| |
| |||||||
Log-Analyse und Auswertung: Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitereWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.05.2017, 23:11
| #1 |
 |  Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitere Hallo und guten Abend. Ich habe ein akutes Viren/Trojaner Problem, welches ich einfach nicht loswerde. Ich habe bereits Malwarebytes anti Maleware, Avast Browser Cleanup, Adwcleaner und JRT mehrfach drüber laufen lassen. Doch das Problem taucht nach 1-2 Tagen wieder auf. Pop up werbung von rightcoupon trotz adblocker, Mozilla beendet sich von selbst, plötzlich tauchen spiele Icons auf dem Desktop auf,Google Chrome, sowie diverse Ordner(Gerrupy, MIO, Jopetiondipas) und viele weitere, auf die ich dann zum Teil keinen Zugriff habe und somit auch nicht entfernen kann. Ich hoffe mir kann hier weiter geholfen werden. Lieben Dank im Voraus.AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.046 - Bericht erstellt am 16/05/2017 um 13:19:08
# Aktualisiert am 24/04/2017 von Malwarebytes
# Datenbank : 2017-05-15.1 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : edna - EDNA
# Gestartet von : C:\Users\edna\Downloads\adwcleaner_6.046.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
[-] Dienst gelöscht: BIT
[-] Dienst gelöscht: CWASRE
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\ProgramData\BIT
***** [ Dateien ] *****
[-] Datei gelöscht: C:\Users\edna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BigFarm.lnