29D11AF5, 9CBAF1B99B54CDE087E0FC0A2601B3F056F81F2F5AF63B5BB71C7389247E496A ] WlanSvc D:\WINDOWS\System32\wlansvc.dll
18:11:07.0864 0x1e00 WlanSvc - ok
18:11:07.0958 0x1e00 [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc D:\WINDOWS\system32\wlidsvc.dll
18:11:08.0067 0x1e00 wlidsvc - ok
18:11:08.0083 0x1e00 [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi D:\WINDOWS\System32\drivers\wmiacpi.sys
18:11:08.0099 0x1e00 WmiAcpi - ok
18:11:08.0130 0x1e00 [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv D:\WINDOWS\system32\wbem\WmiApSrv.exe
18:11:08.0161 0x1e00 wmiApSrv - ok
18:11:08.0177 0x1e00 WMPNetworkSvc - ok
18:11:08.0224 0x1e00 [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof D:\WINDOWS\system32\drivers\Wof.sys
18:11:08.0239 0x1e00 Wof - ok
18:11:08.0317 0x1e00 [ 5820CC51AB1C368F29ECCA713397D006, AA0CC2BC4DF7DBFB144FF47C3508BEEF00467C9D312C135AFB3406E42C6CD821 ] workfolderssvc D:\WINDOWS\system32\workfolderssvc.dll
18:11:08.0411 0x1e00 workfolderssvc - ok
18:11:08.0442 0x1e00 [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum D:\WINDOWS\system32\wpdbusenum.dll
18:11:08.0474 0x1e00 WPDBusEnum - ok
18:11:08.0505 0x1e00 [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr D:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:11:08.0521 0x1e00 WpdUpFltr - ok
18:11:08.0536 0x1e00 [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService D:\WINDOWS\system32\WpnService.dll
18:11:08.0552 0x1e00 WpnService - ok
18:11:08.0583 0x1e00 [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService D:\WINDOWS\System32\WpnUserService.dll
18:11:08.0599 0x1e00 WpnUserService - ok
18:11:08.0614 0x1e00 [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl D:\WINDOWS\system32\drivers\ws2ifsl.sys
18:11:08.0630 0x1e00 ws2ifsl - ok
18:11:08.0661 0x1e00 [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc D:\WINDOWS\System32\wscsvc.dll
18:11:08.0677 0x1e00 wscsvc - ok
18:11:08.0692 0x1e00 WSearch - ok
18:11:08.0786 0x1e00 [ FC02797FC7910AC4F4A1D366D3584171, 868075A94239086D38C946B9B7F33CA53A17AF91BC442C145C39B30DFA62F36F ] wuauserv D:\WINDOWS\system32\wuaueng.dll
18:11:08.0896 0x1e00 wuauserv - ok
18:11:08.0927 0x1e00 [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf D:\WINDOWS\system32\drivers\WudfPf.sys
18:11:08.0942 0x1e00 WudfPf - ok
18:11:08.0958 0x1e00 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd D:\WINDOWS\system32\drivers\WudfRd.sys
18:11:08.0974 0x1e00 WUDFRd - ok
18:11:09.0005 0x1e00 [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc D:\WINDOWS\System32\WUDFSvc.dll
18:11:09.0021 0x1e00 wudfsvc - ok
18:11:09.0052 0x1e00 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs D:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:11:09.0067 0x1e00 WUDFWpdFs - ok
18:11:09.0083 0x1e00 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp D:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:11:09.0099 0x1e00 WUDFWpdMtp - ok
18:11:09.0146 0x1e00 [ D313FF382A26D1295B212A66EE3E52A8, 59FEF2AF611507BCB6FE036A7D4F1595F3449B76F9B055CDC67DC1BE1D90EEB8 ] WwanSvc D:\WINDOWS\System32\wwansvc.dll
18:11:09.0224 0x1e00 WwanSvc - ok
18:11:09.0286 0x1e00 [ 7EF75102A793AAA6AAA45A4F7C15FF4D, A3FB68905F3E3A7DE52B85FAD966ABCB787FAC7E709964CE9BF2A4F9AC8B0653 ] XblAuthManager D:\WINDOWS\System32\XblAuthManager.dll
18:11:09.0349 0x1e00 XblAuthManager - ok
18:11:09.0411 0x1e00 [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave D:\WINDOWS\System32\XblGameSave.dll
18:11:09.0474 0x1e00 XblGameSave - ok
18:11:09.0521 0x1e00 [ DB77764B46D02DCB9777D9E00A3F7D63, 469491E3A57FBB0CB0482A2493823B57410E24A5BD4C1C96D79FE9888F7827BB ] xboxgip D:\WINDOWS\System32\drivers\xboxgip.sys
18:11:09.0536 0x1e00 xboxgip - ok
18:11:09.0583 0x1e00 [ 1A8D9EA4DD1A3E276B85EDB05B42BEC7, 23FC10AC29BDF917AEDB3AAF82537EC2C72453E52B41836FD83643054FA4F0BE ] XboxNetApiSvc D:\WINDOWS\system32\XboxNetApiSvc.dll
18:11:09.0646 0x1e00 XboxNetApiSvc - ok
18:11:09.0677 0x1e00 [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid D:\WINDOWS\System32\drivers\xinputhid.sys
18:11:09.0692 0x1e00 xinputhid - ok
18:11:09.0692 0x1e00 ================ Scan global ===============================
18:11:09.0739 0x1e00 [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] D:\WINDOWS\system32\basesrv.dll
18:11:09.0771 0x1e00 [ 0690445DD89A6498945E0FECC1689A45, ED11E144FCEDED7EF8ABEFC0B558312047AA7A2F37BFECEC14D5A44179130F70 ] D:\WINDOWS\system32\winsrv.dll
18:11:09.0817 0x1e00 [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] D:\WINDOWS\system32\sxssrv.dll
18:11:09.0849 0x1e00 [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] D:\WINDOWS\system32\services.exe
18:11:09.0864 0x1e00 [ Global ] - ok
18:11:09.0864 0x1e00 ================ Scan MBR ==================================
18:11:09.0864 0x1e00 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:11:10.0021 0x1e00 \Device\Harddisk1\DR1 - ok
18:11:10.0021 0x1e00 [ D9F06B7F08521CB05A988443D9083BC3 ] \Device\Harddisk0\DR0
18:11:10.0177 0x1e00 \Device\Harddisk0\DR0 - ok
18:11:10.0177 0x1e00 ================ Scan VBR ==================================
18:11:10.0177 0x1e00 [ 0E22381B919C2CF69ADD2D747F04E127 ] \Device\Harddisk1\DR1\Partition1
18:11:10.0177 0x1e00 \Device\Harddisk1\DR1\Partition1 - ok
18:11:10.0177 0x1e00 [ E9EB4E7B8F6A1FE83171DA8297BC32F6 ] \Device\Harddisk1\DR1\Partition2
18:11:10.0177 0x1e00 \Device\Harddisk1\DR1\Partition2 - ok
18:11:10.0192 0x1e00 [ 3FD75F80B57F7F5155FF2C184D7A0EE6 ] \Device\Harddisk1\DR1\Partition3
18:11:10.0192 0x1e00 \Device\Harddisk1\DR1\Partition3 - ok
18:11:10.0192 0x1e00 [ C55D838969954456D2D87078B28D2A7E ] \Device\Harddisk1\DR1\Partition4
18:11:10.0192 0x1e00 \Device\Harddisk1\DR1\Partition4 - ok
18:11:10.0192 0x1e00 [ 9D463BD43A1D64693D2AA4F7EE27F066 ] \Device\Harddisk0\DR0\Partition1
18:11:10.0192 0x1e00 \Device\Harddisk0\DR0\Partition1 - ok
18:11:10.0192 0x1e00 ================ Scan generic autorun ======================
18:11:10.0302 0x1e00 [ 0575828C8E273D1D61D887E8C31C2BCF, 6F8371EEA9DA7E957A205526690AD75944D904BF741C0AD87E3BD28B3BAC237C ] D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
18:11:10.0349 0x1e00 NvBackend - ok
18:11:10.0427 0x1e00 [ DBD8934E3909B60DA81A91BF53B76901, 29B061C5E05097394B8B9D7C6681783DB02735CE8AAD06BCC03C08617D778039 ] D:\Program Files (x86)\Avira\Antivirus\avgnt.exe
18:11:10.0458 0x1e00 avgnt - ok
18:11:10.0505 0x1e00 [ 2AB57E205B61BCB095168A97B8D2AC4D, 18D9709CED7F02B694405E62ED5BA8EBE737FF59BB2D9EFBF0335C0F3BEE105B ] D:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
18:11:10.0521 0x1e00 Avira SystrayStartTrigger - ok
18:11:10.0614 0x1e00 [ 1F5BF57AE3556E8941CC4F836EBCF823, FA0400865F17A25E8A89727732B1286B413989FB914E740D3C380214D15F862A ] D:\Program Files\CyberGhost 6\CyberGhost.exe
18:11:10.0661 0x1e00 CyberGhost - ok
18:11:10.0958 0x1e00 [ 638AE77DC319958727FBEA403D37B2D6, FF40F8D0A0EA99478BF46656FDB7BB37CED75375F4FD149E3FE2393749120D39 ] D:\Program Files\CCleaner\CCleaner64.exe
18:11:11.0192 0x1e00 CCleaner Monitoring - ok
18:11:11.0505 0x1e00 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] D:\Windows\SysWOW64\OneDriveSetup.exe
18:11:11.0880 0x1e00 OneDriveSetup - ok
18:11:11.0896 0x1e00 Waiting for KSN requests completion. In queue: 242
18:11:12.0942 0x1e00 AV detected via SS2: Avira Antivirus, D:\Program Files (x86)\Avira\Antivirus\WindowsSecurityCenter.exe ( 15.0.25.170 ), 0x41000 ( enabled : updated )
18:11:12.0974 0x1e00 AV detected via SS2: Windows Defender, D:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.1066 ), 0x60100 ( disabled : updated )
18:11:12.0989 0x1e00 Win FW state via NFP2: enabled ( trusted )
18:11:13.0286 0x1e00 ============================================================
18:11:13.0286 0x1e00 Scan finished
18:11:13.0286 0x1e00 ============================================================
18:11:13.0286 0x1df8 Detected object count: 0
18:11:13.0286 0x1df8 Actual detected object count: 0
|
|
03.05.2017, 20:28
| #5 |
| /// TB-Ausbilder | Rootkitverdacht Servus, bei den Funden handelt es sich nicht um einen Rootkit, sondern um einen Fehlalarm. Wir kontrollieren trotzdem (vorsorglich).  Schritt 1
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware 3
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
03.05.2017, 22:02
| #6 |
| | Rootkitverdacht AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.046 - Bericht erstellt am 03/05/2017 um 22:28:05
# Aktualisiert am 24/04/2017 von Malwarebytes
# Datenbank : 2017-05-03.1 [Server]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Nada - NONNAME
# Gestartet von : D:\Users\käptnBlaubär\Downloads\AdwCleaner_6.046.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
D:\AdwCleaner\AdwCleaner[C0].txt - [2402 Bytes] - [05/10/2016 15:16:42]
D:\AdwCleaner\AdwCleaner[C10].txt - [7795 Bytes] - [28/11/2016 12:42:23]
D:\AdwCleaner\AdwCleaner[C11].txt - [8017 Bytes] - [28/11/2016 13:29:21]
D:\AdwCleaner\AdwCleaner[C12].txt - [8239 Bytes] - [28/11/2016 14:15:22]
D:\AdwCleaner\AdwCleaner[C13].txt - [13022 Bytes] - [02/01/2017 23:29:47]
D:\AdwCleaner\AdwCleaner[C14].txt - [12909 Bytes] - [03/01/2017 16:08:53]
D:\AdwCleaner\AdwCleaner[C15].txt - [11866 Bytes] - [19/01/2017 16:21:16]
D:\AdwCleaner\AdwCleaner[C16].txt - [11961 Bytes] - [31/01/2017 10:32:40]
D:\AdwCleaner\AdwCleaner[C17].txt - [14190 Bytes] - [09/03/2017 22:32:51]
D:\AdwCleaner\AdwCleaner[C18].txt - [15905 Bytes] - [23/03/2017 10:37:39]
D:\AdwCleaner\AdwCleaner[C19].txt - [1712 Bytes] - [03/05/2017 22:28:05]
D:\AdwCleaner\AdwCleaner[C2].txt - [2059 Bytes] - [14/10/2016 18:41:25]
D:\AdwCleaner\AdwCleaner[C3].txt - [2268 Bytes] - [14/10/2016 19:16:07]
D:\AdwCleaner\AdwCleaner[C4].txt - [2489 Bytes] - [14/10/2016 19:53:37]
D:\AdwCleaner\AdwCleaner[C5].txt - [3507 Bytes] - [27/10/2016 12:27:27]
D:\AdwCleaner\AdwCleaner[C6].txt - [5280 Bytes] - [12/11/2016 09:05:00]
D:\AdwCleaner\AdwCleaner[C7].txt - [6519 Bytes] - [21/11/2016 18:13:44]
D:\AdwCleaner\AdwCleaner[C8].txt - [6850 Bytes] - [24/11/2016 23:31:46]
D:\AdwCleaner\AdwCleaner[C9].txt - [7517 Bytes] - [28/11/2016 12:37:12]
D:\AdwCleaner\AdwCleaner[S0].txt - [2485 Bytes] - [05/10/2016 15:15:51]
D:\AdwCleaner\AdwCleaner[S100].txt - [9618 Bytes] - [06/12/2016 23:35:48]
D:\AdwCleaner\AdwCleaner[S101].txt - [9692 Bytes] - [07/12/2016 16:50:55]
D:\AdwCleaner\AdwCleaner[S102].txt - [9768 Bytes] - [08/12/2016 23:36:43]
D:\AdwCleaner\AdwCleaner[S103].txt - [9843 Bytes] - [13/12/2016 20:24:22]
D:\AdwCleaner\AdwCleaner[S104].txt - [9918 Bytes] - [14/12/2016 10:42:31]
D:\AdwCleaner\AdwCleaner[S105].txt - [9992 Bytes] - [14/12/2016 21:40:09]
D:\AdwCleaner\AdwCleaner[S106].txt - [10068 Bytes] - [16/12/2016 17:29:30]
D:\AdwCleaner\AdwCleaner[S107].txt - [10145 Bytes] - [17/12/2016 19:20:49]
D:\AdwCleaner\AdwCleaner[S108].txt - [10220 Bytes] - [17/12/2016 20:41:55]
D:\AdwCleaner\AdwCleaner[S109].txt - [10297 Bytes] - [18/12/2016 21:04:39]
D:\AdwCleaner\AdwCleaner[S10].txt - [2400 Bytes] - [14/10/2016 18:47:03]
D:\AdwCleaner\AdwCleaner[S110].txt - [10372 Bytes] - [19/12/2016 14:59:37]
D:\AdwCleaner\AdwCleaner[S111].txt - [10449 Bytes] - [23/12/2016 15:40:24]
D:\AdwCleaner\AdwCleaner[S112].txt - [10525 Bytes] - [24/12/2016 10:13:29]
D:\AdwCleaner\AdwCleaner[S113].txt - [10600 Bytes] - [24/12/2016 11:54:22]
D:\AdwCleaner\AdwCleaner[S114].txt - [10676 Bytes] - [24/12/2016 18:25:07]
D:\AdwCleaner\AdwCleaner[S115].txt - [10753 Bytes] - [27/12/2016 19:43:41]
D:\AdwCleaner\AdwCleaner[S116].txt - [10828 Bytes] - [28/12/2016 10:07:40]
D:\AdwCleaner\AdwCleaner[S117].txt - [10904 Bytes] - [28/12/2016 18:17:49]
D:\AdwCleaner\AdwCleaner[S118].txt - [10981 Bytes] - [29/12/2016 17:56:21]
D:\AdwCleaner\AdwCleaner[S119].txt - [11057 Bytes] - [31/12/2016 12:29:07]
D:\AdwCleaner\AdwCleaner[S11].txt - [2462 Bytes] - [14/10/2016 19:15:56]
D:\AdwCleaner\AdwCleaner[S120].txt - [11132 Bytes] - [31/12/2016 14:54:30]
D:\AdwCleaner\AdwCleaner[S121].txt - [11208 Bytes] - [02/01/2017 11:34:20]
D:\AdwCleaner\AdwCleaner[S122].txt - [13291 Bytes] - [02/01/2017 23:21:43]
D:\AdwCleaner\AdwCleaner[S123].txt - [13213 Bytes] - [03/01/2017 16:01:35]
D:\AdwCleaner\AdwCleaner[S124].txt - [11586 Bytes] - [03/01/2017 16:13:48]
D:\AdwCleaner\AdwCleaner[S125].txt - [11662 Bytes] - [04/01/2017 18:29:36]
D:\AdwCleaner\AdwCleaner[S126].txt - [11741 Bytes] - [08/01/2017 22:18:22]
D:\AdwCleaner\AdwCleaner[S127].txt - [11816 Bytes] - [10/01/2017 20:34:22]
D:\AdwCleaner\AdwCleaner[S128].txt - [11893 Bytes] - [14/01/2017 21:55:02]
D:\AdwCleaner\AdwCleaner[S129].txt - [11996 Bytes] - [15/01/2017 16:29:48]
D:\AdwCleaner\AdwCleaner[S12].txt - [2761 Bytes] - [14/10/2016 19:23:26]
D:\AdwCleaner\AdwCleaner[S130].txt - [12071 Bytes] - [19/01/2017 16:20:52]
D:\AdwCleaner\AdwCleaner[S131].txt - [12222 Bytes] - [31/01/2017 10:32:20]
D:\AdwCleaner\AdwCleaner[S132].txt - [12347 Bytes] - [04/02/2017 16:26:30]
D:\AdwCleaner\AdwCleaner[S133].txt - [12422 Bytes] - [07/02/2017 17:43:54]
D:\AdwCleaner\AdwCleaner[S134].txt - [12498 Bytes] - [07/02/2017 22:43:45]
D:\AdwCleaner\AdwCleaner[S135].txt - [12574 Bytes] - [08/02/2017 21:18:18]
D:\AdwCleaner\AdwCleaner[S136].txt - [12651 Bytes] - [09/02/2017 19:35:36]
D:\AdwCleaner\AdwCleaner[S137].txt - [12725 Bytes] - [13/02/2017 21:55:14]
D:\AdwCleaner\AdwCleaner[S138].txt - [12800 Bytes] - [15/02/2017 10:13:09]
D:\AdwCleaner\AdwCleaner[S139].txt - [12876 Bytes] - [18/02/2017 13:22:36]
D:\AdwCleaner\AdwCleaner[S13].txt - [2683 Bytes] - [14/10/2016 19:52:07]
D:\AdwCleaner\AdwCleaner[S140].txt - [12952 Bytes] - [19/02/2017 11:03:15]
D:\AdwCleaner\AdwCleaner[S141].txt - [13028 Bytes] - [19/02/2017 12:31:48]
D:\AdwCleaner\AdwCleaner[S142].txt - [13104 Bytes] - [19/02/2017 17:56:58]
D:\AdwCleaner\AdwCleaner[S143].txt - [13181 Bytes] - [21/02/2017 14:23:54]
D:\AdwCleaner\AdwCleaner[S144].txt - [13256 Bytes] - [21/02/2017 20:57:03]
D:\AdwCleaner\AdwCleaner[S145].txt - [13332 Bytes] - [22/02/2017 10:04:38]
D:\AdwCleaner\AdwCleaner[S146].txt - [13409 Bytes] - [24/02/2017 15:04:09]
D:\AdwCleaner\AdwCleaner[S147].txt - [13485 Bytes] - [24/02/2017 23:27:16]
D:\AdwCleaner\AdwCleaner[S148].txt - [13560 Bytes] - [25/02/2017 16:50:32]
D:\AdwCleaner\AdwCleaner[S149].txt - [13636 Bytes] - [25/02/2017 20:46:58]
D:\AdwCleaner\AdwCleaner[S14].txt - [2651 Bytes] - [14/10/2016 20:08:24]
D:\AdwCleaner\AdwCleaner[S150].txt - [13712 Bytes] - [26/02/2017 19:45:04]
D:\AdwCleaner\AdwCleaner[S151].txt - [13789 Bytes] - [27/02/2017 12:55:33]
D:\AdwCleaner\AdwCleaner[S152].txt - [13864 Bytes] - [27/02/2017 15:24:11]
D:\AdwCleaner\AdwCleaner[S153].txt - [13940 Bytes] - [27/02/2017 23:47:05]
D:\AdwCleaner\AdwCleaner[S154].txt - [14017 Bytes] - [01/03/2017 11:24:25]
D:\AdwCleaner\AdwCleaner[S155].txt - [14095 Bytes] - [03/03/2017 18:24:35]
D:\AdwCleaner\AdwCleaner[S156].txt - [14170 Bytes] - [04/03/2017 20:24:34]
D:\AdwCleaner\AdwCleaner[S157].txt - [14246 Bytes] - [05/03/2017 12:04:18]
D:\AdwCleaner\AdwCleaner[S158].txt - [14323 Bytes] - [08/03/2017 14:29:14]
D:\AdwCleaner\AdwCleaner[S159].txt - [14407 Bytes] - [09/03/2017 22:32:39]
D:\AdwCleaner\AdwCleaner[S15].txt - [2725 Bytes] - [14/10/2016 20:47:45]
D:\AdwCleaner\AdwCleaner[S160].txt - [14549 Bytes] - [09/03/2017 22:38:24]
D:\AdwCleaner\AdwCleaner[S161].txt - [14624 Bytes] - [10/03/2017 10:22:41]
D:\AdwCleaner\AdwCleaner[S162].txt - [14700 Bytes] - [11/03/2017 11:08:02]
D:\AdwCleaner\AdwCleaner[S163].txt - [14776 Bytes] - [12/03/2017 13:25:32]
D:\AdwCleaner\AdwCleaner[S164].txt - [14851 Bytes] - [12/03/2017 17:40:37]
D:\AdwCleaner\AdwCleaner[S165].txt - [14927 Bytes] - [13/03/2017 11:15:47]
D:\AdwCleaner\AdwCleaner[S166].txt - [15404 Bytes] - [13/03/2017 21:57:03]
D:\AdwCleaner\AdwCleaner[S167].txt - [15080 Bytes] - [15/03/2017 16:49:47]
D:\AdwCleaner\AdwCleaner[S168].txt - [15156 Bytes] - [15/03/2017 18:25:42]
D:\AdwCleaner\AdwCleaner[S169].txt - [15231 Bytes] - [15/03/2017 20:54:13]
D:\AdwCleaner\AdwCleaner[S16].txt - [2799 Bytes] - [16/10/2016 16:25:28]
D:\AdwCleaner\AdwCleaner[S170].txt - [15307 Bytes] - [16/03/2017 21:48:22]
D:\AdwCleaner\AdwCleaner[S171].txt - [15384 Bytes] - [17/03/2017 10:49:35]
D:\AdwCleaner\AdwCleaner[S172].txt - [15459 Bytes] - [17/03/2017 11:53:55]
D:\AdwCleaner\AdwCleaner[S173].txt - [15535 Bytes] - [17/03/2017 18:16:05]
D:\AdwCleaner\AdwCleaner[S174].txt - [15612 Bytes] - [18/03/2017 14:43:04]
D:\AdwCleaner\AdwCleaner[S175].txt - [15687 Bytes] - [18/03/2017 16:01:35]
D:\AdwCleaner\AdwCleaner[S176].txt - [15763 Bytes] - [18/03/2017 21:44:12]
D:\AdwCleaner\AdwCleaner[S177].txt - [15840 Bytes] - [19/03/2017 00:00:51]
D:\AdwCleaner\AdwCleaner[S178].txt - [15916 Bytes] - [19/03/2017 23:10:44]
D:\AdwCleaner\AdwCleaner[S179].txt - [15991 Bytes] - [20/03/2017 13:37:37]
D:\AdwCleaner\AdwCleaner[S17].txt - [2873 Bytes] - [17/10/2016 15:25:37]
D:\AdwCleaner\AdwCleaner[S180].txt - [16068 Bytes] - [21/03/2017 20:27:17]
D:\AdwCleaner\AdwCleaner[S181].txt - [16166 Bytes] - [23/03/2017 10:37:29]
D:\AdwCleaner\AdwCleaner[S182].txt - [16294 Bytes] - [23/03/2017 17:41:33]
D:\AdwCleaner\AdwCleaner[S183].txt - [16371 Bytes] - [23/03/2017 23:24:05]
D:\AdwCleaner\AdwCleaner[S184].txt - [16446 Bytes] - [24/03/2017 12:37:58]
D:\AdwCleaner\AdwCleaner[S185].txt - [16522 Bytes] - [25/03/2017 12:57:57]
D:\AdwCleaner\AdwCleaner[S186].txt - [16598 Bytes] - [25/03/2017 14:08:59]
D:\AdwCleaner\AdwCleaner[S187].txt - [16674 Bytes] - [25/03/2017 16:53:31]
D:\AdwCleaner\AdwCleaner[S188].txt - [16750 Bytes] - [26/03/2017 11:42:14]
D:\AdwCleaner\AdwCleaner[S189].txt - [16826 Bytes] - [26/03/2017 21:34:22]
D:\AdwCleaner\AdwCleaner[S18].txt - [2947 Bytes] - [18/10/2016 17:14:27]
D:\AdwCleaner\AdwCleaner[S190].txt - [16903 Bytes] - [28/03/2017 10:29:39]
D:\AdwCleaner\AdwCleaner[S191].txt - [16980 Bytes] - [28/03/2017 13:29:08]
D:\AdwCleaner\AdwCleaner[S192].txt - [17058 Bytes] - [29/03/2017 15:00:47]
D:\AdwCleaner\AdwCleaner[S193].txt - [17132 Bytes] - [01/04/2017 15:55:29]
D:\AdwCleaner\AdwCleaner[S194].txt - [17207 Bytes] - [01/04/2017 20:28:55]
D:\AdwCleaner\AdwCleaner[S195].txt - [17284 Bytes] - [02/04/2017 13:05:37]
D:\AdwCleaner\AdwCleaner[S196].txt - [17359 Bytes] - [02/04/2017 15:54:24]
D:\AdwCleaner\AdwCleaner[S197].txt - [17435 Bytes] - [02/04/2017 20:38:43]
D:\AdwCleaner\AdwCleaner[S198].txt - [17512 Bytes] - [03/04/2017 22:36:15]
D:\AdwCleaner\AdwCleaner[S199].txt - [17587 Bytes] - [04/04/2017 11:13:01]
D:\AdwCleaner\AdwCleaner[S19].txt - [3021 Bytes] - [19/10/2016 15:35:12]
D:\AdwCleaner\AdwCleaner[S1].txt - [1508 Bytes] - [07/10/2016 21:03:15]
D:\AdwCleaner\AdwCleaner[S200].txt - [17664 Bytes] - [05/04/2017 18:58:37]
D:\AdwCleaner\AdwCleaner[S201].txt - [17739 Bytes] - [06/04/2017 07:18:36]
D:\AdwCleaner\AdwCleaner[S202].txt - [17815 Bytes] - [06/04/2017 19:49:00]
D:\AdwCleaner\AdwCleaner[S203].txt - [17892 Bytes] - [07/04/2017 16:29:15]
D:\AdwCleaner\AdwCleaner[S204].txt - [17967 Bytes] - [07/04/2017 20:06:03]
D:\AdwCleaner\AdwCleaner[S205].txt - [18044 Bytes] - [11/04/2017 09:51:57]
D:\AdwCleaner\AdwCleaner[S206].txt - [18119 Bytes] - [11/04/2017 18:25:13]
D:\AdwCleaner\AdwCleaner[S207].txt - [18196 Bytes] - [13/04/2017 10:56:52]
D:\AdwCleaner\AdwCleaner[S208].txt - [18271 Bytes] - [13/04/2017 16:00:02]
D:\AdwCleaner\AdwCleaner[S209].txt - [18347 Bytes] - [13/04/2017 17:44:07]
D:\AdwCleaner\AdwCleaner[S20].txt - [3111 Bytes] - [20/10/2016 17:48:39]
D:\AdwCleaner\AdwCleaner[S210].txt - [18424 Bytes] - [14/04/2017 22:34:34]
D:\AdwCleaner\AdwCleaner[S211].txt - [18500 Bytes] - [16/04/2017 14:44:03]
D:\AdwCleaner\AdwCleaner[S212].txt - [18584 Bytes] - [17/04/2017 18:38:32]
D:\AdwCleaner\AdwCleaner[S213].txt - [18660 Bytes] - [19/04/2017 10:29:46]
D:\AdwCleaner\AdwCleaner[S214].txt - [18737 Bytes] - [19/04/2017 16:55:14]
D:\AdwCleaner\AdwCleaner[S215].txt - [18813 Bytes] - [20/04/2017 07:35:09]
D:\AdwCleaner\AdwCleaner[S216].txt - [18889 Bytes] - [21/04/2017 09:20:58]
D:\AdwCleaner\AdwCleaner[S217].txt - [18964 Bytes] - [21/04/2017 22:03:01]
D:\AdwCleaner\AdwCleaner[S218].txt - [19041 Bytes] - [22/04/2017 12:39:00]
D:\AdwCleaner\AdwCleaner[S219].txt - [19116 Bytes] - [22/04/2017 14:04:45]
D:\AdwCleaner\AdwCleaner[S21].txt - [3185 Bytes] - [22/10/2016 16:07:20]
D:\AdwCleaner\AdwCleaner[S220].txt - [19186 Bytes] - [24/04/2017 21:59:09]
D:\AdwCleaner\AdwCleaner[S221].txt - [19259 Bytes] - [25/04/2017 15:56:47]
D:\AdwCleaner\AdwCleaner[S222].txt - [19335 Bytes] - [26/04/2017 18:33:20]
D:\AdwCleaner\AdwCleaner[S223].txt - [19411 Bytes] - [26/04/2017 23:51:33]
D:\AdwCleaner\AdwCleaner[S224].txt - [19488 Bytes] - [27/04/2017 09:59:57]
D:\AdwCleaner\AdwCleaner[S225].txt - [19563 Bytes] - [27/04/2017 15:10:45]
D:\AdwCleaner\AdwCleaner[S226].txt - [19639 Bytes] - [28/04/2017 16:13:07]
D:\AdwCleaner\AdwCleaner[S227].txt - [19715 Bytes] - [29/04/2017 23:26:08]
D:\AdwCleaner\AdwCleaner[S228].txt - [19792 Bytes] - [01/05/2017 15:22:37]
D:\AdwCleaner\AdwCleaner[S229].txt - [19868 Bytes] - [02/05/2017 12:34:57]
D:\AdwCleaner\AdwCleaner[S22].txt - [3631 Bytes] - [27/10/2016 12:20:46]
D:\AdwCleaner\AdwCleaner[S230].txt - [19944 Bytes] - [03/05/2017 07:14:41]
D:\AdwCleaner\AdwCleaner[S231].txt - [20022 Bytes] - [03/05/2017 22:16:47]
D:\AdwCleaner\AdwCleaner[S23].txt - [3404 Bytes] - [27/10/2016 12:35:12]
D:\AdwCleaner\AdwCleaner[S24].txt - [3478 Bytes] - [27/10/2016 13:10:38]
D:\AdwCleaner\AdwCleaner[S25].txt - [3552 Bytes] - [27/10/2016 18:39:21]
D:\AdwCleaner\AdwCleaner[S26].txt - [3626 Bytes] - [27/10/2016 20:12:54]
D:\AdwCleaner\AdwCleaner[S27].txt - [3700 Bytes] - [28/10/2016 10:03:30]
D:\AdwCleaner\AdwCleaner[S28].txt - [3774 Bytes] - [28/10/2016 15:06:29]
D:\AdwCleaner\AdwCleaner[S29].txt - [3848 Bytes] - [28/10/2016 16:40:01]
D:\AdwCleaner\AdwCleaner[S2].txt - [1574 Bytes] - [08/10/2016 15:20:14]
D:\AdwCleaner\AdwCleaner[S30].txt - [3922 Bytes] - [28/10/2016 17:55:59]
D:\AdwCleaner\AdwCleaner[S31].txt - [3996 Bytes] - [28/10/2016 19:45:11]
D:\AdwCleaner\AdwCleaner[S32].txt - [4070 Bytes] - [29/10/2016 10:11:17]
D:\AdwCleaner\AdwCleaner[S33].txt - [4144 Bytes] - [29/10/2016 15:08:20]
D:\AdwCleaner\AdwCleaner[S34].txt - [4218 Bytes] - [29/10/2016 16:22:57]
D:\AdwCleaner\AdwCleaner[S35].txt - [4292 Bytes] - [30/10/2016 09:48:32]
D:\AdwCleaner\AdwCleaner[S36].txt - [4366 Bytes] - [30/10/2016 19:52:30]
D:\AdwCleaner\AdwCleaner[S37].txt - [4440 Bytes] - [30/10/2016 20:56:04]
D:\AdwCleaner\AdwCleaner[S38].txt - [4514 Bytes] - [31/10/2016 11:49:48]
D:\AdwCleaner\AdwCleaner[S39].txt - [4588 Bytes] - [01/11/2016 18:51:19]
D:\AdwCleaner\AdwCleaner[S3].txt - [1657 Bytes] - [09/10/2016 18:05:37]
D:\AdwCleaner\AdwCleaner[S40].txt - [4662 Bytes] - [02/11/2016 18:23:16]
D:\AdwCleaner\AdwCleaner[S41].txt - [4736 Bytes] - [03/11/2016 12:51:17]
D:\AdwCleaner\AdwCleaner[S42].txt - [4810 Bytes] - [04/11/2016 20:48:05]
D:\AdwCleaner\AdwCleaner[S43].txt - [4884 Bytes] - [05/11/2016 23:05:12]
D:\AdwCleaner\AdwCleaner[S44].txt - [4957 Bytes] - [06/11/2016 13:49:43]
D:\AdwCleaner\AdwCleaner[S45].txt - [5032 Bytes] - [07/11/2016 23:14:02]
D:\AdwCleaner\AdwCleaner[S46].txt - [5106 Bytes] - [08/11/2016 14:18:54]
D:\AdwCleaner\AdwCleaner[S47].txt - [5180 Bytes] - [09/11/2016 23:15:24]
D:\AdwCleaner\AdwCleaner[S48].txt - [5254 Bytes] - [10/11/2016 14:26:00]
D:\AdwCleaner\AdwCleaner[S49].txt - [5328 Bytes] - [10/11/2016 18:39:33]
D:\AdwCleaner\AdwCleaner[S4].txt - [1707 Bytes] - [09/10/2016 21:27:50]
D:\AdwCleaner\AdwCleaner[S50].txt - [5402 Bytes] - [10/11/2016 21:25:49]
D:\AdwCleaner\AdwCleaner[S51].txt - [5537 Bytes] - [12/11/2016 09:04:31]
D:\AdwCleaner\AdwCleaner[S52].txt - [5623 Bytes] - [12/11/2016 09:10:36]
D:\AdwCleaner\AdwCleaner[S53].txt - [5697 Bytes] - [12/11/2016 14:31:40]
D:\AdwCleaner\AdwCleaner[S54].txt - [5771 Bytes] - [12/11/2016 15:26:27]
D:\AdwCleaner\AdwCleaner[S55].txt - [5845 Bytes] - [12/11/2016 18:55:07]
D:\AdwCleaner\AdwCleaner[S56].txt - [5919 Bytes] - [13/11/2016 12:59:12]
D:\AdwCleaner\AdwCleaner[S57].txt - [5993 Bytes] - [13/11/2016 21:59:51]
D:\AdwCleaner\AdwCleaner[S58].txt - [6067 Bytes] - [14/11/2016 12:53:51]
D:\AdwCleaner\AdwCleaner[S59].txt - [6141 Bytes] - [14/11/2016 16:47:53]
D:\AdwCleaner\AdwCleaner[S5].txt - [1781 Bytes] - [10/10/2016 21:47:26]
D:\AdwCleaner\AdwCleaner[S60].txt - [6215 Bytes] - [16/11/2016 14:37:55]
D:\AdwCleaner\AdwCleaner[S61].txt - [6289 Bytes] - [16/11/2016 20:28:29]
D:\AdwCleaner\AdwCleaner[S62].txt - [6363 Bytes] - [18/11/2016 13:25:19]
D:\AdwCleaner\AdwCleaner[S63].txt - [6437 Bytes] - [19/11/2016 09:33:04]
D:\AdwCleaner\AdwCleaner[S64].txt - [6511 Bytes] - [19/11/2016 15:27:36]
D:\AdwCleaner\AdwCleaner[S65].txt - [6585 Bytes] - [20/11/2016 20:26:01]
D:\AdwCleaner\AdwCleaner[S66].txt - [6781 Bytes] - [21/11/2016 18:12:42]
D:\AdwCleaner\AdwCleaner[S67].txt - [6806 Bytes] - [21/11/2016 18:18:08]
D:\AdwCleaner\AdwCleaner[S68].txt - [6880 Bytes] - [21/11/2016 21:19:34]
D:\AdwCleaner\AdwCleaner[S69].txt - [7062 Bytes] - [24/11/2016 23:31:18]
D:\AdwCleaner\AdwCleaner[S6].txt - [1854 Bytes] - [12/10/2016 18:30:14]
D:\AdwCleaner\AdwCleaner[S70].txt - [7101 Bytes] - [24/11/2016 23:38:04]
D:\AdwCleaner\AdwCleaner[S71].txt - [7175 Bytes] - [25/11/2016 14:57:39]
D:\AdwCleaner\AdwCleaner[S72].txt - [7249 Bytes] - [25/11/2016 20:05:34]
D:\AdwCleaner\AdwCleaner[S73].txt - [7323 Bytes] - [26/11/2016 12:14:17]
D:\AdwCleaner\AdwCleaner[S74].txt - [7399 Bytes] - [26/11/2016 17:28:30]
D:\AdwCleaner\AdwCleaner[S75].txt - [7473 Bytes] - [26/11/2016 17:30:13]
D:\AdwCleaner\AdwCleaner[S76].txt - [7545 Bytes] - [27/11/2016 20:22:25]
D:\AdwCleaner\AdwCleaner[S77].txt - [7716 Bytes] - [28/11/2016 12:34:08]
D:\AdwCleaner\AdwCleaner[S78].txt - [7863 Bytes] - [28/11/2016 12:41:22]
D:\AdwCleaner\AdwCleaner[S79].txt - [8011 Bytes] - [28/11/2016 12:47:01]
D:\AdwCleaner\AdwCleaner[S7].txt - [1927 Bytes] - [13/10/2016 13:45:36]
D:\AdwCleaner\AdwCleaner[S80].txt - [8085 Bytes] - [28/11/2016 13:28:55]
D:\AdwCleaner\AdwCleaner[S81].txt - [8233 Bytes] - [28/11/2016 13:33:10]
D:\AdwCleaner\AdwCleaner[S82].txt - [8307 Bytes] - [28/11/2016 14:08:51]
D:\AdwCleaner\AdwCleaner[S83].txt - [8455 Bytes] - [28/11/2016 14:20:11]
D:\AdwCleaner\AdwCleaner[S84].txt - [8529 Bytes] - [28/11/2016 14:27:11]
D:\AdwCleaner\AdwCleaner[S85].txt - [8603 Bytes] - [28/11/2016 14:40:22]
D:\AdwCleaner\AdwCleaner[S86].txt - [8677 Bytes] - [28/11/2016 15:55:07]
D:\AdwCleaner\AdwCleaner[S87].txt - [8750 Bytes] - [29/11/2016 14:56:49]
D:\AdwCleaner\AdwCleaner[S88].txt - [8730 Bytes] - [29/11/2016 15:05:01]
D:\AdwCleaner\AdwCleaner[S89].txt - [8802 Bytes] - [30/11/2016 14:34:26]
D:\AdwCleaner\AdwCleaner[S8].txt - [2000 Bytes] - [13/10/2016 22:09:52]
D:\AdwCleaner\AdwCleaner[S90].txt - [8876 Bytes] - [30/11/2016 20:50:00]
D:\AdwCleaner\AdwCleaner[S91].txt - [8950 Bytes] - [01/12/2016 13:39:30]
D:\AdwCleaner\AdwCleaner[S92].txt - [9023 Bytes] - [01/12/2016 18:27:32]
D:\AdwCleaner\AdwCleaner[S93].txt - [9098 Bytes] - [02/12/2016 18:53:39]
D:\AdwCleaner\AdwCleaner[S94].txt - [9171 Bytes] - [03/12/2016 17:13:19]
D:\AdwCleaner\AdwCleaner[S95].txt - [9248 Bytes] - [04/12/2016 14:28:36]
D:\AdwCleaner\AdwCleaner[S96].txt - [9320 Bytes] - [04/12/2016 18:04:27]
D:\AdwCleaner\AdwCleaner[S97].txt - [9393 Bytes] - [05/12/2016 11:42:06]
D:\AdwCleaner\AdwCleaner[S98].txt - [9467 Bytes] - [06/12/2016 00:15:15]
D:\AdwCleaner\AdwCleaner[S99].txt - [9542 Bytes] - [06/12/2016 13:28:50]
D:\AdwCleaner\AdwCleaner[S9].txt - [2252 Bytes] - [14/10/2016 18:40:10]
########## EOF - D:\AdwCleaner\AdwCleaner[C19].txt - [19786 Bytes] ##########
[/CODE] Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 03.05.17
Scan-Zeit: 22:34
Protokolldatei: MBR.log
Administrator: Ja
-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.103
Version des Aktualisierungspakets: 1.0.1863
Lizenz: Kostenlos
-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: NONNAME\Nada
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 502782
Abgelaufene Zeit: 13 Min., 51 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
|
|
03.05.2017, 22:04
| #7 |
| | Rootkitverdacht FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2017 01
durchgeführt von Nada (Administrator) auf NONNAME (03-05-2017 22:55:59)
Gestartet von D:\Users\käptnBlaubär\Downloads
Geladene Profile: Nada (Verfügbare Profile: Nada)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
() D:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) D:\Windows\System32\mqsvc.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(CyberGhost S.R.L) D:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) D:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) D:\Windows\System32\smartscreen.exe
(Microsoft Corporation) D:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [NvBackend] => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => D:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => D:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\Run: [CyberGhost] => D:\Program Files\CyberGhost 6\CyberGhost.exe [1229360 2017-03-22] (CyberGhost S.R.L.)
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-11] (Piriform Ltd)
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\MountPoints2: {96ef2f02-b7e1-11e6-affc-00241dcdd299} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\MountPoints2: {96ef3006-b7e1-11e6-affc-00241dcdd299} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\MountPoints2: {982a3fa4-8bac-11e6-8259-ac6d6fc2ffef} - "L:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled [2017-05-02] ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{5fc12dcf-8f58-4b1e-b714-1f3f22a18988}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5fc12dcf-8f58-4b1e-b714-1f3f22a18988}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{76bd2376-4dec-4907-811f-8ccb99843d19}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-10] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-10] (Oracle Corporation)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: D:\Users\käptnBlaubär\AppData\Roaming\Nvu\Profiles\rsb2mpcf.default [2016-12-27]
FF ProfilePath: D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904 [2017-05-03]
FF Homepage: Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904 -> Google.ch
FF NetworkProxy: Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904 -> type", 0
FF Extension: (Advanced Cookie Manager) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\cookiemgr@jayapal.com [2016-10-22]
FF Extension: (SQLite Manager) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-12-06]
FF Extension: (NoScript) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-22]
FF Extension: (Video DownloadHelper) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
FF Extension: (Adblock Plus) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (BetterPrivacy) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-12-21]
FF Extension: (DownThemAll!) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-20]
FF Extension: (Shield Recipe Client) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\features\{e75cc523-2972-4051-acdc-9ff1e83de574}\shield-recipe-client@mozilla.org.xpi [2017-04-29]
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\pandasecuritytb.xml [2017-01-02]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> D:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> D:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> D:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> D:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [Keine Datei]
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> D:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [Keine Datei]
Opera:
=======
OPR Extension: (360 Internet Protection) - D:\Users\käptnBlaubär\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2016-07-09]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; D:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; D:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-21] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.ServiceHost; D:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349096 2017-01-19] (Avira Operations GmbH & Co. KG)
R2 CG6Service; D:\Program Files\CyberGhost 6\CyberGhost.Service.exe [87088 2017-03-22] (CyberGhost S.R.L)
S3 IEEtwCollectorService; D:\Windows\system32\IEEtwCollector.exe [114688 2015-08-15] (Microsoft Corporation) [Datei ist nicht signiert]
R3 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 NvContainerLocalSystem; D:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S4 NvContainerNetworkService; D:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S4 NVIDIA Wireless Controller Service; D:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
S4 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2147216 2017-04-18] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3116440 2017-04-18] (Electronic Arts)
R2 PnkBstrA; D:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-09-29] ()
S4 RUBotSrv; D:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
S4 SandraAgentSrv; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe [73200 2014-10-06] (SiSoftware) [Datei ist nicht signiert]
S3 Sense; D:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; D:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
S3 WinDefend; D:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; D:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; D:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 avnetflt; D:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-21] (Avira Operations GmbH & Co. KG)
R0 avusbflt; D:\WINDOWS\System32\Drivers\avusbflt.sys [48584 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 cgnetfilter1521; D:\WINDOWS\System32\drivers\cgnetfilter1521.sys [84768 2017-03-22] (Windows (R) Win 7 DDK provider)
S3 eeCtrl; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-28] (Symantec Corporation)
S3 EraserUtilDrv11521; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [156912 2016-04-28] (Symantec Corporation)
S3 esihdrv; D:\Users\käptnBlaubär\AppData\Local\Temp\esihdrv.sys [191664 2017-05-03] (ESET) <==== ACHTUNG
R1 HssDRV6; D:\WINDOWS\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 MBAMSwissArmy; D:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-03] (Malwarebytes)
S3 MEMSWEEP2; D:\WINDOWS\system32\B108.tmp [6144 2009-06-18] (Sophos Plc) [Datei ist nicht signiert]
S3 NetAdapterCx; D:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; D:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R2 NPF; D:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NvStreamKms; D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; D:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
S3 PORTMON; D:\Users\käptnBlaubär\Desktop\security\security\sysinternals\PORTMSYS.SYS [28656 2017-04-27] (Systems Internals) [Datei ist nicht signiert]
U5 PROCMON23; D:\Windows\System32\Drivers\PROCMON23.sys [92344 2017-05-03] (Sysinternals - www.sysinternals.com)
S3 PSKMAD; D:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 rkhdrv40; D:\Windows\SysWow64\Drivers\rkhdrv40.sys [24320 2017-03-04] () [Datei ist nicht signiert]
S3 rspSanity; D:\WINDOWS\System32\DRIVERS\rspSanity64.sys [29752 2011-05-04] (Resplendence Software Projects Sp.)
R3 rt640x64; D:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 SANDRA; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S1 SAVRKBootTasks; D:\WINDOWS\SysWOW64\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc) [Datei ist nicht signiert]
R3 taphss6; D:\WINDOWS\System32\drivers\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 tapSF0901; D:\WINDOWS\System32\DRIVERS\tapSF0901.sys [39104 2015-07-31] (Spotflux, Inc.)
S3 WdBoot; D:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; D:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; D:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
U3 idsvc; kein ImagePath
S3 MFE_RR; \??\D:\Users\KPTNBL~1\AppData\Local\Temp\mfe_rr.sys [X] <==== ACHTUNG
U2 TMAgent; kein ImagePath
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2064-08-20 11:42 - 2017-05-02 19:45 - 00000000 ____D D:\Program Files\Common Files
2017-05-03 22:55 - 2017-05-03 22:55 - 00000000 ____D D:\Users\käptnBlaubär\Downloads\FRST-OlderVersion
2017-05-03 22:17 - 2017-05-03 22:17 - 00002599 _____ D:\Users\käptnBlaubär\Desktop\Neues Textdokument (3).txt
2017-05-03 22:11 - 2017-05-03 22:12 - 04102600 _____ D:\Users\käptnBlaubär\Downloads\AdwCleaner_6.046.exe
2017-05-03 21:11 - 2017-05-03 21:11 - 00001099 _____ D:\Users\käptnBlaubär\Desktop\start emergency kit scanner.exe - Verknüpfung.lnk
2017-05-03 21:09 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) D:\WINDOWS\SysWOW64\SAVRKBootTasks.sys
2017-05-03 18:40 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) D:\WINDOWS\system32\B108.tmp
2017-05-03 18:24 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) D:\WINDOWS\system32\6145.tmp
2017-05-03 18:17 - 2017-05-03 19:51 - 00000025 _____ D:\Users\käptnBlaubär\Desktop\Neues Textdokument (2).txt
2017-05-03 18:10 - 2017-05-03 18:23 - 00270830 _____ D:\TDSSKiller.3.1.0.15_03.05.2017_18.10.12_log.txt
2017-05-03 18:09 - 2017-05-03 18:09 - 04922400 _____ (AO Kaspersky Lab) D:\Users\käptnBlaubär\Downloads\tdsskiller.exe
2017-05-03 18:04 - 2017-05-02 20:23 - 06142592 _____ (ESET) D:\Users\käptnBlaubär\Desktop\sysinspector_nt64_deu.exe
2017-05-03 17:50 - 2017-05-03 17:50 - 00000000 ____D D:\CCE_Quarantine
2017-05-03 16:01 - 2017-05-03 18:00 - 00000000 ____D D:\Users\käptnBlaubär\Desktop\cce_x64
2017-05-03 09:23 - 2017-05-03 09:23 - 00000545 _____ D:\Users\käptnBlaubär\Desktop\JRT.txt
2017-05-03 07:21 - 2017-05-03 07:22 - 00001124 _____ D:\Users\käptnBlaubär\Downloads\GetSusp.xml
2017-05-02 22:46 - 2017-05-02 22:46 - 00000385 _____ D:\Users\käptnBlaubär\Desktop\Neues Textdokument.txt
2017-05-02 22:43 - 2017-05-02 23:35 - 00055940 _____ D:\Users\käptnBlaubär\Downloads\Addition.txt
2017-05-02 22:42 - 2017-05-03 22:56 - 00017295 _____ D:\Users\käptnBlaubär\Downloads\FRST.txt
2017-05-02 22:42 - 2017-05-03 22:55 - 00000000 ____D D:\FRST
2017-05-02 22:39 - 2017-05-02 22:39 - 00005245 _____ D:\Users\käptnBlaubär\Desktop\Hardware Interrupts and DPCs.txt
2017-05-02 22:34 - 2017-05-03 22:55 - 02428928 _____ (Farbar) D:\Users\käptnBlaubär\Downloads\FRST64.exe
2017-05-02 22:07 - 2017-05-03 07:22 - 00000061 ___RH D:\Users\käptnBlaubär\Downloads\GetSusp.opt
2017-05-02 20:50 - 2017-05-02 22:07 - 01517752 _____ (McAfee Inc.) D:\Users\käptnBlaubär\Downloads\getsusp.exe
2017-05-02 20:47 - 2017-05-02 22:28 - 00000000 ____D D:\Users\käptnBlaubär\Downloads\prozesseChecken
2017-05-02 20:23 - 2017-05-03 18:03 - 00000000 ____D D:\Users\käptnBlaubär\Downloads\Neuer Ordner
2017-05-02 20:23 - 2017-04-21 13:40 - 06142592 _____ (ESET) D:\Users\käptnBlaubär\Downloads\sysinspector_nt64_deu.exe
2017-05-02 20:16 - 2017-05-02 20:16 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\Returnil
2017-05-02 20:15 - 2017-05-02 20:15 - 04171056 _____ (F-Secure Corporation) D:\Users\käptnBlaubär\Downloads\fseasyclean.exe
2017-05-02 20:14 - 2017-05-02 20:14 - 00000000 ____D D:\ProgramData\Returnil
2017-05-02 19:52 - 2017-05-02 20:00 - 151693048 _____ D:\Users\käptnBlaubär\Downloads\hib7l53x.exe
2017-05-02 19:23 - 2017-05-02 19:23 - 00001421 _____ D:\Users\käptnBlaubär\Desktop\Norton Installation Files.lnk
2017-05-02 18:01 - 2017-05-02 18:01 - 00000000 ____D D:\Program Files\NETGATE
2017-05-02 17:53 - 2017-05-02 17:53 - 00000020 ___SH D:\Users\V.I.P.O ®\ntuser.ini
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\Vorlagen
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\Startmenü
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\Netzwerkumgebung
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\Lokale Einstellungen
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\Eigene Dateien
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\Druckumgebung
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\Documents\Eigene Videos
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\Documents\Eigene Musik
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\Documents\Eigene Bilder
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\AppData\Local\Verlauf
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\AppData\Local\Anwendungsdaten
2017-05-02 17:53 - 2017-05-02 17:53 - 00000000 _SHDL D:\Users\V.I.P.O ®\Anwendungsdaten
2017-05-02 17:52 - 2017-05-02 17:53 - 00000000 ____D D:\Users\V.I.P.O ®
2017-05-02 17:52 - 2017-01-02 11:48 - 00000000 ____D D:\Users\V.I.P.O ®\AppData\Local\Microsoft Help
2017-05-02 17:52 - 2016-10-09 20:02 - 00000000 ____D D:\Users\V.I.P.O ®\AppData\Roaming\Media Center Programs
2017-05-02 17:51 - 2017-05-02 17:52 - 00784152 _____ (McAfee, Inc.) D:\Users\käptnBlaubär\Downloads\rootkitremover.exe
2017-05-02 17:44 - 2017-05-02 17:44 - 26302024 _____ D:\Users\käptnBlaubär\Downloads\RogueKillerX64.exe
2017-05-02 17:26 - 2017-05-03 12:37 - 00092344 ____H (Sysinternals - www.sysinternals.com) D:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-05-02 12:29 - 2017-05-02 12:29 - 00001506 _____ D:\Users\Public\Desktop\Apowersoft kostenloser Bildschirmrekorder.lnk
2017-05-02 12:29 - 2017-05-02 12:29 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2017-05-02 12:29 - 2017-05-02 12:29 - 00000000 ____D D:\Program Files (x86)\Apowersoft
2017-05-01 20:18 - 2017-05-01 20:21 - 156705777 _____ D:\Users\käptnBlaubär\Downloads\GenYoutube.net_Metallica_-_One_-_How_to_Play_the_First_Solo_on_Guitar_-_Guitar_Lessons_-_Kirk_Hammett.MP4.mp4
2017-05-01 17:48 - 2017-05-01 17:48 - 00000000 ____D D:\ProgramData\Apowersoft
2017-05-01 11:55 - 2017-05-01 11:55 - 00000000 ____D D:\Users\käptnBlaubär\Downloads\OperaPortable
2017-05-01 11:35 - 2017-05-01 17:48 - 00000000 ____D D:\Users\käptnBlaubär\Documents\Apowersoft
2017-05-01 10:21 - 2017-05-01 10:33 - 38808920 _____ (Microsoft Corporation) D:\Users\käptnBlaubär\Downloads\FileFormatConverters.exe
2017-05-01 10:21 - 2017-05-01 10:25 - 368945248 _____ (Microsoft Corporation) D:\Users\käptnBlaubär\Downloads\office2007sp3-kb2526086-fullfile-en-us.exe
2017-05-01 10:21 - 2017-05-01 10:21 - 02549112 _____ (Microsoft Corporation) D:\Users\käptnBlaubär\Downloads\DefaultPack.EXE
2017-05-01 10:17 - 2017-05-01 10:17 - 00000286 _____ D:\Users\käptnBlaubär\Documents\Rahel Lanz.xml
2017-04-29 15:51 - 2017-04-29 16:18 - 01273071 _____ D:\Users\käptnBlaubär\Downloads\trojancheck.exe
2017-04-29 12:56 - 2017-05-03 09:31 - 00000000 ____D D:\Program Files (x86)\CMS2017
2017-04-29 11:38 - 2017-04-29 11:38 - 00000312 _____ D:\Users\käptnBlaubär\Documents\Dropa Apotheke Bern.xml
2017-04-29 11:19 - 2017-04-29 11:19 - 00012562 _____ D:\Users\käptnBlaubär\AppData\Local\Temp34.html
2017-04-29 11:19 - 2017-04-29 11:19 - 00001293 _____ D:\Users\käptnBlaubär\AppData\Local\Temp1.html
2017-04-29 11:18 - 2017-04-29 11:18 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanityCheck
2017-04-29 11:18 - 2017-04-29 11:18 - 00000000 ____D D:\Program Files\SanityCheck
2017-04-29 11:18 - 2011-05-04 11:36 - 00029752 _____ (Resplendence Software Projects Sp.) D:\WINDOWS\system32\Drivers\rspSanity64.sys
2017-04-29 11:16 - 2017-05-01 12:06 - 00001129 _____ D:\Users\käptnBlaubär\Desktop\TrojanHunter.lnk
2017-04-29 11:16 - 2017-05-01 12:06 - 00000000 ____D D:\ProgramData\TrojanHunter
2017-04-29 11:16 - 2017-05-01 12:06 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2017-04-29 11:16 - 2017-05-01 12:06 - 00000000 ____D D:\Program Files (x86)\TrojanHunter
2017-04-29 11:16 - 2017-04-29 11:16 - 04069672 _____ (Bytelayer AB ) D:\Users\käptnBlaubär\Downloads\TrojanHunterSetup.exe
2017-04-29 11:14 - 2017-04-29 11:15 - 06172208 _____ (Phrozen SASU) D:\Users\käptnBlaubär\Downloads\RunPEDetector.exe
2017-04-29 10:57 - 2017-04-29 10:58 - 00000000 ____D D:\NPE
2017-04-29 10:52 - 2017-04-29 23:01 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDAntiRansomware
2017-04-29 10:52 - 2017-04-29 11:08 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Local\NPE
2017-04-29 10:52 - 2017-04-29 10:52 - 04703248 _____ (Bitdefender ) D:\Users\käptnBlaubär\Downloads\BDAntiRansomwareSetup.exe
2017-04-29 10:52 - 2017-04-29 10:52 - 00000000 ____D D:\Program Files\Bitdefender
2017-04-29 10:50 - 2017-04-29 10:52 - 03435768 _____ (Symantec Corporation) D:\Users\käptnBlaubär\Downloads\NPE.exe
2017-04-29 10:15 - 2017-04-29 10:15 - 00001472 _____ D:\Users\käptnBlaubär\Desktop\Vorlage.exe - Verknüpfung.lnk
2017-04-28 17:33 - 2017-05-02 17:43 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-04-28 17:33 - 2017-05-02 17:43 - 00000000 ____D D:\Program Files\RogueKiller
2017-04-28 15:28 - 2017-04-28 15:28 - 00000000 ____D D:\Users\käptnBlaubär\Downloads\64-bit
2017-04-28 15:28 - 2017-04-28 15:28 - 00000000 ____D D:\Users\käptnBlaubär\Downloads\32-bit
2017-04-28 15:28 - 2017-04-28 15:28 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2017-04-28 15:28 - 2017-04-28 15:28 - 00000000 ____D D:\Program Files (x86)\NirSoft
2017-04-28 15:27 - 2017-04-28 15:27 - 00368016 _____ D:\Users\käptnBlaubär\Downloads\wnetwatcher211_setup.exe
2017-04-28 15:26 - 2017-04-28 15:29 - 164970170 _____ D:\Users\käptnBlaubär\Downloads\prtg172.zip
2017-04-28 11:15 - 2017-05-01 20:55 - 00000000 ____D D:\ProgramData\F-Secure
2017-04-28 11:14 - 2017-04-28 11:14 - 00380928 _____ D:\Users\käptnBlaubär\Downloads\gmer-2.2.19882.exe
2017-04-27 15:23 - 2017-05-02 12:29 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\Apowersoft
2017-04-27 14:55 - 2017-04-29 10:56 - 00517416 _____ D:\WINDOWS\system32\FNTCACHE.DAT
2017-04-27 14:52 - 2017-04-27 14:52 - 00335288 ____N (Protect Software GmbH) D:\WINDOWS\system32\Drivers\acedrv11.sys
2017-04-27 14:52 - 2017-04-27 14:52 - 00000000 ____D D:\Program Files (x86)\Windows Media Components
2017-04-27 12:40 - 2017-04-27 12:40 - 01512368 _____ (Ruiware) D:\Users\käptnBlaubär\Downloads\wp3411setup.exe
2017-04-25 20:08 - 2017-04-25 20:08 - 01183912 _____ (Opera Software) D:\Users\käptnBlaubär\Downloads\Opera_PortableSetup.exe
2017-04-25 16:44 - 2017-04-25 16:45 - 15042312 _____ (Goversoft LLC) D:\Users\käptnBlaubär\Downloads\PrivaZer.exe
2017-04-25 15:46 - 2017-04-25 15:46 - 00113194 _____ D:\Users\käptnBlaubär\Documents\cc_20170425_154638.reg
2017-04-25 13:25 - 2017-04-25 13:25 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Local\ESET
2017-04-25 12:12 - 2017-04-25 13:58 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\WinPatrol
2017-04-25 12:12 - 2017-04-25 13:58 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-04-24 21:53 - 2017-04-24 21:56 - 04102600 _____ D:\Users\käptnBlaubär\Desktop\adwcleaner_6.046.exe
2017-04-24 16:27 - 2017-04-24 16:27 - 00251832 _____ (Malwarebytes) D:\WINDOWS\system32\Drivers\0A4A123E.sys
2017-04-24 10:51 - 2017-04-24 10:51 - 00000278 _____ D:\Users\käptnBlaubär\Documents\Tiana KaramitrossAufgabe.xml
2017-04-24 10:16 - 2017-04-24 10:16 - 00251832 _____ (Malwarebytes) D:\WINDOWS\system32\Drivers\4D2575F2.sys
2017-04-23 10:28 - 2017-04-23 10:28 - 00000259 _____ D:\Users\käptnBlaubär\Documents\Seline SmolaAufgabe.xml
2017-04-21 10:44 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) D:\WINDOWS\system32\BEC5.tmp
2017-04-21 10:29 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) D:\WINDOWS\system32\9CE7.tmp
2017-04-21 10:09 - 2017-04-23 12:17 - 00000249 _____ D:\Users\käptnBlaubär\Documents\Rahel LanzAufgabe.xml
2017-04-20 16:02 - 2017-04-25 15:51 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Local\CyberGhost
2017-04-20 16:02 - 2017-04-20 16:02 - 00002076 _____ D:\Users\käptnBlaubär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk
2017-04-20 16:02 - 2017-04-20 16:02 - 00000000 ____D D:\Program Files\TAP-Windows
2017-04-20 16:02 - 2017-03-22 09:39 - 00084768 _____ (Windows (R) Win 7 DDK provider) D:\WINDOWS\system32\Drivers\cgnetfilter1521.sys
2017-04-20 16:01 - 2017-04-20 16:02 - 00000000 ____D D:\Program Files\CyberGhost 6
2017-04-20 16:01 - 2017-04-20 16:01 - 00001774 _____ D:\Users\käptnBlaubär\Desktop\CyberGhost 6.lnk
2017-04-20 16:01 - 2017-04-20 16:01 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
2017-04-20 09:24 - 2017-04-20 09:24 - 00001917 _____ D:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-20 09:24 - 2017-03-22 11:02 - 00077440 _____ D:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-20 09:22 - 2017-04-20 09:22 - 00000000 ____D D:\Program Files\McAfee
2017-04-20 09:00 - 2017-04-20 09:00 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\Simply Super Software
2017-04-20 08:59 - 2017-04-20 09:01 - 00000000 ____D D:\Program Files (x86)\Trojan Remover
2017-04-20 08:59 - 2017-04-20 08:59 - 00000000 ____D D:\ProgramData\Simply Super Software
2017-04-20 08:59 - 2017-04-20 08:59 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2017-04-18 21:09 - 2017-04-18 21:09 - 00034784 _____ (Sysinternals - www.sysinternals.com) D:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-04-17 14:03 - 2017-05-01 18:21 - 00001092 _____ D:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2017-04-17 10:39 - 2017-04-18 14:31 - 00001536 _____ D:\Users\käptnBlaubär\Desktop\MeineDaten.exe - Verknüpfung.lnk
2017-04-17 10:38 - 2017-04-18 14:36 - 00000000 ____D D:\Program Files (x86)\MeineDaten
2017-04-17 09:35 - 2017-04-17 09:35 - 00324943 _____ D:\Users\käptnBlaubär\Desktop\ICT.pdf
2017-04-17 09:20 - 2017-04-17 09:20 - 00270910 _____ D:\Users\käptnBlaubär\Documents\cc_20170417_092025.reg
2017-04-17 09:19 - 2017-04-17 09:19 - 00083976 _____ D:\Users\käptnBlaubär\Documents\cc_20170417_091942.reg
2017-04-17 09:09 - 2017-04-17 09:09 - 00000323 _____ D:\Users\käptnBlaubär\Documents\Tiana Karamitross.xml
2017-04-16 11:12 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) D:\WINDOWS\system32\C52B.tmp
2017-04-16 11:00 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) D:\WINDOWS\system32\5D7C.tmp
2017-04-16 08:48 - 2017-04-16 08:48 - 00000000 ____D D:\Users\käptnBlaubär\Documents\Visual Studio 2012
2017-04-15 16:38 - 2017-04-15 17:40 - 00000000 ____D D:\Users\käptnBlaubär\Doctor Web
2017-04-15 16:26 - 2017-04-15 16:42 - 00000000 ____D D:\esemi
2017-04-15 11:40 - 2017-04-15 11:40 - 00000000 ____D D:\TEMP
2017-04-14 21:45 - 2017-04-14 21:45 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\XMedia Recode
2017-04-14 21:34 - 2017-04-14 21:34 - 00001141 _____ D:\Users\Public\Desktop\XMedia Recode.lnk
2017-04-14 21:34 - 2017-04-14 21:34 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2017-04-14 21:34 - 2017-04-14 21:34 - 00000000 ____D D:\Program Files (x86)\XMedia Recode
2017-04-14 21:19 - 2017-04-27 10:52 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64 bits)
2017-04-14 21:13 - 2017-04-14 21:13 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\ScreenRecorder
2017-04-14 21:02 - 2017-04-14 21:15 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\FlashIntegro
2017-04-14 20:57 - 2017-04-14 20:57 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2017-04-14 20:57 - 2017-02-14 15:14 - 00071480 _____ (Flash-Integro LLC) D:\WINDOWS\SysWOW64\mslvddsfilter3.ax
2017-04-14 20:57 - 2011-12-07 18:32 - 00216064 _____ ( ) D:\WINDOWS\SysWOW64\Lagarith.dll
2017-04-14 20:57 - 2005-08-01 18:43 - 00245760 _____ () D:\WINDOWS\SysWOW64\lame.ax
2017-04-14 20:57 - 2004-12-10 09:03 - 00438272 _____ (On2.com) D:\WINDOWS\SysWOW64\vp6vfw.dll
2017-04-14 20:57 - 2004-09-06 15:06 - 00053248 _____ D:\WINDOWS\SysWOW64\xvid.ax
2017-04-14 20:57 - 2004-07-03 20:08 - 00139264 _____ D:\WINDOWS\SysWOW64\xvidvfw.dll
2017-04-14 20:57 - 2004-07-03 19:59 - 00524288 _____ D:\WINDOWS\SysWOW64\xvidcore.dll
2017-04-14 20:57 - 2004-02-04 20:11 - 00081920 _____ (fccHandler) D:\WINDOWS\SysWOW64\AC3ACM.acm
2017-04-14 20:57 - 2003-05-22 11:26 - 00638976 _____ (DivXNetworks, Inc.) D:\WINDOWS\SysWOW64\divx.dll
2017-04-14 20:57 - 2003-05-22 11:26 - 00221215 _____ (DivXNetworks, Inc.) D:\WINDOWS\SysWOW64\divxdec.ax
2017-04-14 20:57 - 2003-05-21 22:50 - 00261632 _____ (MainConcept) D:\WINDOWS\SysWOW64\mcdvd_32.dll
2017-04-14 20:57 - 2003-05-21 22:50 - 00156910 _____ D:\WINDOWS\WMSysPr8.prx
2017-04-14 20:57 - 2003-05-21 22:50 - 00082944 _____ (Voxware, Inc.) D:\WINDOWS\SysWOW64\vct3216.acm
2017-04-14 20:57 - 2003-05-21 22:50 - 00038912 _____ (NCT Company) D:\WINDOWS\SysWOW64\alf2cd.acm
2017-04-14 20:57 - 2003-05-21 22:50 - 00024576 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\msxml3a.dll
2017-04-14 20:57 - 2003-03-25 04:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) D:\WINDOWS\SysWOW64\L3CODECX.AX
2017-04-14 20:57 - 2002-08-19 23:41 - 00413760 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mpg4c32.dll
2017-04-14 20:57 - 2000-03-14 19:55 - 00013239 _____ (SHARP Corporation) D:\WINDOWS\SysWOW64\Scg726.acm
2017-04-14 19:50 - 2017-04-14 20:17 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\DVDVideoSoft
2017-04-14 19:47 - 2017-04-14 19:48 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\Cuttermaran
2017-04-14 16:38 - 2017-04-14 16:38 - 00000000 ____D D:\Users\Public\Downloads\Norton
2017-04-14 16:15 - 2017-04-14 16:17 - 00000000 ____D D:\ProgramData\RogueKillerPE
2017-04-14 14:17 - 2017-04-14 16:12 - 00000000 ____D D:\ProgramData\RogueKiller
2017-04-14 10:37 - 2017-04-14 10:37 - 00001452 _____ D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-04-14 10:37 - 2017-04-14 10:37 - 00001383 _____ D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-04-14 10:37 - 2017-04-14 10:37 - 00000000 ____D D:\WINDOWS\de
2017-04-14 10:35 - 2017-04-14 10:36 - 00000000 ____D D:\Program Files (x86)\Windows Live
2017-04-14 10:35 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) D:\WINDOWS\system32\XAudio2_7.dll
2017-04-14 10:35 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) D:\WINDOWS\system32\XAPOFX1_5.dll
2017-04-14 10:35 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) D:\WINDOWS\system32\D3DCompiler_43.dll
2017-04-14 10:34 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) D:\WINDOWS\system32\d3dx10_42.dll
2017-04-14 10:33 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) D:\WINDOWS\system32\d3dx9_32.dll
2017-04-14 10:31 - 2017-04-18 11:53 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Local\Windows Live
2017-04-13 09:35 - 2017-05-03 22:32 - 00251832 _____ (Malwarebytes) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-13 09:35 - 2017-05-02 17:27 - 00109272 _____ (Malwarebytes) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-04-12 18:15 - 2017-04-12 18:15 - 00251832 _____ (Malwarebytes) D:\WINDOWS\system32\Drivers\01833B41.sys
2017-04-12 11:34 - 2017-04-13 08:12 - 00024064 _____ D:\Users\käptnBlaubär\DocumentsSwicaPolice.pdf
2017-04-12 11:34 - 2017-04-12 11:34 - 00024064 _____ D:\Users\käptnBlaubär\Documentsf.txt
2017-04-12 11:28 - 2017-04-12 11:28 - 00000030 _____ D:\Users\käptnBlaubär\Documents\MyTest.txt
2017-04-11 22:25 - 2017-04-11 22:25 - 00002852 _____ D:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-04-11 21:35 - 2017-04-11 21:35 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\EurekaLog
2017-04-11 19:37 - 2017-03-28 09:10 - 00484584 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\AudioSes.dll
2017-04-11 19:37 - 2017-03-28 09:10 - 00315744 _____ (Adobe Systems Incorporated) D:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 19:37 - 2017-03-28 08:32 - 00198856 _____ (Microsoft Corporation) D:\WINDOWS\system32\wscapi.dll
2017-04-11 19:37 - 2017-03-28 08:29 - 02213248 _____ (Microsoft Corporation) D:\WINDOWS\system32\KernelBase.dll
2017-04-11 19:37 - 2017-03-28 08:28 - 00773720 _____ (Microsoft Corporation) D:\WINDOWS\system32\oleaut32.dll
2017-04-11 19:37 - 2017-03-28 08:26 - 00218520 _____ (Microsoft Corporation) D:\WINDOWS\system32\LsaIso.exe
2017-04-11 19:37 - 2017-03-28 08:21 - 00167848 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 19:37 - 2017-03-28 08:20 - 01181024 _____ (Microsoft Corporation) D:\WINDOWS\system32\Drivers\ndis.sys
2017-04-11 19:37 - 2017-03-28 08:19 - 00601712 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 19:37 - 2017-03-28 08:18 - 01705976 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 19:37 - 2017-03-28 08:15 - 02048496 _____ D:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 19:37 - 2017-03-28 08:11 - 01860288 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-04-11 19:37 - 2017-03-28 08:11 - 00360040 _____ (Microsoft Corporation) D:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-04-11 19:37 - 2017-03-28 08:10 - 07220184 _____ (Microsoft Corporation) D:\WINDOWS\system32\windows.storage.dll
2017-04-11 19:37 - 2017-03-28 08:10 - 01293152 _____ (Microsoft Corporation) D:\WINDOWS\system32\LicenseManager.dll
2017-04-11 19:37 - 2017-03-28 08:09 - 00097128 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-11 19:37 - 2017-03-28 08:07 - 00263472 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-11 19:37 - 2017-03-28 08:06 - 00092512 _____ (Microsoft Corporation) D:\WINDOWS\system32\rdpudd.dll
2017-04-11 19:37 - 2017-03-28 08:05 - 22221368 _____ (Microsoft Corporation) D:\WINDOWS\system32\shell32.dll
2017-04-11 19:37 - 2017-03-28 08:05 - 08168512 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 19:37 - 2017-03-28 08:05 - 04260576 _____ (Microsoft Corporation) D:\WINDOWS\system32\mfcore.dll
2017-04-11 19:37 - 2017-03-28 08:05 - 01988048 _____ (Microsoft Corporation) D:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-11 19:37 - 2017-03-28 08:05 - 01848584 _____ (Microsoft Corporation) D:\WINDOWS\system32\mfsrcsnk.dll
2017-04-11 19:37 - 2017-03-28 08:05 - 01702392 _____ (Microsoft Corporation) D:\WINDOWS\system32\mfasfsrcsnk.dll
2017-04-11 19:37 - 2017-03-28 08:05 - 01504056 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 19:37 - 2017-03-28 08:05 - 01302136 _____ (Microsoft Corporation) D:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-04-11 19:37 - 2017-03-28 08:05 - 01072248 _____ (Microsoft Corporation) D:\WINDOWS\system32\mfnetcore.dll
2017-04-11 19:37 - 2017-03-28 08:04 - 05721808 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 19:37 - 2017-03-28 08:04 - 02262776 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 19:37 - 2017-03-28 08:04 - 01431232 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-11 19:37 - 2017-03-28 08:04 - 00975744 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-04-11 19:37 - 2017-03-28 08:04 - 00861024 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\LicenseManager.dll
2017-04-11 19:37 - 2017-03-28 08:04 - 00277344 _____ (Microsoft Corporation) D:\WINDOWS\system32\Drivers\msiscsi.sys
2017-04-11 19:37 - 2017-03-28 08:04 - 00136032 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-04-11 19:37 - 2017-03-28 08:04 - 00116568 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-04-11 19:37 - 2017-03-28 08:02 - 01980768 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\msxml6.dll
2017-04-11 19:37 - 2017-03-28 08:02 - 00846560 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\WinTypes.dll
2017-04-11 19:37 - 2017-03-28 08:02 - 00576408 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\wer.dll
2017-04-11 19:37 - 2017-03-28 07:59 - 06667520 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 19:37 - 2017-03-28 07:59 - 04023008 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mfcore.dll
2017-04-11 19:37 - 2017-03-28 07:59 - 02533728 _____ (Microsoft Corporation) D:\WINDOWS\system32\Drivers\tcpip.sys
2017-04-11 19:37 - 2017-03-28 07:58 - 20967840 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\shell32.dll
2017-04-11 19:37 - 2017-03-28 07:58 - 01851688 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-11 19:37 - 2017-03-28 07:58 - 01360464 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-04-11 19:37 - 2017-03-28 07:58 - 01344448 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-04-11 19:37 - 2017-03-28 07:58 - 01277856 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-04-11 19:37 - 2017-03-28 07:58 - 01202936 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-04-11 19:37 - 2017-03-28 07:58 - 00981888 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mfnetcore.dll
2017-04-11 19:37 - 2017-03-28 07:58 - 00961192 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 19:37 - 2017-03-28 07:58 - 00387872 _____ (Microsoft Corporation) D:\WINDOWS\system32\wmpps.dll
2017-04-11 19:37 - 2017-03-28 07:53 - 01414728 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-11 19:37 - 2017-03-28 07:53 - 00545944 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 19:37 - 2017-03-28 07:52 - 00306800 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-04-11 19:37 - 2017-03-28 07:48 - 05685760 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-04-11 19:37 - 2017-03-28 07:42 - 00095232 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 19:37 - 2017-03-28 07:42 - 00051712 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\usoapi.dll
2017-04-11 19:37 - 2017-03-28 07:41 - 00415744 _____ (Microsoft Corporation) D:\WINDOWS\system32\rdpshell.exe
2017-04-11 19:37 - 2017-03-28 07:41 - 00299008 _____ (Microsoft Corporation) D:\WINDOWS\system32\rdpinit.exe
2017-04-11 19:37 - 2017-03-28 07:41 - 00026112 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 19:37 - 2017-03-28 07:40 - 00224256 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\ExSMime.dll
2017-04-11 19:37 - 2017-03-28 07:40 - 00049664 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2017-04-11 19:37 - 2017-03-28 07:40 - 00037376 _____ (Adobe Systems) D:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 19:37 - 2017-03-28 07:39 - 00141824 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-04-11 19:37 - 2017-03-28 07:39 - 00040960 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-04-11 19:37 - 2017-03-28 07:38 - 00156672 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-04-11 19:37 - 2017-03-28 07:38 - 00119808 _____ (Microsoft Corporation) D:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 19:37 - 2017-03-28 07:38 - 00070656 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-11 19:37 - 2017-03-28 07:37 - 00255488 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 19:37 - 2017-03-28 07:37 - 00215552 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\apds.dll
2017-04-11 19:37 - 2017-03-28 07:37 - 00177664 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-11 19:37 - 2017-03-28 07:37 - 00138240 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\DisplayManager.dll
2017-04-11 19:37 - 2017-03-28 07:37 - 00123904 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-04-11 19:37 - 2017-03-28 07:37 - 00097792 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-04-11 19:37 - 2017-03-28 07:37 - 00053248 _____ (Microsoft Corporation) D:\WINDOWS\system32\musdialoghandlers.dll
2017-04-11 19:37 - 2017-03-28 07:37 - 00041472 _____ (Microsoft Corporation) D:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 19:37 - 2017-03-28 07:36 - 00769024 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\ipsecsnp.dll
2017-04-11 19:37 - 2017-03-28 07:36 - 00237568 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-04-11 19:37 - 2017-03-28 07:36 - 00136192 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-04-11 19:37 - 2017-03-28 07:36 - 00129024 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-11 19:37 - 2017-03-28 07:36 - 00123904 _____ (Microsoft Corporation) D:\WINDOWS\system32\mssprxy.dll
2017-04-11 19:37 - 2017-03-28 07:36 - 00094208 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-11 19:37 - 2017-03-28 07:36 - 00087040 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 19:37 - 2017-03-28 07:36 - 00059904 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-11 19:37 - 2017-03-28 07:36 - 00056320 _____ (Microsoft Corporation) D:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-04-11 19:37 - 2017-03-28 07:35 - 00505856 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\bcastdvr.exe
2017-04-11 19:37 - 2017-03-28 07:35 - 00392192 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-04-11 19:37 - 2017-03-28 07:35 - 00374784 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-11 19:37 - 2017-03-28 07:35 - 00315904 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 19:37 - 2017-03-28 07:35 - 00233472 _____ (Microsoft Corporation) D:\WINDOWS\system32\MusNotification.exe
2017-04-11 19:37 - 2017-03-28 07:35 - 00231936 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-11 19:37 - 2017-03-28 07:35 - 00184320 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-04-11 19:37 - 2017-03-28 07:35 - 00180224 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-11 19:37 - 2017-03-28 07:35 - 00142336 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-04-11 19:37 - 2017-03-28 07:35 - 00118272 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-04-11 19:37 - 2017-03-28 07:35 - 00113152 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-04-11 19:37 - 2017-03-28 07:35 - 00093696 _____ (Microsoft Corporation) D:\WINDOWS\system32\MusNotificationUx.exe
2017-04-11 19:37 - 2017-03-28 07:35 - 00092672 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-11 19:37 - 2017-03-28 07:34 - 00299520 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-04-11 19:37 - 2017-03-28 07:34 - 00237568 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\SyncSettings.dll
2017-04-11 19:37 - 2017-03-28 07:34 - 00117760 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\AuthBroker.dll
2017-04-11 19:37 - 2017-03-28 07:34 - 00115712 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-11 19:37 - 2017-03-28 07:33 - 00670208 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-11 19:37 - 2017-03-28 07:33 - 00609280 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-04-11 19:37 - 2017-03-28 07:33 - 00557568 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-11 19:37 - 2017-03-28 07:33 - 00483840 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-11 19:37 - 2017-03-28 07:33 - 00467968 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 19:37 - 2017-03-28 07:33 - 00436736 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\ipsmsnap.dll
2017-04-11 19:37 - 2017-03-28 07:33 - 00265728 _____ D:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-04-11 19:37 - 2017-03-28 07:33 - 00193536 _____ (Microsoft Corporation) D:\WINDOWS\system32\WinRtTracing.dll
2017-04-11 19:37 - 2017-03-28 07:33 - 00149504 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 01243136 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00562176 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00426496 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00386048 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00332288 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00325120 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\oleacc.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00298496 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00284672 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00271360 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\deviceaccess.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00223232 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-11 19:37 - 2017-03-28 07:32 - 00218624 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\WwaApi.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00206336 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\vaultcli.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00202752 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00185856 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00175616 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-04-11 19:37 - 2017-03-28 07:32 - 00125952 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 19:37 - 2017-03-28 07:31 - 00711680 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\wuapi.dll
2017-04-11 19:37 - 2017-03-28 07:31 - 00498688 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-04-11 19:37 - 2017-03-28 07:31 - 00431616 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\efswrt.dll
2017-04-11 19:37 - 2017-03-28 07:31 - 00390656 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-04-11 19:37 - 2017-03-28 07:31 - 00337408 _____ (Microsoft Corporation) D:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-04-11 19:37 - 2017-03-28 07:30 - 00846336 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\WebcamUi.dll
2017-04-11 19:37 - 2017-03-28 07:30 - 00819200 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\AppContracts.dll
2017-04-11 19:37 - 2017-03-28 07:30 - 00816640 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-04-11 19:37 - 2017-03-28 07:30 - 00787968 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\sbe.dll
2017-04-11 19:37 - 2017-03-28 07:30 - 00748544 _____ (Microsoft Corporation) D:\WINDOWS\system32\StoreAgent.dll
2017-04-11 19:37 - 2017-03-28 07:30 - 00262144 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-04-11 19:37 - 2017-03-28 07:30 - 00075264 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\updatepolicy.dll
2017-04-11 19:37 - 2017-03-28 07:29 - 00747520 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-04-11 19:37 - 2017-03-28 07:29 - 00590336 _____ (Microsoft Corporation) D:\WINDOWS\system32\efswrt.dll
2017-04-11 19:37 - 2017-03-28 07:29 - 00529920 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-04-11 19:37 - 2017-03-28 07:29 - 00314368 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-04-11 19:37 - 2017-03-28 07:29 - 00293888 _____ (Microsoft Corporation) D:\WINDOWS\system32\updatehandlers.dll
2017-04-11 19:37 - 2017-03-28 07:29 - 00284672 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-04-11 19:37 - 2017-03-28 07:29 - 00238080 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-04-11 19:37 - 2017-03-28 07:29 - 00216576 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-04-11 19:37 - 2017-03-28 07:28 - 00755712 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 19:37 - 2017-03-28 07:28 - 00584192 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-11 19:37 - 2017-03-28 07:28 - 00561664 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-04-11 19:37 - 2017-03-28 07:28 - 00551936 _____ (Microsoft Corporation) D:\WINDOWS\system32\MusUpdateHandlers.dll
2017-04-11 19:37 - 2017-03-28 07:28 - 00500224 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-04-11 19:37 - 2017-03-28 07:28 - 00456192 _____ (Microsoft Corporation) D:\WINDOWS\system32\puiobj.dll
2017-04-11 19:37 - 2017-03-28 07:28 - 00358912 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-04-11 19:37 - 2017-03-28 07:27 - 01388544 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.UI.Cred.dll
2017-04-11 19:37 - 2017-03-28 07:27 - 00671744 _____ (Microsoft Corporation) D:\WINDOWS\system32\mbsmsapi.dll
2017-04-11 19:37 - 2017-03-28 07:27 - 00441856 _____ (Microsoft Corporation) D:\WINDOWS\system32\AccountsRt.dll
2017-04-11 19:37 - 2017-03-28 07:27 - 00288256 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-04-11 19:37 - 2017-03-28 07:27 - 00245760 _____ (Microsoft Corporation) D:\WINDOWS\system32\WwaApi.dll
2017-04-11 19:37 - 2017-03-28 07:26 - 01534464 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-11 19:37 - 2017-03-28 07:26 - 01145344 _____ (Microsoft Corporation) D:\WINDOWS\system32\EmailApis.dll
2017-04-11 19:37 - 2017-03-28 07:26 - 00642048 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-04-11 19:37 - 2017-03-28 07:26 - 00549376 _____ (Microsoft Corporation) D:\WINDOWS\system32\usocore.dll
2017-04-11 19:37 - 2017-03-28 07:26 - 00468992 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-11 19:37 - 2017-03-28 07:26 - 00313856 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-04-11 19:37 - 2017-03-28 07:25 - 02333184 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\WsmSvc.dll
2017-04-11 19:37 - 2017-03-28 07:25 - 01196544 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\wscui.cpl
2017-04-11 19:37 - 2017-03-28 07:25 - 00963584 _____ (Microsoft Corporation) D:\WINDOWS\system32\WebcamUi.dll
2017-04-11 19:37 - 2017-03-28 07:25 - 00653312 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-04-11 19:37 - 2017-03-28 07:24 - 06474752 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mspaint.exe
2017-04-11 19:37 - 2017-03-28 07:24 - 06288384 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Media.dll
2017-04-11 19:37 - 2017-03-28 07:24 - 04614656 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Media.dll
2017-04-11 19:37 - 2017-03-28 07:24 - 00901120 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-11 19:37 - 2017-03-28 07:24 - 00675840 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-04-11 19:37 - 2017-03-28 07:23 - 03733504 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 19:37 - 2017-03-28 07:23 - 00886272 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\aadtb.dll
2017-04-11 19:37 - 2017-03-28 07:23 - 00589312 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-04-11 19:37 - 2017-03-28 07:23 - 00395264 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-04-11 19:37 - 2017-03-28 07:22 - 00516096 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\wlidcli.dll
2017-04-11 19:37 - 2017-03-28 07:22 - 00355328 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-04-11 19:37 - 2017-03-28 07:22 - 00175616 _____ (Microsoft Corporation) D:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-11 19:37 - 2017-03-28 07:22 - 00157696 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-04-11 19:37 - 2017-03-28 07:21 - 03778048 _____ (Microsoft Corporation) D:\WINDOWS\system32\MFMediaEngine.dll
2017-04-11 19:37 - 2017-03-28 07:21 - 01403392 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Media.Editing.dll
2017-04-11 19:37 - 2017-03-28 07:21 - 01077760 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-04-11 19:37 - 2017-03-28 07:21 - 00458752 _____ (Microsoft Corporation) D:\WINDOWS\system32\RTMediaFrame.dll
2017-04-11 19:37 - 2017-03-28 07:20 - 03307008 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-04-11 19:37 - 2017-03-28 07:20 - 00795648 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-04-11 19:37 - 2017-03-28 07:20 - 00078336 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 19:37 - 2017-03-28 07:19 - 07655424 _____ (Microsoft Corporation) D:\WINDOWS\system32\mos.dll
2017-04-11 19:37 - 2017-03-28 07:19 - 00864256 _____ (Microsoft Corporation) D:\WINDOWS\system32\wpnapps.dll
2017-04-11 19:37 - 2017-03-28 07:19 - 00746496 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\msdtcprx.dll
2017-04-11 19:37 - 2017-03-28 07:19 - 00713216 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-11 19:37 - 2017-03-28 07:19 - 00343040 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-04-11 19:37 - 2017-03-28 07:19 - 00248832 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\dlnashext.dll
2017-04-11 19:37 - 2017-03-28 07:19 - 00141312 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\dialclient.dll
2017-04-11 19:37 - 2017-03-28 07:18 - 01255936 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 19:37 - 2017-03-28 07:18 - 01078784 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-04-11 19:37 - 2017-03-28 07:17 - 06109696 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mos.dll
2017-04-11 19:37 - 2017-03-28 07:17 - 00895488 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-04-11 19:37 - 2017-03-28 07:17 - 00220672 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-04-11 19:37 - 2017-03-28 07:17 - 00090624 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 19:37 - 2017-03-28 07:16 - 03198464 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\cdp.dll
2017-04-11 19:37 - 2017-03-28 07:16 - 01221120 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-04-11 19:37 - 2017-03-28 07:16 - 01217024 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Media.Audio.dll
2017-04-11 19:37 - 2017-03-28 07:16 - 00134144 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-04-11 19:37 - 2017-03-28 07:15 - 02390016 _____ (Microsoft Corporation) D:\WINDOWS\system32\smartscreen.exe
2017-04-11 19:37 - 2017-03-28 07:15 - 01247232 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-04-11 19:37 - 2017-03-28 07:14 - 07468544 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mstscax.dll
2017-04-11 19:37 - 2017-03-28 07:14 - 03520512 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-04-11 19:37 - 2017-03-28 07:14 - 01080320 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-04-11 19:37 - 2017-03-28 07:14 - 00947712 _____ (Microsoft Corporation) D:\WINDOWS\system32\MSVP9DEC.dll
2017-04-11 19:37 - 2017-03-28 07:14 - 00641024 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-04-11 19:37 - 2017-03-28 07:14 - 00400384 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-11 19:37 - 2017-03-28 07:14 - 00357376 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Geolocation.dll
2017-04-11 19:37 - 2017-03-28 07:14 - 00103936 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-04-11 19:37 - 2017-03-28 07:13 - 04596224 _____ (Microsoft Corporation) D:\WINDOWS\system32\xpsrchvw.exe
2017-04-11 19:37 - 2017-03-28 07:13 - 02138112 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\InputService.dll
2017-04-11 19:37 - 2017-03-28 07:13 - 01656320 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-04-11 19:37 - 2017-03-28 07:13 - 01232384 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-11 19:37 - 2017-03-28 07:13 - 01170944 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-04-11 19:37 - 2017-03-28 07:13 - 00816640 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.UI.dll
2017-04-11 19:37 - 2017-03-28 07:13 - 00611328 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-04-11 19:37 - 2017-03-28 07:13 - 00079360 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 02682880 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\netshell.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 01013248 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 01004544 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 00862208 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 00846336 _____ (Microsoft Corporation) D:\WINDOWS\system32\MbaeApiPublic.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 00827904 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 00691200 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\TokenBroker.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 00654336 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 00620544 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.UI.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 00598528 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Web.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 00566784 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\ShareHost.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 00542208 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-11 19:37 - 2017-03-28 07:12 - 00348160 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-04-11 19:37 - 2017-03-28 07:11 - 02994176 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-11 19:37 - 2017-03-28 07:11 - 02646528 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 19:37 - 2017-03-28 07:11 - 01981440 _____ (Microsoft Corporation) D:\WINDOWS\system32\diagtrack.dll
2017-04-11 19:37 - 2017-03-28 07:11 - 01600000 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 19:37 - 2017-03-28 07:11 - 01576448 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\actxprxy.dll
2017-04-11 19:37 - 2017-03-28 07:11 - 01170944 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-11 19:37 - 2017-03-28 07:11 - 00765440 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-04-11 19:37 - 2017-03-28 07:11 - 00751104 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-11 19:37 - 2017-03-28 07:10 - 08076288 _____ (Microsoft Corporation) D:\WINDOWS\system32\mstscax.dll
2017-04-11 19:37 - 2017-03-28 07:10 - 02483200 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 19:37 - 2017-03-28 07:10 - 02424320 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-04-11 19:37 - 2017-03-28 07:10 - 01424896 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-04-11 19:37 - 2017-03-28 07:10 - 01266176 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-04-11 19:37 - 2017-03-28 07:10 - 00391168 _____ (Microsoft Corporation) D:\WINDOWS\system32\wuuhext.dll
2017-04-11 19:37 - 2017-03-28 07:09 - 04149248 _____ (Microsoft Corporation) D:\WINDOWS\system32\rdpcorets.dll
2017-04-11 19:37 - 2017-03-28 07:09 - 03106304 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mstsc.exe
2017-04-11 19:37 - 2017-03-28 07:09 - 01369088 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-04-11 19:37 - 2017-03-28 07:08 - 01564160 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 19:37 - 2017-03-28 07:08 - 00783360 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-04-11 19:37 - 2017-03-28 07:08 - 00299008 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\RADCUI.dll
2017-04-11 19:37 - 2017-03-28 07:06 - 00999424 _____ (Microsoft Corporation) D:\WINDOWS\system32\TSWorkspace.dll
2017-04-11 19:37 - 2017-03-28 06:48 - 00483840 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 19:36 - 2017-03-28 08:36 - 01617760 _____ (Microsoft Corporation) D:\WINDOWS\system32\appraiser.dll
2017-04-11 19:36 - 2017-03-28 08:36 - 01294688 _____ (Microsoft Corporation) D:\WINDOWS\system32\aeinv.dll
2017-04-11 19:36 - 2017-03-28 08:36 - 00565088 _____ (Microsoft Corporation) D:\WINDOWS\system32\devinv.dll
2017-04-11 19:36 - 2017-03-28 08:36 - 00343904 _____ (Microsoft Corporation) D:\WINDOWS\system32\invagent.dll
2017-04-11 19:36 - 2017-03-28 08:36 - 00142176 _____ (Microsoft Corporation) D:\WINDOWS\system32\acmigration.dll
2017-04-11 19:36 - 2017-03-28 08:35 - 00379232 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\atmfd.dll
2017-04-11 19:36 - 2017-03-28 08:28 - 07786336 _____ (Microsoft Corporation) D:\WINDOWS\system32\ntoskrnl.exe
2017-04-11 19:36 - 2017-03-28 08:26 - 00754528 _____ (Microsoft Corporation) D:\WINDOWS\system32\AppVOrchestration.dll
2017-04-11 19:36 - 2017-03-28 08:26 - 00603488 _____ (Microsoft Corporation) D:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-04-11 19:36 - 2017-03-28 08:26 - 00573280 _____ (Microsoft Corporation) D:\WINDOWS\system32\AppVCatalog.dll
2017-04-11 19:36 - 2017-03-28 08:22 - 02681200 _____ D:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 19:36 - 2017-03-28 08:20 - 00764392 _____ (Microsoft Corporation) D:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 19:36 - 2017-03-28 08:12 - 00328008 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-04-11 19:36 - 2017-03-28 08:11 - 02187616 _____ (Microsoft Corporation) D:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 19:36 - 2017-03-28 08:11 - 01738560 _____ (Microsoft Corporation) D:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 19:36 - 2017-03-28 08:11 - 00402784 _____ (Microsoft Corporation) D:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 19:36 - 2017-03-28 08:10 - 02758648 _____ (Microsoft Corporation) D:\WINDOWS\system32\iertutil.dll
2017-04-11 19:36 - 2017-03-28 08:10 - 01157008 _____ (Microsoft Corporation) D:\WINDOWS\system32\twinapi.appcore.dll
2017-04-11 19:36 - 2017-03-28 08:10 - 00178528 _____ (Microsoft Corporation) D:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-04-11 19:36 - 2017-03-28 08:10 - 00146776 _____ (Microsoft Corporation) D:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-04-11 19:36 - 2017-03-28 08:09 - 02446704 _____ (Microsoft Corporation) D:\WINDOWS\system32\msxml6.dll
2017-04-11 19:36 - 2017-03-28 08:09 - 00682816 _____ (Microsoft Corporation) D:\WINDOWS\system32\wer.dll
2017-04-11 19:36 - 2017-03-28 08:09 - 00624048 _____ (Microsoft Corporation) D:\WINDOWS\system32\Drivers\cng.sys
2017-04-11 19:36 - 2017-03-28 08:08 - 01267504 _____ (Microsoft Corporation) D:\WINDOWS\system32\WinTypes.dll
2017-04-11 19:36 - 2017-03-28 08:08 - 01100128 _____ (Microsoft Corporation) D:\WINDOWS\system32\hvix64.exe
2017-04-11 19:36 - 2017-03-28 08:08 - 00989024 _____ (Microsoft Corporation) D:\WINDOWS\system32\hvax64.exe
2017-04-11 19:36 - 2017-03-28 08:04 - 01600632 _____ (Microsoft Corporation) D:\WINDOWS\system32\sppobjs.dll
2017-04-11 19:36 - 2017-03-28 08:04 - 01276760 _____ (Microsoft Corporation) D:\WINDOWS\system32\ole32.dll
2017-04-11 19:36 - 2017-03-28 08:04 - 00241504 _____ (Microsoft Corporation) D:\WINDOWS\system32\CloudExperienceHost.dll
2017-04-11 19:36 - 2017-03-28 08:04 - 00160088 _____ (Microsoft Corporation) D:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-04-11 19:36 - 2017-03-28 08:00 - 01569184 _____ (Microsoft Corporation) D:\WINDOWS\system32\gdi32full.dll
2017-04-11 19:36 - 2017-03-28 08:00 - 00628552 _____ (Microsoft Corporation) D:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 19:36 - 2017-03-28 07:58 - 00372440 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-04-11 19:36 - 2017-03-28 07:44 - 07216640 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-04-11 19:36 - 2017-03-28 07:41 - 00372736 _____ (Microsoft Corporation) D:\WINDOWS\system32\RDXTaskFactory.dll
2017-04-11 19:36 - 2017-03-28 07:38 - 00584192 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 19:36 - 2017-03-28 07:38 - 00081408 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-11 19:36 - 2017-03-28 07:37 - 22568960 _____ (Microsoft Corporation) D:\WINDOWS\system32\edgehtml.dll
2017-04-11 19:36 - 2017-03-28 07:37 - 00078848 _____ (Microsoft Corporation) D:\WINDOWS\system32\XblAuthManagerProxy.dll
2017-04-11 19:36 - 2017-03-28 07:37 - 00031232 _____ (Microsoft Corporation) D:\WINDOWS\system32\DdcWnsListener.dll
2017-04-11 19:36 - 2017-03-28 07:36 - 00584192 _____ (Microsoft Corporation) D:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 19:36 - 2017-03-28 07:36 - 00216576 _____ (Microsoft Corporation) D:\WINDOWS\system32\RdpRelayTransport.dll
2017-04-11 19:36 - 2017-03-28 07:36 - 00045056 _____ (Adobe Systems) D:\WINDOWS\system32\atmlib.dll
2017-04-11 19:36 - 2017-03-28 07:36 - 00030208 _____ (Microsoft Corporation) D:\WINDOWS\system32\odbcconf.dll
2017-04-11 19:36 - 2017-03-28 07:35 - 00185344 _____ (Microsoft Corporation) D:\WINDOWS\system32\DisplayManager.dll
2017-04-11 19:36 - 2017-03-28 07:35 - 00156160 _____ (Microsoft Corporation) D:\WINDOWS\system32\Family.Client.dll
2017-04-11 19:36 - 2017-03-28 07:35 - 00124416 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-04-11 19:36 - 2017-03-28 07:35 - 00090624 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-04-11 19:36 - 2017-03-28 07:34 - 00295424 _____ (Microsoft Corporation) D:\WINDOWS\system32\unimdm.tsp
2017-04-11 19:36 - 2017-03-28 07:34 - 00259072 _____ (Microsoft Corporation) D:\WINDOWS\system32\Family.SyncEngine.dll
2017-04-11 19:36 - 2017-03-28 07:34 - 00162304 _____ (Microsoft Corporation) D:\WINDOWS\system32\dmcertinst.exe
2017-04-11 19:36 - 2017-03-28 07:34 - 00129536 _____ (Microsoft Corporation) D:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-11 19:36 - 2017-03-28 07:34 - 00113664 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 19:36 - 2017-03-28 07:34 - 00088064 _____ (Microsoft Corporation) D:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-04-11 19:36 - 2017-03-28 07:33 - 00270336 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 19:36 - 2017-03-28 07:33 - 00196096 _____ (Microsoft Corporation) D:\WINDOWS\system32\UserDeviceRegistration.dll
2017-04-11 19:36 - 2017-03-28 07:33 - 00193536 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-04-11 19:36 - 2017-03-28 07:33 - 00182272 _____ (Microsoft Corporation) D:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-04-11 19:36 - 2017-03-28 07:33 - 00122880 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-04-11 19:36 - 2017-03-28 07:33 - 00101888 _____ (Microsoft Corporation) D:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-04-11 19:36 - 2017-03-28 07:33 - 00082432 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-04-11 19:36 - 2017-03-28 07:32 - 00635904 _____ (Microsoft Corporation) D:\WINDOWS\system32\FlightSettings.dll
2017-04-11 19:36 - 2017-03-28 07:32 - 00368640 _____ (Microsoft Corporation) D:\WINDOWS\system32\OneBackupHandler.dll
2017-04-11 19:36 - 2017-03-28 07:32 - 00306176 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 19:36 - 2017-03-28 07:32 - 00186368 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-04-11 19:36 - 2017-03-28 07:31 - 00547840 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-04-11 19:36 - 2017-03-28 07:31 - 00418304 _____ D:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-04-11 19:36 - 2017-03-28 07:31 - 00418304 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-04-11 19:36 - 2017-03-28 07:31 - 00360448 _____ (Microsoft Corporation) D:\WINDOWS\system32\rdpencom.dll
2017-04-11 19:36 - 2017-03-28 07:31 - 00343552 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-11 19:36 - 2017-03-28 07:31 - 00289792 _____ (Microsoft Corporation) D:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-11 19:36 - 2017-03-28 07:31 - 00276992 _____ (Microsoft Corporation) D:\WINDOWS\system32\dxtrans.dll
2017-04-11 19:36 - 2017-03-28 07:31 - 00257024 _____ (Microsoft Corporation) D:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-04-11 19:36 - 2017-03-28 07:31 - 00236544 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 19:36 - 2017-03-28 07:31 - 00223744 _____ (Microsoft Corporation) D:\WINDOWS\system32\ie4uinit.exe
2017-04-11 19:36 - 2017-03-28 07:31 - 00211968 _____ (Microsoft Corporation) D:\WINDOWS\system32\InstallAgent.exe
2017-04-11 19:36 - 2017-03-28 07:31 - 00171520 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-04-11 19:36 - 2017-03-28 07:31 - 00144896 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-04-11 19:36 - 2017-03-28 07:30 - 00692224 _____ (Microsoft Corporation) D:\WINDOWS\system32\CellularAPI.dll
2017-04-11 19:36 - 2017-03-28 07:30 - 00651264 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-04-11 19:36 - 2017-03-28 07:30 - 00568320 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-04-11 19:36 - 2017-03-28 07:30 - 00505856 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-04-11 19:36 - 2017-03-28 07:30 - 00340480 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 19:36 - 2017-03-28 07:30 - 00268800 _____ (Microsoft Corporation) D:\WINDOWS\system32\UserMgrProxy.dll
2017-04-11 19:36 - 2017-03-28 07:30 - 00239104 _____ (Microsoft Corporation) D:\WINDOWS\system32\dafpos.dll
2017-04-11 19:36 - 2017-03-28 07:30 - 00049664 _____ (Microsoft Corporation) D:\WINDOWS\system32\TokenBrokerUI.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00912384 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00852480 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Media.Import.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00391168 _____ (Microsoft Corporation) D:\WINDOWS\system32\oleacc.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00387584 _____ (Microsoft Corporation) D:\WINDOWS\system32\iedkcs32.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00379904 _____ (Microsoft Corporation) D:\WINDOWS\system32\apprepsync.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00324608 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00311296 _____ (Microsoft Corporation) D:\WINDOWS\system32\SyncSettings.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00279552 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00267264 _____ (Microsoft Corporation) D:\WINDOWS\system32\vaultcli.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00260608 _____ (Microsoft Corporation) D:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-11 19:36 - 2017-03-28 07:29 - 00206336 _____ (Microsoft Corporation) D:\WINDOWS\system32\psmsrv.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00147456 _____ (Microsoft Corporation) D:\WINDOWS\system32\winsrv.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00146432 _____ (Microsoft Corporation) D:\WINDOWS\system32\AuthBroker.dll
2017-04-11 19:36 - 2017-03-28 07:29 - 00088576 _____ (Microsoft Corporation) D:\WINDOWS\system32\mshtmled.dll
2017-04-11 19:36 - 2017-03-28 07:28 - 00661504 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 19:36 - 2017-03-28 07:28 - 00431616 _____ (Microsoft Corporation) D:\WINDOWS\system32\WpAXHolder.dll
2017-04-11 19:36 - 2017-03-28 07:28 - 00407552 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Internal.Management.dll
2017-04-11 19:36 - 2017-03-28 07:28 - 00337408 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-04-11 19:36 - 2017-03-28 07:28 - 00261632 _____ (Microsoft Corporation) D:\WINDOWS\system32\indexeddbserver.dll
2017-04-11 19:36 - 2017-03-28 07:28 - 00252416 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 19:36 - 2017-03-28 07:28 - 00176128 _____ (Microsoft Corporation) D:\WINDOWS\system32\apprepapi.dll
2017-04-11 19:36 - 2017-03-28 07:27 - 01060352 _____ (Microsoft Corporation) D:\WINDOWS\system32\AppContracts.dll
2017-04-11 19:36 - 2017-03-28 07:27 - 00949248 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-04-11 19:36 - 2017-03-28 07:27 - 00645120 _____ (Microsoft Corporation) D:\WINDOWS\system32\qedit.dll
2017-04-11 19:36 - 2017-03-28 07:27 - 00472064 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-04-11 19:36 - 2017-03-28 07:27 - 00425984 _____ (Microsoft Corporation) D:\WINDOWS\system32\aadcloudap.dll
2017-04-11 19:36 - 2017-03-28 07:27 - 00091136 _____ (Microsoft Corporation) D:\WINDOWS\system32\updatepolicy.dll
2017-04-11 19:36 - 2017-03-28 07:26 - 00437248 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-04-11 19:36 - 2017-03-28 07:26 - 00329728 _____ (Microsoft Corporation) D:\WINDOWS\system32\deviceaccess.dll
2017-04-11 19:36 - 2017-03-28 07:26 - 00284160 _____ (Microsoft Corporation) D:\WINDOWS\system32\AboveLockAppHost.dll
2017-04-11 19:36 - 2017-03-28 07:25 - 18364928 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 19:36 - 2017-03-28 07:25 - 01010176 _____ (Microsoft Corporation) D:\WINDOWS\system32\enterprisecsps.dll
2017-04-11 19:36 - 2017-03-28 07:25 - 00966144 _____ (Microsoft Corporation) D:\WINDOWS\system32\sbe.dll
2017-04-11 19:36 - 2017-03-28 07:25 - 00896512 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.AccountsControl.dll
2017-04-11 19:36 - 2017-03-28 07:25 - 00775168 _____ (Microsoft Corporation) D:\WINDOWS\system32\GamePanel.exe
2017-04-11 19:36 - 2017-03-28 07:25 - 00262144 _____ (Microsoft Corporation) D:\WINDOWS\system32\webcheck.dll
2017-04-11 19:36 - 2017-03-28 07:24 - 19416576 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 19:36 - 2017-03-28 07:24 - 01220096 _____ (Microsoft Corporation) D:\WINDOWS\system32\wscui.cpl
2017-04-11 19:36 - 2017-03-28 07:24 - 00410112 _____ (Microsoft Corporation) D:\WINDOWS\system32\AppXDeploymentClient.dll
2017-04-11 19:36 - 2017-03-28 07:23 - 09130496 _____ (Microsoft Corporation) D:\WINDOWS\system32\twinui.dll
2017-04-11 19:36 - 2017-03-28 07:23 - 00932864 _____ (Microsoft Corporation) D:\WINDOWS\system32\kerberos.dll
2017-04-11 19:36 - 2017-03-28 07:23 - 00691712 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 19:36 - 2017-03-28 07:23 - 00073728 _____ (Microsoft Corporation) D:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-04-11 19:36 - 2017-03-28 07:21 - 23681536 _____ (Microsoft Corporation) D:\WINDOWS\system32\mshtml.dll
2017-04-11 19:36 - 2017-03-28 07:21 - 01589760 _____ (Microsoft Corporation) D:\WINDOWS\system32\msdtctm.dll
2017-04-11 19:36 - 2017-03-28 07:21 - 00104960 _____ (Microsoft Corporation) D:\WINDOWS\system32\CastLaunch.dll
2017-04-11 19:36 - 2017-03-28 07:20 - 01105408 _____ (Microsoft Corporation) D:\WINDOWS\system32\MiracastReceiver.dll
2017-04-11 19:36 - 2017-03-28 07:20 - 00090112 _____ (Microsoft Corporation) D:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 19:36 - 2017-03-28 07:19 - 00442368 _____ (Microsoft Corporation) D:\WINDOWS\system32\PlayToDevice.dll
2017-04-11 19:36 - 2017-03-28 07:19 - 00295424 _____ (Microsoft Corporation) D:\WINDOWS\system32\dlnashext.dll
2017-04-11 19:36 - 2017-03-28 07:19 - 00235520 _____ (Microsoft Corporation) D:\WINDOWS\system32\flvprophandler.dll
2017-04-11 19:36 - 2017-03-28 07:18 - 12181504 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 19:36 - 2017-03-28 07:18 - 01908224 _____ (Microsoft Corporation) D:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 19:36 - 2017-03-28 07:18 - 00100864 _____ (Microsoft Corporation) D:\WINDOWS\system32\wpninprc.dll
2017-04-11 19:36 - 2017-03-28 07:17 - 13087232 _____ (Microsoft Corporation) D:\WINDOWS\system32\ieframe.dll
2017-04-11 19:36 - 2017-03-28 07:17 - 05114368 _____ (Microsoft Corporation) D:\WINDOWS\system32\cdp.dll
2017-04-11 19:36 - 2017-03-28 07:17 - 04749312 _____ (Microsoft Corporation) D:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-11 19:36 - 2017-03-28 07:17 - 00279552 _____ (Microsoft Corporation) D:\WINDOWS\system32\PlayToReceiver.dll
2017-04-11 19:36 - 2017-03-28 07:16 - 00167936 _____ (Microsoft Corporation) D:\WINDOWS\system32\ErrorDetails.dll
2017-04-11 19:36 - 2017-03-28 07:16 - 00061952 _____ (Microsoft Corporation) D:\WINDOWS\system32\vss_ps.dll
2017-04-11 19:36 - 2017-03-28 07:15 - 00981504 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-11 19:36 - 2017-03-28 07:15 - 00945664 _____ (Microsoft Corporation) D:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 19:36 - 2017-03-28 07:15 - 00937984 _____ (Microsoft Corporation) D:\WINDOWS\system32\MCRecvSrc.dll
2017-04-11 19:36 - 2017-03-28 07:15 - 00539136 _____ (Microsoft Corporation) D:\WINDOWS\system32\PlayToManager.dll
2017-04-11 19:36 - 2017-03-28 07:15 - 00467968 _____ (Microsoft Corporation) D:\WINDOWS\system32\Geolocation.dll
2017-04-11 19:36 - 2017-03-28 07:15 - 00411648 _____ (Microsoft Corporation) D:\WINDOWS\system32\SensorsApi.dll
2017-04-11 19:36 - 2017-03-28 07:15 - 00139776 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Media.Devices.dll
2017-04-11 19:36 - 2017-03-28 07:14 - 08126976 _____ (Microsoft Corporation) D:\WINDOWS\system32\Chakra.dll
2017-04-11 19:36 - 2017-03-28 07:14 - 01692160 _____ (Microsoft Corporation) D:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-11 19:36 - 2017-03-28 07:14 - 01643008 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Media.Speech.dll
2017-04-11 19:36 - 2017-03-28 07:14 - 00975872 _____ (Microsoft Corporation) D:\WINDOWS\HelpPane.exe
2017-04-11 19:36 - 2017-03-28 07:14 - 00913920 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Networking.dll
2017-04-11 19:36 - 2017-03-28 07:14 - 00869888 _____ (Microsoft Corporation) D:\WINDOWS\system32\wuapi.dll
2017-04-11 19:36 - 2017-03-28 07:14 - 00800768 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-11 19:36 - 2017-03-28 07:14 - 00779776 _____ (Microsoft Corporation) D:\WINDOWS\system32\cscui.dll
2017-04-11 19:36 - 2017-03-28 07:14 - 00089088 _____ (Microsoft Corporation) D:\WINDOWS\system32\asycfilt.dll
2017-04-11 19:36 - 2017-03-28 07:13 - 06045184 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 19:36 - 2017-03-28 07:13 - 04474368 _____ (Microsoft Corporation) D:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 19:36 - 2017-03-28 07:13 - 02095616 _____ (Microsoft Corporation) D:\WINDOWS\system32\inetcpl.cpl
2017-04-11 19:36 - 2017-03-28 07:13 - 01359872 _____ (Microsoft Corporation) D:\WINDOWS\system32\SharedStartModel.dll
2017-04-11 19:36 - 2017-03-28 07:13 - 01040896 _____ (Microsoft Corporation) D:\WINDOWS\system32\NaturalLanguage6.dll
2017-04-11 19:36 - 2017-03-28 07:13 - 00759296 _____ (Microsoft Corporation) D:\WINDOWS\system32\msfeeds.dll
2017-04-11 19:36 - 2017-03-28 07:13 - 00650752 _____ (Microsoft Corporation) D:\WINDOWS\system32\RDXService.dll
2017-04-11 19:36 - 2017-03-28 07:13 - 00460800 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-04-11 19:36 - 2017-03-28 07:12 - 05611008 _____ (Microsoft Corporation) D:\WINDOWS\system32\d2d1.dll
2017-04-11 19:36 - 2017-03-28 07:12 - 02208768 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-04-11 19:36 - 2017-03-28 07:12 - 02026496 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 19:36 - 2017-03-28 07:12 - 01509376 _____ (Microsoft Corporation) D:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 19:36 - 2017-03-28 07:12 - 00376832 _____ (Microsoft Corporation) D:\WINDOWS\system32\CryptoWinRT.dll
2017-04-11 19:36 - 2017-03-28 07:11 - 02914816 _____ (Microsoft Corporation) D:\WINDOWS\system32\CertEnroll.dll
2017-04-11 19:36 - 2017-03-28 07:11 - 01275392 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-04-11 19:36 - 2017-03-28 07:10 - 02316288 _____ (Microsoft Corporation) D:\WINDOWS\system32\wuaueng.dll
2017-04-11 19:36 - 2017-03-28 07:10 - 01783296 _____ (Microsoft Corporation) D:\WINDOWS\system32\urlmon.dll
2017-04-11 19:36 - 2017-03-28 07:10 - 01637888 _____ (Microsoft Corporation) D:\WINDOWS\system32\ieapfltr.dll
2017-04-11 19:36 - 2017-03-28 07:10 - 01586176 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Globalization.dll
2017-04-11 19:36 - 2017-03-28 07:10 - 01231872 _____ (Microsoft Corporation) D:\WINDOWS\system32\dosvc.dll
2017-04-11 19:36 - 2017-03-28 07:10 - 00875520 _____ (Microsoft Corporation) D:\WINDOWS\system32\TokenBroker.dll
2017-04-11 19:36 - 2017-03-28 07:10 - 00774656 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Web.dll
2017-04-11 19:36 - 2017-03-28 07:09 - 01513472 _____ (Microsoft Corporation) D:\WINDOWS\system32\win32kbase.sys
2017-04-11 19:36 - 2017-03-28 07:09 - 01328640 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Web.Http.dll
2017-04-11 19:36 - 2017-03-28 07:09 - 01131008 _____ (Microsoft Corporation) D:\WINDOWS\system32\localspl.dll
2017-04-11 19:36 - 2017-03-28 07:09 - 01064448 _____ (Microsoft Corporation) D:\WINDOWS\system32\SettingSyncCore.dll
2017-04-11 19:36 - 2017-03-28 07:09 - 00716800 _____ (Microsoft Corporation) D:\WINDOWS\system32\ShareHost.dll
2017-04-11 19:36 - 2017-03-28 07:08 - 03612672 _____ (Microsoft Corporation) D:\WINDOWS\system32\win32kfull.sys
2017-04-11 19:36 - 2017-03-28 07:08 - 03542016 _____ (Microsoft Corporation) D:\WINDOWS\system32\actxprxy.dll
2017-04-11 19:36 - 2017-03-28 07:08 - 02895872 _____ (Microsoft Corporation) D:\WINDOWS\system32\wininet.dll
2017-04-11 19:36 - 2017-03-28 07:08 - 00180224 _____ (Microsoft Corporation) D:\WINDOWS\system32\enrollmentapi.dll
2017-04-11 19:36 - 2017-03-28 07:07 - 00908800 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 19:36 - 2017-03-28 07:07 - 00701952 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-04-11 19:36 - 2017-03-28 07:07 - 00122368 _____ (Microsoft Corporation) D:\WINDOWS\system32\FontProvider.dll
2017-04-11 19:36 - 2017-03-28 07:06 - 01121280 _____ (Microsoft Corporation) D:\WINDOWS\system32\aadtb.dll
2017-04-11 19:36 - 2017-03-28 07:06 - 00924672 _____ (Microsoft Corporation) D:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-11 19:36 - 2017-03-28 07:05 - 01633792 _____ (Microsoft Corporation) D:\WINDOWS\system32\quartz.dll
2017-04-11 19:36 - 2017-03-28 07:04 - 00119808 ____R (Microsoft Corporation) D:\WINDOWS\system32\SecureAssessmentHandlers.dll
2017-04-11 19:36 - 2017-03-18 18:50 - 00956416 _____ (Microsoft Corporation) D:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-11 19:36 - 2017-03-18 18:35 - 02278400 _____ (Microsoft Corporation) D:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-07 09:07 - 2017-04-07 22:50 - 00000000 ____D D:\Program Files (x86)\MeineDaten2.0
2017-04-07 09:01 - 2017-04-07 09:01 - 00006819 _____ D:\Users\käptnBlaubär\AppData\Local\recently-used.xbel
2017-04-05 18:05 - 2017-04-05 18:05 - 00001095 _____ D:\Users\Public\Desktop\ISO to USB.lnk
2017-04-05 18:05 - 2017-04-05 18:05 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
2017-04-05 18:05 - 2017-04-05 18:05 - 00000000 ____D D:\Program Files (x86)\ISO to USB
2017-04-05 16:45 - 2016-04-30 20:39 - 09618944 _____ D:\Users\käptnBlaubär\Desktop\Our_God_is_an_Awesome_God.mp4
2017-04-04 09:21 - 2017-04-04 09:39 - 00000000 ____D D:\Users\käptnBlaubär\Documents\Neuer Ordner
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-03 22:35 - 2016-11-16 19:51 - 00000000 ____D D:\Users\käptnBlaubär\AppData\LocalLow\Mozilla
2017-05-03 22:29 - 2016-10-09 20:09 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT
2017-05-03 22:28 - 2016-07-16 08:04 - 00524288 _____ D:\WINDOWS\system32\config\BBI
2017-05-03 22:28 - 2014-11-18 09:18 - 00000000 ____D D:\AdwCleaner
2017-05-03 22:27 - 2017-03-15 09:56 - 00000000 ____D D:\Esoft
2017-05-03 22:27 - 2017-01-31 23:12 - 00000008 __RSH D:\ProgramData\ntuser.pol
2017-05-03 22:27 - 2016-07-16 13:45 - 00000000 ____D D:\WINDOWS\INF
2017-05-03 21:16 - 2016-10-05 17:29 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Local\CrashDumps
2017-05-03 21:10 - 2016-10-05 15:36 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Local\PrivaZer
2017-05-03 13:35 - 2016-10-09 19:43 - 00000000 ____D D:\Users\käptnBlaubär
2017-05-03 13:19 - 2016-10-09 19:38 - 00000000 ____D D:\WINDOWS\system32\SleepStudy
2017-05-03 11:24 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\AppReadiness
2017-05-03 09:47 - 2016-10-08 18:26 - 00000000 ____D D:\Users\käptnBlaubär\Documents\Visual Studio 2015
2017-05-03 09:29 - 2016-11-05 14:00 - 00000000 ____D D:\Users\käptnBlaubär\Documents\EigeneProjekte
2017-05-03 07:19 - 2017-03-14 18:21 - 00028272 _____ D:\WINDOWS\system32\Drivers\TrueSight.sys
2017-05-03 07:02 - 2016-10-09 20:14 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Local\Packages
2017-05-03 07:02 - 2016-07-16 13:47 - 00000000 ___HD D:\Program Files\WindowsApps
2017-05-02 19:49 - 2016-10-05 15:14 - 00000000 ____D D:\Users\käptnBlaubär\Desktop\security
2017-05-02 19:46 - 2017-04-01 21:58 - 00000000 ____D D:\ProgramData\Norton
2017-05-02 19:46 - 2017-04-01 21:57 - 00000000 ____D D:\Program Files (x86)\NortonInstaller
2017-05-02 19:45 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\ELAMBKUP
2017-05-02 19:45 - 2016-07-16 08:04 - 00032768 _____ D:\WINDOWS\system32\config\ELAM
2017-05-02 17:54 - 2017-03-29 19:05 - 00000000 ____D D:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-05-02 17:54 - 2017-03-23 18:22 - 00000000 ____D D:\Users\käptnBlaubär\Desktop\mbar
2017-05-02 17:05 - 2016-10-28 17:50 - 00000000 ____D D:\WINDOWS\Minidump
2017-05-02 13:02 - 2017-03-19 13:32 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Local\FSDART
2017-05-02 13:02 - 2017-02-21 22:51 - 00000000 ____D D:\Program Files\Emsisoft Anti-Malware
2017-05-02 09:05 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\system32\appraiser
2017-05-02 09:05 - 2016-07-16 13:36 - 00000000 ____D D:\WINDOWS\CbsTemp
2017-05-01 22:27 - 2014-10-03 15:36 - 00000000 ____D D:\ProgramData\Origin
2017-05-01 21:59 - 2014-10-03 21:01 - 00348360 _____ D:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-05-01 21:59 - 2014-10-03 20:56 - 00348360 _____ D:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-05-01 21:58 - 2014-10-03 20:56 - 00280904 _____ D:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-05-01 21:58 - 2014-10-03 15:58 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\Origin
2017-05-01 18:21 - 2014-10-03 22:41 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2017-05-01 18:21 - 2014-10-03 22:41 - 00000000 ____D D:\Program Files (x86)\Emsisoft HiJackFree
2017-05-01 14:08 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\SysWOW64\Macromed
2017-05-01 14:08 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\system32\Macromed
2017-05-01 13:50 - 2017-03-07 22:36 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\vlc
2017-05-01 12:06 - 2014-09-30 17:53 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Local\Adobe
2017-05-01 10:33 - 2015-02-11 12:43 - 00000000 ____D D:\Program Files (x86)\MSECache
2017-04-29 23:02 - 2016-11-29 17:13 - 00000000 ____D D:\Program Files (x86)\Mozilla Firefox
2017-04-29 13:02 - 2016-11-05 13:49 - 00000000 ____D D:\Program Files (x86)\EasySetup
2017-04-28 15:02 - 2014-10-01 12:06 - 00000000 ____D D:\WINDOWS\system32\MRT
2017-04-28 14:56 - 2016-10-09 22:17 - 148601744 ____C (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe
2017-04-27 22:10 - 2016-11-04 21:08 - 00000364 _____ D:\Users\käptnBlaubär\Desktop\Filterbesipiel.txt
2017-04-27 14:55 - 2016-12-02 18:50 - 00000000 ____D D:\Program Files\Mozilla Firefox
2017-04-27 14:55 - 2015-08-09 15:44 - 00000000 ____D D:\Program Files (x86)\Mozilla Maintenance Service
2017-04-27 10:57 - 2017-02-13 15:15 - 00000000 ____D D:\Users\käptnBlaubär\Documents\SicherungDB
2017-04-26 19:00 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\system32\NDF
2017-04-26 15:11 - 2014-09-30 17:56 - 00000000 ____D D:\Users\käptnBlaubär\dwhelper
2017-04-25 15:43 - 2016-10-12 12:49 - 00000000 ____D D:\Program Files\CCleaner
2017-04-25 15:42 - 2016-10-20 21:31 - 00000868 _____ D:\Users\Public\Desktop\CCleaner.lnk
2017-04-25 14:03 - 2017-03-02 14:27 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vorlage
2017-04-25 13:29 - 2016-10-09 08:44 - 00000000 ____D D:\Users\käptnBlaubär\AppData\LocalLow\Temp
2017-04-24 09:47 - 2017-03-29 16:28 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-23 12:34 - 2014-09-30 18:36 - 00000000 ____D D:\EmisoftEmergencyTools
2017-04-20 16:02 - 2014-09-30 16:45 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Local\VirtualStore
2017-04-20 09:24 - 2017-02-16 10:36 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-20 09:24 - 2014-09-30 17:54 - 00000000 ____D D:\ProgramData\Malwarebytes
2017-04-20 07:50 - 2016-10-09 19:42 - 02874354 _____ D:\WINDOWS\system32\PerfStringBackup.INI
2017-04-20 07:50 - 2016-07-17 00:51 - 01218030 _____ D:\WINDOWS\system32\perfh007.dat
2017-04-20 07:50 - 2016-07-17 00:51 - 00307434 _____ D:\WINDOWS\system32\perfc007.dat
2017-04-20 07:26 - 2017-02-27 14:25 - 00000000 ____D D:\Users\käptnBlaubär\Documents\icf
2017-04-20 07:25 - 2017-03-04 10:32 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2017-04-20 07:15 - 2017-01-01 13:08 - 00000000 ____D D:\Users\käptnBlaubär\Tracing
2017-04-19 09:08 - 2016-10-08 18:52 - 00000870 _____ D:\Users\Public\Desktop\Notepad++.lnk
2017-04-19 09:08 - 2016-10-08 18:52 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Roaming\Notepad++
2017-04-18 20:45 - 2017-01-02 17:44 - 00000000 ____D D:\Users\käptnBlaubär\Desktop\ProzessMonitor
2017-04-18 18:38 - 2014-10-03 15:35 - 00000000 ____D D:\Program Files (x86)\Origin
2017-04-18 16:08 - 2017-02-13 15:07 - 00000000 ____D D:\Users\käptnBlaubär\AppData\Local\M.S
2017-04-18 14:37 - 2017-02-02 11:52 - 00000000 ____D D:\Users\käptnBlaubär\Documents\Personen
2017-04-17 14:56 - 2014-10-23 18:55 - 00000000 ____D D:\ProgramData\TEMP
2017-04-14 21:00 - 2015-01-11 20:23 - 00000000 ____D D:\ProgramData\Package Cache
2017-04-14 16:28 - 2017-03-28 11:04 - 00000000 ____D D:\ProgramData\Trend Micro
2017-04-14 16:28 - 2017-03-28 11:03 - 00000000 ____D D:\Program Files (x86)\Trend Micro
2017-04-14 16:27 - 2017-03-28 11:05 - 00000000 ____D D:\ProgramData\Trend Micro Installer
2017-04-14 16:26 - 2015-08-09 15:44 - 00001010 _____ D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-14 16:26 - 2015-08-09 15:44 - 00000998 _____ D:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-14 10:36 - 2016-07-16 13:47 - 00000000 ____D D:\Program Files\Common Files\microsoft shared
2017-04-12 14:54 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\rescache
2017-04-12 10:14 - 2016-10-09 20:14 - 00000000 __RHD D:\Users\Public\AccountPictures
2017-04-12 10:05 - 2016-07-16 13:47 - 00000000 ___SD D:\WINDOWS\SysWOW64\F12
2017-04-12 10:05 - 2016-07-16 13:47 - 00000000 ___SD D:\WINDOWS\system32\F12
2017-04-12 10:05 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\SysWOW64\setup
2017-04-12 10:05 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\system32\setup
2017-04-12 10:05 - 2016-07-16 08:04 - 00000000 ____D D:\WINDOWS\system32\Dism
2017-04-12 10:04 - 2016-07-16 13:47 - 00000000 ___RD D:\WINDOWS\ImmersiveControlPanel
2017-04-12 10:04 - 2016-07-16 13:47 - 00000000 ___RD D:\Program Files\Windows Defender
2017-04-12 10:04 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\ShellExperiences
2017-04-12 10:04 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\Provisioning
2017-04-12 10:04 - 2016-07-16 13:47 - 00000000 ____D D:\WINDOWS\PolicyDefinitions
2017-04-12 10:04 - 2016-07-16 13:47 - 00000000 ____D D:\Program Files\Windows Photo Viewer
2017-04-12 10:04 - 2016-07-16 13:47 - 00000000 ____D D:\Program Files (x86)\Windows Photo Viewer
2017-04-12 10:04 - 2016-07-16 13:47 - 00000000 ____D D:\Program Files (x86)\Windows Defender
2017-04-12 09:59 - 2017-01-02 11:51 - 00000000 ____D D:\Program Files\Microsoft Silverlight
2017-04-12 09:59 - 2016-10-08 18:02 - 00000000 ____D D:\Program Files (x86)\Microsoft Silverlight
2017-04-11 21:07 - 2017-01-05 18:27 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-08 10:45 - 2017-02-21 20:06 - 00000000 ____D D:\ProgramData\G DATA
2017-04-07 09:03 - 2016-02-01 20:07 - 00000000 ____D D:\Users\käptnBlaubär\.gimp-2.8
2017-04-04 13:45 - 2016-10-08 13:33 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-02-15 17:22 - 2017-02-16 09:17 - 0083644 _____ () D:\Program Files (x86)\Debugtest.html
2017-03-19 14:13 - 2017-03-28 09:33 - 0133314 _____ () D:\Users\käptnBlaubär\AppData\Local\ars.cache
2017-03-19 14:13 - 2017-03-28 09:33 - 0388629 _____ () D:\Users\käptnBlaubär\AppData\Local\census.cache
2017-03-19 13:45 - 2017-03-19 13:45 - 0000036 _____ () D:\Users\käptnBlaubär\AppData\Local\housecall.guid.cache
2017-04-07 09:01 - 2017-04-07 09:01 - 0006819 _____ () D:\Users\käptnBlaubär\AppData\Local\recently-used.xbel
2017-04-29 11:19 - 2017-04-29 11:19 - 0001293 _____ () D:\Users\käptnBlaubär\AppData\Local\Temp1.html
2017-04-29 11:19 - 2017-04-29 11:19 - 0012562 _____ () D:\Users\käptnBlaubär\AppData\Local\Temp34.html
Einige Dateien in TEMP:
====================
2017-05-03 15:49 - 2017-05-03 15:49 - 5441776 _____ (APOWERSOFT LIMITED ) D:\Users\käptnBlaubär\AppData\Local\Temp\ApowersoftVideoEditor-0goyuk2l.sl5.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
D:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
D:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
D:\WINDOWS\explorer.exe => Datei ist digital signiert
D:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
D:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
D:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
D:\WINDOWS\system32\services.exe => Datei ist digital signiert
D:\WINDOWS\system32\User32.dll => Datei ist digital signiert
D:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
D:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
D:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
D:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
D:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
D:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
D:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-04-24 11:33
==================== Ende von FRST.txt ============================
|
|
03.05.2017, 22:05
| #8 |
| | RootkitverdachtCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03-05-2017 01
durchgeführt von Nada (03-05-2017 22:57:09)
Gestartet von D:\Users\käptnBlaubär\Downloads
Windows 10 Pro Version 1607 (X64) (2016-10-09 18:13:36)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2210758347-1204338499-507655992-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2210758347-1204338499-507655992-503 - Limited - Disabled)
Gast (S-1-5-21-2210758347-1204338499-507655992-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2210758347-1204338499-507655992-1002 - Limited - Enabled)
Nada (S-1-5-21-2210758347-1204338499-507655992-1000 - Administrator - Enabled) => D:\Users\käptnBlaubär
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AdBlockerHelper (HKLM-x32\...\{7923DD5E-8FFC-4DE8-A7DC-D4B83797F3C0}) (Version: - AdBlockerHelper)
Apowersoft kostenloser Bildschirmrekorder V3.0.6 (HKLM-x32\...\{24a5c90b-5128-4fc9-91f5-113d64087118}_is1) (Version: 3.0.6 - APOWERSOFT LIMITED)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{1f8bb480-f5d7-4414-a6ea-28e005509ae4}) (Version: 1.2.81.6390 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.6390 - Avira Operations GmbH & Co. KG) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CMS2017 2.0 (HKLM-x32\...\{91190DD8-7271-4F6A-BF98-96B72E835A15}) (Version: - M.S)
Command & Conquer 3 (HKLM-x32\...\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer(TM) Generäle (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer(TM) Generäle (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and Conquer(TM) Generäle Die Stunde Null (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and Conquer(TM) Generäle Die Stunde Null (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
EasySetup 2.0.6 (HKLM-x32\...\{7CD2DA07-6695-4FFE-A2A6-5F7055F1A8FA}) (Version: - Thorsten Hoeppner)
Emsisoft HiJackFree 4.5 (HKLM-x32\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH)
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{4705DBFD-9D5E-4D23-817C-8CA7359B7BDE}) (Version: 11.1.20810.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HTML Help Workshop (HKLM-x32\...\HTML Help Workshop) (Version: - )
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Linkverwaltung 2.0 (HKLM-x32\...\{3AC6AA2F-8C74-48AC-A064-707CDB7461D8}) (Version: - M.S)
MD5Hasch 2.0.0 (HKLM-x32\...\{9C0D084E-423E-452F-9935-F96A2A840C61}) (Version: - M.S)
MeineDaten 2.0 (HKLM-x32\...\{1A25CEB9-5A89-43AB-93CD-BF8B0149F684}) (Version: - M.S)
MeineDatenBank 2.0 (HKLM-x32\...\{7EA04711-607D-424B-A210-900296D7B874}) (Version: - M.S)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM-x32\...\{00040407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office Access Runtime (German) 2007 (HKLM-x32\...\{90120000-001C-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 (Deutsch) (HKLM-x32\...\{FA440BE8-EC2F-4478-A01A-077DA0606501}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual FoxPro OLE DB Provider (HKLM-x32\...\{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}) (Version: 1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (HKLM-x32\...\{69ec32be-d994-44de-9eae-6d86ced6f352}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0 (x64 de) (HKLM\...\Mozilla Firefox 53.0 (x64 de)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NetObjects Fusion Essentials (HKLM-x32\...\{8508AD2F-9837-4CC3-AC3C-05DB64D20275}) (Version: 13.0 - NetObjects)
NetObjects Fusion Essentials (x32 Version: 13.00.0000.5598 - NetObjects) Hidden
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.80 - Symantec Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Grafiktreiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.9.38188 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 3.0.19.0 - Goversoft LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Returnil System Safe 2011 (HKLM-x32\...\{92AF8F5C-4F36-4276-ADC7-AC95F348235B}) (Version: 3.2.10853 - CJSC Returnil Software)
RogueKiller Version 12.10.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.6.0 - Adlice Software)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: - Samsung Electronics CO.,LTD)
SanityCheck 2.02 (HKLM\...\SanityCheck_is1) (Version: - Resplendence Software Projects Sp.)
Serif PagePlus X2 (HKLM-x32\...\{B00B1355-DD54-4314-90B1-161C6A7D3FD3}) (Version: 12.0.0.012 - Serif (Europe) Ltd)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TrojanHunter 6.0 (HKLM-x32\...\TrojanHunter_is1) (Version: 6.0 - Bytelayer AB)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17362 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01D4B8E8-467A-4035-90A1-6A5D225FBF40} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {0271E4B5-0CBB-4FBD-BF90-A81C65725AA4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {0AE4797F-C5A4-4793-A9F9-B58F04895C3D} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd)
Task: {0C59C8F3-5851-4422-A8EB-C1C2E79851EA} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {0D876791-6730-4569-91A1-16C55356B8D7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {0DA3D330-6608-429D-8C7F-772E1B18F40A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {22093BCE-0D5C-4DE1-97BA-2DE8FBB4AC7B} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {2CE6F91D-AD61-4A5B-A47E-7BDA0D5CC3EE} - System32\Tasks\Apple\AppleSoftwareUpdate => D:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {2CFBDC09-4D64-44E6-9ECF-CC7F0F76D9BF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {2FD69397-024B-4ED2-9C5F-29C651355DE4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3B5223C3-3DF8-4660-9F71-06FA0C9AC531} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {3D2FDB4D-CAC6-4CE1-A3EA-06B7D18227A5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {6EADAB68-C306-4603-AAAC-2714B530E405} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7F5F7452-6161-4DD5-91D9-FCFE41EC5B08} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {7F871D47-7D40-4C22-8BF0-7084448DCE1C} - System32\Tasks\{E7EB9F2C-A589-4420-A190-2EBD4D9356C5} => pcalua.exe -a D:\Users\käptnBlaubär\Downloads\MDAC_TYP.EXE -d D:\Users\käptnBlaubär\Downloads
Task: {8B70AB37-B99E-4BC4-8D87-F711C3643B21} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {95E9774F-A4C2-4FBD-A92D-D0CE10521609} - System32\Tasks\Norton Security Scan for Nada => D:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.80\Nss.exe [2016-11-03] (Symantec Corporation)
Task: {9B8180B6-C3BC-4406-B40D-C9247E07DC26} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {AB65F659-6576-490A-9175-C613E99BAF1E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {ABB7C120-8C3C-4B0D-87F9-B1FB6910205F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AD543F3E-A6BA-4963-B9D4-65399B2608F0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {DB45A22E-95DB-417E-B2F4-942A0E3F37A3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {DFD1099D-3BBF-445F-A770-310BDD089ABA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E7953A10-891C-4E02-8853-7BFF209B64A5} - System32\Tasks\PrivaZer_SkipUAC => D:\Program Files (x86)\PrivaZer\PrivaZer.exe [2017-04-02] (Goversoft LLC)
Task: {FC71D964-1996-43EF-BCD8-211A7E12C037} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {FD040641-285A-4D1B-87CA-569A58C603B6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () D:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-11 19:36 - 2017-03-28 08:22 - 02681200 _____ () D:\WINDOWS\system32\CoreUIComponents.dll
2016-02-01 19:25 - 2008-06-04 16:53 - 00027648 _____ () D:\WINDOWS\System32\spd__l6.dll
2016-02-01 19:25 - 2009-03-18 14:05 - 00685568 _____ () D:\WINDOWS\system32\spool\DRIVERS\x64\3\spd__du.dll
2014-10-03 20:56 - 2015-09-29 20:38 - 00076152 _____ () D:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-04-20 16:01 - 2017-03-22 09:39 - 00169656 _____ () D:\Program Files\CyberGhost 6\Data\Firewall\x64\nfapi.DLL
2017-04-11 19:36 - 2017-03-28 08:22 - 02681200 _____ () D:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-09 20:17 - 2016-10-09 20:17 - 00959168 _____ () D:\Users\käptnBlaubär\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-10-10 12:07 - 2016-09-07 06:56 - 00134656 _____ () D:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 17:55 - 2017-03-04 08:31 - 00474112 _____ () D:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 17:55 - 2017-03-04 08:12 - 09760768 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 17:55 - 2017-03-04 08:05 - 01401856 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 17:55 - 2017-03-04 08:05 - 00757248 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 19:36 - 2017-03-28 07:08 - 02424320 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 19:36 - 2017-03-28 07:11 - 04853760 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-20 09:24 - 2017-03-22 10:24 - 02271520 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-10-05 16:27 - 2017-04-18 18:37 - 02493440 _____ () D:\Program Files (x86)\Origin\libGLESv2.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: D:\ProgramData\TEMP:341E39B2 [127]
AlternateDataStreams: D:\ProgramData\TEMP:55B41E6A [122]
AlternateDataStreams: D:\ProgramData\TEMP:9A870F8B [932]
AlternateDataStreams: D:\ProgramData\TEMP:AC64BB05 [131]
AlternateDataStreams: D:\ProgramData\TEMP:CB0AACC9 [320]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\localhost -> hxxps://localhost
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2016-12-29 17:30 - 00000938 _____ D:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\Control Panel\Desktop\\Wallpaper -> d:\users\käptnblaubär\appdata\local\microsoft\windows\themes\img10.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: HDDlife HDD Access service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVIDIA Wireless Controller Service => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: RUBotSrv => 2
MSCONFIG\Services: Samsung UPD Service => 3
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Malwarebytes Anti-Ransomware.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RSS 2011.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\StartupFolder: => "MALWAREBYTES ANTI-RANSOMWARE.LNK"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "Kaspersky Software Updater"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "KSS"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "CyberGhost"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-dcom] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RVM-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteDesktop-Shadow-In-TCP] => (Block) %SystemRoot%\system32\RdpSa.exe
FirewallRules: [{7F769B1A-858C-458B-9A95-FCF7E5EFA399}] => (Allow) D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\RpcSandraSrv.exe
FirewallRules: [{41724820-1BA1-49E5-BE8C-9DF9A7514327}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{20B3855F-1D77-488C-A050-B71C2E34D227}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F76BB3A0-1177-4D72-BBDF-383DFAE32FBB}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A13DC88-D16A-4C3D-8925-88FCED9383EA}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{78948828-5201-497F-9ED0-DBAB838215D6}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{824E0CB4-2954-46A1-9499-1D88D3360982}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{6F41A2D2-BB0F-4472-8855-6FBB7119011A}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{10AFA1D6-1B82-425C-813B-4CF0928E8C60}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AA6D773E-F25C-4A29-B21D-F255C0EFB9F7}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0C4085FB-E4A8-494B-B93A-8CD6532DE3A8}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E0B059C6-F1D4-4441-9780-D8553F11B575}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [{E83FB76E-9205-4B6B-8264-196650AF4E39}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{9EBF74DB-BC08-40B6-9575-D8D213608D0A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{941EDF7C-AC2E-43A4-8F97-03BB134C3A76}] => (Allow) D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe
FirewallRules: [{B1FB53ED-8CBF-4BD7-B2E1-6F7037D2C96D}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E69C2C7A-2AE5-4E02-B62F-28AFE47B84B1}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AD7DB536-19D1-4741-B5CA-38074D5E1A78}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3344C11A-A8FE-4C9A-A9DD-BEEA3D386BF9}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2384AD3A-D15A-4F07-994F-EBAFEC09606D}] => (Allow) D:\Windows\System32\SUPDSvc.exe
FirewallRules: [{CB56C37F-E60F-44CB-A761-A3E48F5845AA}] => (Allow) D:\Windows\System32\SUPDSvc.exe
FirewallRules: [{49EAE512-EEE3-49B1-9BC4-32F5A7F2FEEC}] => (Allow) D:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5BD170FA-F34F-4319-8887-B087D7380D33}] => (Allow) D:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{9CE0734A-6829-49A3-81D6-8034B1FECDD0}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6D6BFBEA-9B0A-4F8F-AD28-79BA423DB5D5}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1E574917-8CE3-4A76-A3F1-3F565C77BA0F}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{478E522C-A52C-44EA-8670-B3E6C5E89A15}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6F94AA1F-8281-48E4-9FE4-335A3C70952E}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{631237D1-47B0-48CB-930E-FE9A63BDD72A}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe
FirewallRules: [UDP Query User{79479189-1BE3-4180-8F59-FF21B7EA6F40}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe
FirewallRules: [TCP Query User{2C07FB38-2308-41C4-8EA1-3DDE4F628B43}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe
FirewallRules: [UDP Query User{B887583F-AF8C-41D9-AEA1-3A5C9CE84EE1}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe
FirewallRules: [TCP Query User{56F9FDED-A005-4E74-9A7F-2FEFBCC8BC73}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe
FirewallRules: [UDP Query User{E4569F72-193F-45C8-B231-2A3B0ED01148}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe
FirewallRules: [TCP Query User{5E2B3BAD-54EE-438C-AC3C-1F309DA1993F}M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [UDP Query User{1FB60CBB-26D5-4F74-9C58-A75F86DE2937}M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [TCP Query User{171C4656-4433-4F65-97D4-6CF2B47E7A39}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [UDP Query User{8526678C-D896-49D7-87C9-BC30E338E603}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [{DF89024D-2B67-4DA0-9C70-25F04DDFD0AF}] => (Allow) D:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{053641C4-8E62-423E-830A-D1BCA1D101FE}] => (Allow) D:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{47366012-3301-451E-B967-326DA431DB42}] => (Allow) D:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69B051BA-DDF0-4670-9130-E5299DDCB00D}] => (Allow) D:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{15C47165-9F69-45AD-B585-0115FD36FBFB}D:\program files\mozilla firefox\firefox.exe] => (Block) D:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{10937510-0CE9-4228-AC1A-2E4453E174F8}D:\program files\mozilla firefox\firefox.exe] => (Block) D:\program files\mozilla firefox\firefox.exe
FirewallRules: [{312AD574-CAF1-4AB3-84D3-3C9936F5111E}] => (Allow) D:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3FAC850C-2CB5-4E7C-A3DF-353FC2451365}] => (Allow) LPort=2869
FirewallRules: [{AEFE14F6-3CDA-438C-B783-08410C687D01}] => (Allow) LPort=1900
FirewallRules: [{E62DE134-693D-44A0-BE77-A4DD434723E5}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{5919157E-1C8C-4E91-AE5C-7AF5171615B9}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{20ADF67F-6DAC-41BB-8BAA-0995BAF0A1E0}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
FirewallRules: [{0767923C-CD9E-4991-8A43-09B1226DDE4E}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
FirewallRules: [{1CB36320-7D43-4CF2-8774-F7950285AF34}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Video Editor.exe
FirewallRules: [{1B72EADA-52DE-409F-8D94-4AAD682B7D98}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Video Editor.exe
==================== Wiederherstellungspunkte =========================
27-04-2017 14:50:16 Microsoft Visual C++ 2005 Redistributable wird installiert
27-04-2017 15:00:26 JRT Pre-Junkware Removal
01-05-2017 09:53:56 Windows Update
01-05-2017 09:54:39 Windows Update
01-05-2017 10:33:34 Installed Compatibility Pack for the 2007 Office system
02-05-2017 17:44:02 Installed SafenSoft SysWatch.
02-05-2017 17:48:03 Installed SafenSoft SysWatch.
02-05-2017 17:56:03 Removed SafenSoft SysWatch.
02-05-2017 20:15:14 Returnil System Safe 2011 wird installiert
02-05-2017 23:47:02 Returnil System Safe 2011 wird entfernt
03-05-2017 09:21:05 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/03/2017 10:20:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avguard.exe, Version: 15.0.25.170, Zeitstempel: 0x58c8088c
Name des fehlerhaften Moduls: MSVCR120.dll, Version: 12.0.21005.1, Zeitstempel: 0x524f7ce6
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000a46a9
ID des fehlerhaften Prozesses: 0x97c
Startzeit der fehlerhaften Anwendung: 0x01d2c44168090819
Pfad der fehlerhaften Anwendung: D:\Program Files (x86)\Avira\Antivirus\avguard.exe
Pfad des fehlerhaften Moduls: D:\Program Files (x86)\Avira\Antivirus\MSVCR120.dll
Berichtskennung: 05063d6e-a871-41b3-87da-a1dbe58083df
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/03/2017 09:27:02 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: NONNAME)
Description: 7.488: Der EFS-Dienst*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Error: (05/03/2017 09:15:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 10.0.14393.953, Zeitstempel: 0x58ba5aa4
Name des fehlerhaften Moduls: windows.immersiveshell.serviceprovider.dll, Version: 10.0.14393.0, Zeitstempel: 0x57899873
Ausnahmecode: 0x80270233
Fehleroffset: 0x0000000000033c25
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0x01d2c4417f2cd5e8
Pfad der fehlerhaften Anwendung: D:\WINDOWS\Explorer.EXE
Pfad des fehlerhaften Moduls: D:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Berichtskennung: c9da0bcb-793c-4a69-9c34-7f929b64aaca
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/03/2017 09:12:32 PM) (Source: WAS-LA) (EventID: 7005) (User: )
Description: Das Listeneradapterprotokoll "msmq.formatname" hat versucht, mit dem Windows-Prozessaktivierungsdienst zu kommunizieren und dabei einen Fehler verursacht. Der Listeneradapter befindet sich nun in einem ungültigen Zustand. Ursache: Dies kann auftreten, wenn zwischen dem Windows-Prozessaktivierungsdienst und dem Listeneradapter nicht ausreichend Speicherplatz vorhanden ist oder Fehler aufgetreten sind. Korrektur: Um diesen Fehler zu korrigieren, beenden Sie den Listeneradapter und anschließend den Windows-Prozessaktivierungsdienst, starten Sie den Windows-Prozessaktivierungsdienst neu, und starten Sie schließlich den Listeneradapter neu.
Error: (05/03/2017 07:11:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Apowersoft Free Screen Recorder.exe, Version: 3.0.6.0, Zeitstempel: 0x570dc4f2
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x58256ca0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00026dc9
ID des fehlerhaften Prozesses: 0x1c2c
Startzeit der fehlerhaften Anwendung: 0x01d2c42e4465f6f8
Pfad der fehlerhaften Anwendung: D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
Pfad des fehlerhaften Moduls: D:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: f0b53760-234f-44cb-b807-b81a4a35a713
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/03/2017 07:11:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Apowersoft Free Screen Recorder.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.AccessViolationException
bei Apowersoft.Media.FFMpeg.SDL.SDL_LockMutex(IntPtr)
bei Apowersoft.Media.FFMpeg.VideoPlayClass.alloc_picture(VideoState)
bei Apowersoft.Media.FFMpeg.VideoPlayClass.event_loop(VideoState)
bei Apowersoft.Media.FFMpeg.VideoPlayClass.init_source(System.Windows.Forms.PictureBox, Apowersoft.Media.FFMpeg.ConvertTask)
bei Apowersoft.Media.FFMpeg.VideoPlayClass.VideoPlay(System.Windows.Forms.PictureBox, Apowersoft.Media.FFMpeg.ConvertTask, Boolean)
bei Apowersoft.Media.FFMpeg.VideoPlayClass+<>c__DisplayClass2.<Open>b__1()
bei System.Threading.Tasks.Task`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InnerInvoke()
bei System.Threading.Tasks.Task.Execute()
bei System.Threading.Tasks.Task.ExecutionContextCallback(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)
bei System.Threading.Tasks.Task.ExecuteEntry(Boolean)
bei System.Threading.Tasks.Task.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/03/2017 06:55:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Apowersoft Free Screen Recorder.exe, Version: 3.0.6.0, Zeitstempel: 0x570dc4f2
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x58256ca0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003ff33
ID des fehlerhaften Prozesses: 0x1f40
Startzeit der fehlerhaften Anwendung: 0x01d2c429d5f883d3
Pfad der fehlerhaften Anwendung: D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
Pfad des fehlerhaften Moduls: D:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 44b27f6e-b400-4cca-bcf5-88c00004783b
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/03/2017 06:55:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Apowersoft Free Screen Recorder.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.AccessViolationException
bei Apowersoft.Media.FFMpeg.SDL.SDL_CondSignal(IntPtr)
bei Apowersoft.Media.FFMpeg.VideoPlayClass.alloc_picture(VideoState)
bei Apowersoft.Media.FFMpeg.VideoPlayClass.event_loop(VideoState)
bei Apowersoft.Media.FFMpeg.VideoPlayClass.init_source(System.Windows.Forms.PictureBox, Apowersoft.Media.FFMpeg.ConvertTask)
bei Apowersoft.Media.FFMpeg.VideoPlayClass.VideoPlay(System.Windows.Forms.PictureBox, Apowersoft.Media.FFMpeg.ConvertTask, Boolean)
bei Apowersoft.Media.FFMpeg.VideoPlayClass+<>c__DisplayClass2.<Open>b__1()
bei System.Threading.Tasks.Task`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InnerInvoke()
bei System.Threading.Tasks.Task.Execute()
bei System.Threading.Tasks.Task.ExecutionContextCallback(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)
bei System.Threading.Tasks.Task.ExecuteEntry(Boolean)
bei System.Threading.Tasks.Task.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/03/2017 06:44:07 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: NONNAME)
Description: 7.488: Der EFS-Dienst*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Error: (05/03/2017 06:42:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "D:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Systemfehler:
=============
Error: (05/03/2017 10:49:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual Studio 2012 (KB3002339)
Error: (05/03/2017 10:49:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual Studio 2012 (KB2781514)
Error: (05/03/2017 10:30:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "CDPUserSvc_38d9c" wurde mit folgendem Fehler beendet:
Unbekannter Fehler
Error: (05/03/2017 10:29:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WMPNetworkSvc" ist vom Dienst "WSearch" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (05/03/2017 10:28:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024001e fehlgeschlagen: Update für Microsoft Visual Studio 2012 (KB2781514)
Error: (05/03/2017 10:27:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberGhost 6 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/03/2017 10:27:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/03/2017 10:27:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/03/2017 10:27:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/03/2017 10:27:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-05-03 21:00:04.614
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\B108.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-03 18:40:38.402
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\B108.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-03 18:40:15.869
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\B108.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-03 18:25:27.994
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\6145.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-03 18:24:38.214
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\6145.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-27 12:20:22.419
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\käptnBlaubär\Desktop\security\security\sysinternals\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.450
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.439
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.427
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.410
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 8190.49 MB
Verfügbarer physikalischer RAM: 5432.35 MB
Summe virtueller Speicher: 16382.49 MB
Verfügbarer virtueller Speicher: 13333.57 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:97.66 GB) (Free:68.75 GB) NTFS
Drive d: (DATA2) (Fixed) (Total:501.65 GB) (Free:197.23 GB) NTFS
Drive e: (Data) (Fixed) (Total:638.35 GB) (Free:380.99 GB) NTFS
Drive m: (LinuxDrive) (Fixed) (Total:195.3 GB) (Free:165.93 GB) exFAT
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00088CFD)
Partition 1: (Active) - (Size=93.1 GB) - (Type=83)
Partition 2: (Not Active) - (Size=503 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 38897494)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
|
|
04.05.2017, 19:38
| #9 |
| /// TB-Ausbilder | Rootkitverdacht Servus, wir kontrollieren nochmal alles. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4
Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
05.05.2017, 12:15
| #10 |
| | RootkitverdachtCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03-05-2017 01
durchgeführt von Nada (04-05-2017 22:06:39) Run:1
Gestartet von D:\Users\käptnBlaubär\Downloads
Geladene Profile: Nada (Verfügbare Profile: Nada)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozesse erfolgreich geschlossen.
========= RemoveProxy: =========
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 13184945 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 213549366 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 16413872 B
Edge => 0 B
Chrome => 0 B
Firefox => 13633139 B
Opera => 1223392 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 2657009 B
LocalService => 0 B
NetworkService => 0 B
käptnBlaubär => 100545636 B
V.I.P.O ® => 0 B
RecycleBin => 0 B
EmptyTemp: => 344.5 MB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 22:06:48 ====
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2017 01
durchgeführt von Nada (Administrator) auf NONNAME (05-05-2017 13:05:36)
Gestartet von D:\Users\käptnBlaubär\Downloads
Geladene Profile: Nada & (Verfügbare Profile: Nada)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) D:\Windows\System32\mqsvc.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
() D:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(CyberGhost S.R.L) D:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) D:\Windows\System32\dllhost.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) D:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) D:\Windows\System32\smartscreen.exe
(Microsoft Corporation) D:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [NvBackend] => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => D:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => D:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\Run: [CyberGhost] => D:\Program Files\CyberGhost 6\CyberGhost.exe [1229360 2017-03-22] (CyberGhost S.R.L.)
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\MountPoints2: {96ef2f02-b7e1-11e6-affc-00241dcdd299} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\MountPoints2: {96ef3006-b7e1-11e6-affc-00241dcdd299} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\MountPoints2: {982a3fa4-8bac-11e6-8259-ac6d6fc2ffef} - "L:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled [2017-05-02] ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{5fc12dcf-8f58-4b1e-b714-1f3f22a18988}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5fc12dcf-8f58-4b1e-b714-1f3f22a18988}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{76bd2376-4dec-4907-811f-8ccb99843d19}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-10] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-10] (Oracle Corporation)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: D:\Users\käptnBlaubär\AppData\Roaming\Nvu\Profiles\rsb2mpcf.default [2016-12-27]
FF ProfilePath: D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904 [2017-05-05]
FF Homepage: Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904 -> Google.ch
FF NetworkProxy: Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904 -> type", 0
FF Extension: (Advanced Cookie Manager) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\cookiemgr@jayapal.com [2016-10-22]
FF Extension: (SQLite Manager) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-12-06]
FF Extension: (NoScript) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-22]
FF Extension: (Video DownloadHelper) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
FF Extension: (Adblock Plus) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (BetterPrivacy) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-12-21]
FF Extension: (DownThemAll!) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-20]
FF Extension: (Shield Recipe Client) - D:\Users\käptnBlaubär\AppData\Roaming\Mozilla\Firefox\Profiles\t1a1hz6g.default-1476978448904\features\{e75cc523-2972-4051-acdc-9ff1e83de574}\shield-recipe-client@mozilla.org.xpi [2017-04-29]
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\pandasecuritytb.xml [2017-01-02]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> D:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> D:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> D:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> D:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [Keine Datei]
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> D:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> D:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [Keine Datei]
Opera:
=======
OPR Extension: (360 Internet Protection) - D:\Users\käptnBlaubär\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2016-07-09]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; D:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; D:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-21] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.ServiceHost; D:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349096 2017-01-19] (Avira Operations GmbH & Co. KG)
R2 CG6Service; D:\Program Files\CyberGhost 6\CyberGhost.Service.exe [87088 2017-03-22] (CyberGhost S.R.L)
S3 IEEtwCollectorService; D:\Windows\system32\IEEtwCollector.exe [114688 2015-08-15] (Microsoft Corporation) [Datei ist nicht signiert]
S3 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 NvContainerLocalSystem; D:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S4 NvContainerNetworkService; D:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S4 NVIDIA Wireless Controller Service; D:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
S4 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2147216 2017-04-18] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3116440 2017-04-18] (Electronic Arts)
R2 PnkBstrA; D:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-09-29] ()
S4 RUBotSrv; D:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
S4 SandraAgentSrv; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe [73200 2014-10-06] (SiSoftware) [Datei ist nicht signiert]
S3 Sense; D:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; D:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
S3 WinDefend; D:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; D:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; D:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 avnetflt; D:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-21] (Avira Operations GmbH & Co. KG)
R0 avusbflt; D:\WINDOWS\System32\Drivers\avusbflt.sys [48584 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 cgnetfilter1521; D:\WINDOWS\System32\drivers\cgnetfilter1521.sys [84768 2017-03-22] (Windows (R) Win 7 DDK provider)
S3 eeCtrl; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-28] (Symantec Corporation)
S3 EraserUtilDrv11521; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [156912 2016-04-28] (Symantec Corporation)
R1 HssDRV6; D:\WINDOWS\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S3 MBAMSwissArmy; D:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-03] (Malwarebytes)
S3 MEMSWEEP2; D:\WINDOWS\system32\B108.tmp [6144 2009-06-18] (Sophos Plc) [Datei ist nicht signiert]
S3 NetAdapterCx; D:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; D:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R2 NPF; D:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NvStreamKms; D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; D:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
S3 PORTMON; D:\Users\käptnBlaubär\Desktop\security\security\sysinternals\PORTMSYS.SYS [28656 2017-05-05] (Systems Internals) [Datei ist nicht signiert]
U5 PROCMON23; D:\Windows\System32\Drivers\PROCMON23.sys [92344 2017-05-03] (Sysinternals - www.sysinternals.com)
S3 PSKMAD; D:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 rkhdrv40; D:\Windows\SysWow64\Drivers\rkhdrv40.sys [24320 2017-03-04] () [Datei ist nicht signiert]
S3 rspSanity; D:\WINDOWS\System32\DRIVERS\rspSanity64.sys [29752 2011-05-04] (Resplendence Software Projects Sp.)
R3 rt640x64; D:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 SANDRA; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S1 SAVRKBootTasks; D:\WINDOWS\SysWOW64\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc) [Datei ist nicht signiert]
R3 taphss6; D:\WINDOWS\System32\drivers\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 tapSF0901; D:\WINDOWS\System32\DRIVERS\tapSF0901.sys [39104 2015-07-31] (Spotflux, Inc.)
S3 WdBoot; D:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; D:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; D:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
S3 esihdrv; \??\D:\Users\KPTNBL~1\AppData\Local\Temp\esihdrv.sys [X] <==== ACHTUNG
U3 idsvc; kein ImagePath
S3 MFE_RR; \??\D:\Users\KPTNBL~1\AppData\Local\Temp\mfe_rr.sys [X] <==== ACHTUNG
U2 TMAgent; kein ImagePath
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03-05-2017 01
durchgeführt von Nada (05-05-2017 13:05:08)
Gestartet von D:\Users\käptnBlaubär\Downloads
Windows 10 Pro Version 1607 (X64) (2016-10-09 18:13:36)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2210758347-1204338499-507655992-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2210758347-1204338499-507655992-503 - Limited - Disabled)
Gast (S-1-5-21-2210758347-1204338499-507655992-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2210758347-1204338499-507655992-1002 - Limited - Enabled)
Nada (S-1-5-21-2210758347-1204338499-507655992-1000 - Administrator - Enabled) => D:\Users\käptnBlaubär
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AdBlockerHelper (HKLM-x32\...\{7923DD5E-8FFC-4DE8-A7DC-D4B83797F3C0}) (Version: - AdBlockerHelper)
Apowersoft kostenloser Bildschirmrekorder V3.0.6 (HKLM-x32\...\{24a5c90b-5128-4fc9-91f5-113d64087118}_is1) (Version: 3.0.6 - APOWERSOFT LIMITED)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{1f8bb480-f5d7-4414-a6ea-28e005509ae4}) (Version: 1.2.81.6390 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.6390 - Avira Operations GmbH & Co. KG) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CMS2017 2.0 (HKLM-x32\...\{91190DD8-7271-4F6A-BF98-96B72E835A15}) (Version: - M.S)
Command & Conquer 3 (HKLM-x32\...\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer(TM) Generäle (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer(TM) Generäle (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and Conquer(TM) Generäle Die Stunde Null (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and Conquer(TM) Generäle Die Stunde Null (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
EasySetup 2.0.6 (HKLM-x32\...\{7CD2DA07-6695-4FFE-A2A6-5F7055F1A8FA}) (Version: - Thorsten Hoeppner)
Emsisoft HiJackFree 4.5 (HKLM-x32\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH)
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{4705DBFD-9D5E-4D23-817C-8CA7359B7BDE}) (Version: 11.1.20810.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HTML Help Workshop (HKLM-x32\...\HTML Help Workshop) (Version: - )
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Linkverwaltung 2.0 (HKLM-x32\...\{3AC6AA2F-8C74-48AC-A064-707CDB7461D8}) (Version: - M.S)
MD5Hasch 2.0.0 (HKLM-x32\...\{9C0D084E-423E-452F-9935-F96A2A840C61}) (Version: - M.S)
MeineDaten 2.0 (HKLM-x32\...\{1A25CEB9-5A89-43AB-93CD-BF8B0149F684}) (Version: - M.S)
MeineDatenBank 2.0 (HKLM-x32\...\{7EA04711-607D-424B-A210-900296D7B874}) (Version: - M.S)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM-x32\...\{00040407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office Access Runtime (German) 2007 (HKLM-x32\...\{90120000-001C-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 (Deutsch) (HKLM-x32\...\{FA440BE8-EC2F-4478-A01A-077DA0606501}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual FoxPro OLE DB Provider (HKLM-x32\...\{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}) (Version: 1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (HKLM-x32\...\{69ec32be-d994-44de-9eae-6d86ced6f352}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0 (x64 de) (HKLM\...\Mozilla Firefox 53.0 (x64 de)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NetObjects Fusion Essentials (HKLM-x32\...\{8508AD2F-9837-4CC3-AC3C-05DB64D20275}) (Version: 13.0 - NetObjects)
NetObjects Fusion Essentials (x32 Version: 13.00.0000.5598 - NetObjects) Hidden
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.80 - Symantec Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Grafiktreiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.9.38188 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 3.0.19.0 - Goversoft LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Returnil System Safe 2011 (HKLM-x32\...\{92AF8F5C-4F36-4276-ADC7-AC95F348235B}) (Version: 3.2.10853 - CJSC Returnil Software)
RogueKiller Version 12.10.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.6.0 - Adlice Software)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: - Samsung Electronics CO.,LTD)
SanityCheck 2.02 (HKLM\...\SanityCheck_is1) (Version: - Resplendence Software Projects Sp.)
Serif PagePlus X2 (HKLM-x32\...\{B00B1355-DD54-4314-90B1-161C6A7D3FD3}) (Version: 12.0.0.012 - Serif (Europe) Ltd)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TrojanHunter 6.0 (HKLM-x32\...\TrojanHunter_is1) (Version: 6.0 - Bytelayer AB)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17362 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01D4B8E8-467A-4035-90A1-6A5D225FBF40} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {0271E4B5-0CBB-4FBD-BF90-A81C65725AA4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {0AE4797F-C5A4-4793-A9F9-B58F04895C3D} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd)
Task: {0C59C8F3-5851-4422-A8EB-C1C2E79851EA} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {0D876791-6730-4569-91A1-16C55356B8D7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {0DA3D330-6608-429D-8C7F-772E1B18F40A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {22093BCE-0D5C-4DE1-97BA-2DE8FBB4AC7B} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {2CE6F91D-AD61-4A5B-A47E-7BDA0D5CC3EE} - System32\Tasks\Apple\AppleSoftwareUpdate => D:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {2CFBDC09-4D64-44E6-9ECF-CC7F0F76D9BF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {2FD69397-024B-4ED2-9C5F-29C651355DE4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3B5223C3-3DF8-4660-9F71-06FA0C9AC531} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {3D2FDB4D-CAC6-4CE1-A3EA-06B7D18227A5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {6EADAB68-C306-4603-AAAC-2714B530E405} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7F5F7452-6161-4DD5-91D9-FCFE41EC5B08} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {7F871D47-7D40-4C22-8BF0-7084448DCE1C} - System32\Tasks\{E7EB9F2C-A589-4420-A190-2EBD4D9356C5} => pcalua.exe -a D:\Users\käptnBlaubär\Downloads\MDAC_TYP.EXE -d D:\Users\käptnBlaubär\Downloads
Task: {8B70AB37-B99E-4BC4-8D87-F711C3643B21} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {95E9774F-A4C2-4FBD-A92D-D0CE10521609} - System32\Tasks\Norton Security Scan for Nada => D:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.80\Nss.exe [2016-11-03] (Symantec Corporation)
Task: {9B8180B6-C3BC-4406-B40D-C9247E07DC26} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {AB65F659-6576-490A-9175-C613E99BAF1E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {ABB7C120-8C3C-4B0D-87F9-B1FB6910205F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AD543F3E-A6BA-4963-B9D4-65399B2608F0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {DB45A22E-95DB-417E-B2F4-942A0E3F37A3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {DFD1099D-3BBF-445F-A770-310BDD089ABA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E7953A10-891C-4E02-8853-7BFF209B64A5} - System32\Tasks\PrivaZer_SkipUAC => D:\Program Files (x86)\PrivaZer\PrivaZer.exe [2017-04-02] (Goversoft LLC)
Task: {FC71D964-1996-43EF-BCD8-211A7E12C037} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {FD040641-285A-4D1B-87CA-569A58C603B6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-02-01 19:25 - 2008-06-04 16:53 - 00027648 _____ () D:\WINDOWS\System32\spd__l6.dll
2016-02-01 19:25 - 2009-03-18 14:05 - 00685568 _____ () D:\WINDOWS\system32\spool\DRIVERS\x64\3\spd__du.dll
2014-10-03 20:56 - 2015-09-29 20:38 - 00076152 _____ () D:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-04-20 16:01 - 2017-03-22 09:39 - 00169656 _____ () D:\Program Files\CyberGhost 6\Data\Firewall\x64\nfapi.DLL
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () D:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-11 19:36 - 2017-03-28 08:22 - 02681200 _____ () D:\WINDOWS\System32\CoreUIComponents.dll
2017-04-11 19:36 - 2017-03-28 08:22 - 02681200 _____ () D:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 19:36 - 2017-03-28 08:22 - 02681200 _____ () D:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-09 20:17 - 2016-10-09 20:17 - 00959168 _____ () D:\Users\käptnBlaubär\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-10-05 15:38 - 2016-10-07 21:54 - 03525431 _____ () D:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2016-09-21 22:16 - 2016-09-21 22:16 - 00230064 _____ () D:\Program Files\Notepad++\NppShell_06.dll
2016-10-10 12:07 - 2016-09-07 06:56 - 00134656 _____ () D:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 17:55 - 2017-03-04 08:31 - 00474112 _____ () D:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 17:55 - 2017-03-04 08:12 - 09760768 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 17:55 - 2017-03-04 08:05 - 01401856 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 17:55 - 2017-03-04 08:05 - 00757248 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 19:36 - 2017-03-28 07:08 - 02424320 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 19:36 - 2017-03-28 07:11 - 04853760 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-05 16:27 - 2017-04-18 18:37 - 02493440 _____ () D:\Program Files (x86)\Origin\libGLESv2.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: D:\ProgramData\TEMP:341E39B2 [127]
AlternateDataStreams: D:\ProgramData\TEMP:55B41E6A [122]
AlternateDataStreams: D:\ProgramData\TEMP:9A870F8B [932]
AlternateDataStreams: D:\ProgramData\TEMP:AC64BB05 [131]
AlternateDataStreams: D:\ProgramData\TEMP:CB0AACC9 [320]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\localhost -> hxxps://localhost
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2016-12-29 17:30 - 00000938 _____ D:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\Control Panel\Desktop\\Wallpaper -> d:\users\käptnblaubär\appdata\local\microsoft\windows\themes\img10.jpg
HKU\S-1-5-21-2210758347-1204338499-507655992-1003\Control Panel\Desktop\\Wallpaper -> D:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: HDDlife HDD Access service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVIDIA Wireless Controller Service => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: RUBotSrv => 2
MSCONFIG\Services: Samsung UPD Service => 3
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Malwarebytes Anti-Ransomware.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RSS 2011.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\StartupFolder: => "MALWAREBYTES ANTI-RANSOMWARE.LNK"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "Kaspersky Software Updater"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "KSS"
HKU\S-1-5-21-2210758347-1204338499-507655992-1000\...\StartupApproved\Run: => "CyberGhost"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-dcom] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RVM-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteDesktop-Shadow-In-TCP] => (Block) %SystemRoot%\system32\RdpSa.exe
FirewallRules: [{7F769B1A-858C-458B-9A95-FCF7E5EFA399}] => (Allow) D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\RpcSandraSrv.exe
FirewallRules: [{41724820-1BA1-49E5-BE8C-9DF9A7514327}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{20B3855F-1D77-488C-A050-B71C2E34D227}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F76BB3A0-1177-4D72-BBDF-383DFAE32FBB}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A13DC88-D16A-4C3D-8925-88FCED9383EA}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{78948828-5201-497F-9ED0-DBAB838215D6}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{824E0CB4-2954-46A1-9499-1D88D3360982}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{6F41A2D2-BB0F-4472-8855-6FBB7119011A}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{10AFA1D6-1B82-425C-813B-4CF0928E8C60}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AA6D773E-F25C-4A29-B21D-F255C0EFB9F7}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0C4085FB-E4A8-494B-B93A-8CD6532DE3A8}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E0B059C6-F1D4-4441-9780-D8553F11B575}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [{E83FB76E-9205-4B6B-8264-196650AF4E39}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{9EBF74DB-BC08-40B6-9575-D8D213608D0A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{941EDF7C-AC2E-43A4-8F97-03BB134C3A76}] => (Allow) D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe
FirewallRules: [{B1FB53ED-8CBF-4BD7-B2E1-6F7037D2C96D}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E69C2C7A-2AE5-4E02-B62F-28AFE47B84B1}] => (Allow) D:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AD7DB536-19D1-4741-B5CA-38074D5E1A78}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3344C11A-A8FE-4C9A-A9DD-BEEA3D386BF9}] => (Allow) D:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2384AD3A-D15A-4F07-994F-EBAFEC09606D}] => (Allow) D:\Windows\System32\SUPDSvc.exe
FirewallRules: [{CB56C37F-E60F-44CB-A761-A3E48F5845AA}] => (Allow) D:\Windows\System32\SUPDSvc.exe
FirewallRules: [{49EAE512-EEE3-49B1-9BC4-32F5A7F2FEEC}] => (Allow) D:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5BD170FA-F34F-4319-8887-B087D7380D33}] => (Allow) D:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{9CE0734A-6829-49A3-81D6-8034B1FECDD0}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6D6BFBEA-9B0A-4F8F-AD28-79BA423DB5D5}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1E574917-8CE3-4A76-A3F1-3F565C77BA0F}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{478E522C-A52C-44EA-8670-B3E6C5E89A15}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6F94AA1F-8281-48E4-9FE4-335A3C70952E}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{631237D1-47B0-48CB-930E-FE9A63BDD72A}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe
FirewallRules: [UDP Query User{79479189-1BE3-4180-8F59-FF21B7EA6F40}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.vshost.exe
FirewallRules: [TCP Query User{2C07FB38-2308-41C4-8EA1-3DDE4F628B43}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe
FirewallRules: [UDP Query User{B887583F-AF8C-41D9-AEA1-3A5C9CE84EE1}D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\mserver\mserver\bin\debug\mserver.exe
FirewallRules: [TCP Query User{56F9FDED-A005-4E74-9A7F-2FEFBCC8BC73}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe
FirewallRules: [UDP Query User{E4569F72-193F-45C8-B231-2A3B0ED01148}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.vshost.exe
FirewallRules: [TCP Query User{5E2B3BAD-54EE-438C-AC3C-1F309DA1993F}M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [UDP Query User{1FB60CBB-26D5-4F74-9C58-A75F86DE2937}M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) M:\programmieren_2016\visualstudioprojekte\fertige\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [TCP Query User{171C4656-4433-4F65-97D4-6CF2B47E7A39}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [UDP Query User{8526678C-D896-49D7-87C9-BC30E338E603}D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe] => (Allow) D:\users\käptnblaubär\documents\visual studio 2015\projects\meinserver\meinserver\bin\debug\meinserver.exe
FirewallRules: [{DF89024D-2B67-4DA0-9C70-25F04DDFD0AF}] => (Allow) D:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{053641C4-8E62-423E-830A-D1BCA1D101FE}] => (Allow) D:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{47366012-3301-451E-B967-326DA431DB42}] => (Allow) D:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69B051BA-DDF0-4670-9130-E5299DDCB00D}] => (Allow) D:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{15C47165-9F69-45AD-B585-0115FD36FBFB}D:\program files\mozilla firefox\firefox.exe] => (Block) D:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{10937510-0CE9-4228-AC1A-2E4453E174F8}D:\program files\mozilla firefox\firefox.exe] => (Block) D:\program files\mozilla firefox\firefox.exe
FirewallRules: [{312AD574-CAF1-4AB3-84D3-3C9936F5111E}] => (Allow) D:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3FAC850C-2CB5-4E7C-A3DF-353FC2451365}] => (Allow) LPort=2869
FirewallRules: [{AEFE14F6-3CDA-438C-B783-08410C687D01}] => (Allow) LPort=1900
FirewallRules: [{E62DE134-693D-44A0-BE77-A4DD434723E5}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{5919157E-1C8C-4E91-AE5C-7AF5171615B9}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{20ADF67F-6DAC-41BB-8BAA-0995BAF0A1E0}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
FirewallRules: [{0767923C-CD9E-4991-8A43-09B1226DDE4E}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
FirewallRules: [{1CB36320-7D43-4CF2-8774-F7950285AF34}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Video Editor.exe
FirewallRules: [{1B72EADA-52DE-409F-8D94-4AAD682B7D98}] => (Allow) D:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Video Editor.exe
==================== Wiederherstellungspunkte =========================
27-04-2017 14:50:16 Microsoft Visual C++ 2005 Redistributable wird installiert
27-04-2017 15:00:26 JRT Pre-Junkware Removal
01-05-2017 09:53:56 Windows Update
01-05-2017 09:54:39 Windows Update
01-05-2017 10:33:34 Installed Compatibility Pack for the 2007 Office system
02-05-2017 17:44:02 Installed SafenSoft SysWatch.
02-05-2017 17:48:03 Installed SafenSoft SysWatch.
02-05-2017 17:56:03 Removed SafenSoft SysWatch.
02-05-2017 20:15:14 Returnil System Safe 2011 wird installiert
02-05-2017 23:47:02 Returnil System Safe 2011 wird entfernt
03-05-2017 09:21:05 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/05/2017 12:54:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: D:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: D:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (05/05/2017 12:12:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Users\käptnBlaubär\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: D:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: D:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (05/05/2017 08:30:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: D:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: D:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (05/05/2017 07:57:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: D:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: D:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (05/05/2017 07:55:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Users\käptnBlaubär\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: D:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: D:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (05/05/2017 07:54:00 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: NONNAME)
Description: 7.488: Der EFS-Dienst*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Error: (05/04/2017 11:14:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "d:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: D:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: D:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (05/04/2017 10:41:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: D:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: D:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (05/04/2017 10:41:34 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: NONNAME)
Description: 7.488: Der EFS-Dienst*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Error: (05/04/2017 10:37:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: D:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: D:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Systemfehler:
=============
Error: (05/05/2017 10:01:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "PORTMON" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (05/05/2017 10:01:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Users\käptnBlaubär\Desktop\security\security\sysinternal
Error: (05/05/2017 07:57:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (05/05/2017 07:57:53 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Users\KPTNBL~1\AppData\Local\Temp\ehdrv.sys
Error: (05/05/2017 07:57:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (05/05/2017 07:57:53 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Users\KPTNBL~1\AppData\Local\Temp\ehdrv.sys
Error: (05/05/2017 07:57:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (05/05/2017 07:57:53 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Users\KPTNBL~1\AppData\Local\Temp\ehdrv.sys
Error: (05/05/2017 07:57:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (05/05/2017 07:57:24 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Users\KPTNBL~1\AppData\Local\Temp\ehdrv.sys
CodeIntegrity:
===================================
Date: 2017-05-05 10:01:34.662
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\käptnBlaubär\Desktop\security\security\sysinternals\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-03 21:00:04.614
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\B108.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-03 18:40:38.402
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\B108.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-03 18:40:15.869
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\B108.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-03 18:25:27.994
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\6145.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-03 18:24:38.214
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\6145.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-27 12:20:22.419
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\käptnBlaubär\Desktop\security\security\sysinternals\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.450
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.439
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-21 12:56:32.427
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\BEC5.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 8190.49 MB
Verfügbarer physikalischer RAM: 5627.37 MB
Summe virtueller Speicher: 16382.49 MB
Verfügbarer virtueller Speicher: 13738.28 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:97.66 GB) (Free:68.75 GB) NTFS
Drive d: (DATA2) (Fixed) (Total:501.65 GB) (Free:195.24 GB) NTFS
Drive e: (Data) (Fixed) (Total:638.35 GB) (Free:380.99 GB) NTFS
Drive m: (LinuxDrive) (Fixed) (Total:195.3 GB) (Free:165.93 GB) exFAT
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00088CFD)
Partition 1: (Active) - (Size=93.1 GB) - (Type=83)
Partition 2: (Not Active) - (Size=503 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 38897494)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
Code:
ATTFilter HitmanPro 3.7.18.284
www.hitmanpro.com
Computer name . . . . : NONNAME
Windows . . . . . . . : 10.0.0.14393.X64/8
User name . . . . . . : NONNAME\Nada
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2017-05-04 22:16:16
Scan mode . . . . . . : Normal
Scan duration . . . . : 15m 42s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 3
Objects scanned . . . : 3.054.833
Files scanned . . . . : 119.326
Remnants scanned . . : 834.714 files / 2.100.793 keys
Suspicious files ____________________________________________________________
D:\Users\käptnBlaubär\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll
Size . . . . . . . : 1.014.616 bytes
Age . . . . . . . : 944.0 days (2014-10-03 21:05:41)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
D:\Users\käptnBlaubär\Downloads\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2.428.416 bytes
Age . . . . . . . : 2.0 days (2017-05-02 22:34:50)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 107C4946A928FC921A678DD867CF562951ED76599078CC8E9A5440A7972B0BE2
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
D:\Users\käptnBlaubär\Downloads\FRST64.exe
Size . . . . . . . : 2.428.928 bytes
Age . . . . . . . : 1.0 days (2017-05-03 22:55:50)
Entropy . . . . . : 7.6
SHA-256 . . . . . : C0E221A65FA757DDC714FA6EF38443EC87A17B7E8AAE23EF6555E859D3105B26
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-5.2s D:\Windows\Prefetch\ERUNT.EXE-21B28E64.pf
-2.7s D:\Windows\Prefetch\CMD.EXE-4FC70BD8.pf
0.0s D:\Users\käptnBlaubär\Downloads\FRST64.exe
1.5s D:\Users\käptnBlaubär\Downloads\FRST-OlderVersion\
1.8s D:\Windows\Prefetch\DLLHOST.EXE-47C179AF.pf
3.6s D:\Windows\Prefetch\FRST64.EXE-43EBB8AE.pf
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6fd4d62373252d4993f3f3ad2f126837
# end=init
# utc_time=2017-05-04 08:36:28
# local_time=2017-05-04 10:36:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 33275
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6fd4d62373252d4993f3f3ad2f126837
# end=updated
# utc_time=2017-05-04 08:38:29
# local_time=2017-05-04 10:38:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6fd4d62373252d4993f3f3ad2f126837
# end=init
# utc_time=2017-05-05 05:55:44
# local_time=2017-05-05 07:55:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 33279
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6fd4d62373252d4993f3f3ad2f126837
# end=updated
# utc_time=2017-05-05 05:58:02
# local_time=2017-05-05 07:58:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6fd4d62373252d4993f3f3ad2f126837
# engine=33279
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-05-05 10:51:53
# local_time=2017-05-05 12:51:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 96 180893 3887408 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1997216 25312127 0 0
# scanned=642593
# found=1
# cleaned=0
# scan_time=17631
sh=55AA2EB829D2914FBB02F88DCD885D50E7474682 ft=1 fh=c2852cceef986225 vn="Variante von Win32/DownloadGuide.D eventuell unerwünschte Anwendung" ac=I fn="D:\CCE_Quarantine\{D3507ED3-FAA3-4F08-8A83-685E23C4D0BE}"
Vielen Dank erstmal für die Anleitungen. Ja einiges kommt mir noch komisch vor: Habe noch den Ordner gefunden auf dem ein unbekanntes Konto zugriff hat: D:\Users\V.I.P.O ® Ordner Unbekanntes Konto? S.1-5-21-2210758347-1204338499-507655992-1003 und die Ports kommen mir verdächtig vor.. explorer.exe 7028 TCP nonname 5850 2.20.16.51 http ESTABLISHED 1 215 1 1.582 explorer.exe 7028 TCP nonname 5851 2.20.18.3 http ESTABLISHED 1 213 3 4.547 System 4 TCP nonname netbios-ssn NonName 0 LISTENING System 4 TCP NonName 49154 localhost 5468 ESTABLISHED 4 16 System 4 TCP NonName microsoft-ds NonName 0 LISTENING System 4 TCP NonName 49152 NonName 0 LISTENING System 4 TCP NonName 49153 NonName 0 LISTENING System 4 TCP NonName 49154 NonName 0 LISTENING System 4 UDP nonname netbios-ns * * 15 750 3 150 System 4 UDP nonname netbios-dgm * * System 4 TCPV6 nonname microsoft-ds nonname 0 LISTENING System 4 TCPV6 nonname 49152 nonname 0 LISTENING System 4 TCPV6 nonname 49153 nonname 0 LISTENING System 4 TCPV6 nonname 49154 nonname 0 LISTENING Gruss Michael |
|
05.05.2017, 19:33
| #11 |
| /// TB-Ausbilder | Rootkitverdacht Servus, wenn du den Benutzer "V.I.P.O ®" nicht kennst und ihm auch keinem Programm, etc. zuordnen kannst, könntest du den Benutzer auch unter Start > Einstellungen > Konten entfernen. Die Logdateien sehen gut aus, kein Rootkit vorhanden. Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  Vielleicht möchtest du das Forum mit einer kleinen Spende  unterstützen.  Hinweise: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Cleanup Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst du diese bedenkenlos löschen. Virenscanner + Firewall Vorab sei erwähnt, dass man niemals die Schutzwirkung eines Virenscanners überbewerten darf! Kein Antivirusprogramm erkennt 100% der Schadsoftware. Sofern du noch unentschieden bist, verwende MAXIMAL EIN EINZIGES der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Verwende immer nur reine Virenscanner (keine Produkte mit "Suite", "Internet Security", "Endpoint" oder "Total Security" in Namen, denn diese bringen kontraproduktive Firewalls mit - die Windows-Firewall ist alles was benötigt wird) Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware , AdwCleaner und mit dem ESET Online Scanner scannen. Diese Programme sind alle kostenlos und stören nicht den Betrieb deines Antivirenprogramms. Absicherungen Beim Betriebsystem Windows ist es wichtig, die automatischen Updates zu aktivieren. Auch sicherheitsrelevante Software sollte immer in aktueller Version vorliegen. Das zeitnahe Einspielen von Updates ist erforderlich, damit Sicherheitslücken geschlossen werden. Sicherheitslücken werden beispielsweise dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Besonders aufpassen bzgl. der Aktualität musst du insbesondere bei folgender Software - sofern diese überhaupt benötigt wird:
Optionale Browsererweiterungen
Grundsätzliches
Lesestoff:Backup-/Image-Tools Damit man sinnvolle Backups hat, muss man regelmäßig (z. B. wöchentlich) ein Image auf eine separate externe Festplatte erstellen. Diese externe Festplatte wird nur dann angeschlossen, wenn man das Backup erstellen will (oder etwas wiederherstellen muss), ansonsten bleibt sie aus Sicherheitsgründen sicher im Schrank verwahrt - allein schon aus dem Grund, die Backups vor "Verschlüsselungstrojanern" zu schützen. Du solltest dich für eines der folgenden Programmen entscheiden und damit regelmäßig deine Daten sichern. Optioin 1 - Drivesnapshot Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64 Download (32-Bit) => http://www.drivesnapshot.de/download/snapshot.exe Download (64-Bit) => http://www.drivesnapshot.de/download/snapshot64.exe Screenshots: http://www.drivesnapshot.de/images/startup.png http://www.drivesnapshot.de/images/save3.png Option 2 - Seagate DiscWizard Seagate DiscWizard - Download - Filepony Screenshots: http://filepony.de/screenshot/seagate_discwizard5.jpg http://filepony.de/screenshot/seagate_discwizard4.png http://filepony.de/screenshot/seagate_discwizard3.jpg Option 3 - Acronis TrueImage WD Edition Acronis True Image WD Edition - Download - Filepony Screenshots: http://filepony.de/screenshot/acroni...d_edition1.jpg http://filepony.de/screenshot/acroni...d_edition2.jpg |
|
05.05.2017, 20:59
| #12 |
| | Rootkitverdacht Vielen Dank nochmals habe den PC nun bereinigt und keine Fragen mehr. |
|
05.05.2017, 21:13
| #13 |
| /// TB-Ausbilder | Rootkitverdacht Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine Profilnachricht inklusive Link zum Thema. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Rootkitverdacht |
| antivirus, avast, avira, defender, desktop, explorer, firefox, homepage, internet explorer, kaspersky, prozesse, realtek, registry, rootkit, scan, security, server, services.exe, software, superantispyware, symantec, system, udp, updates, windows |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
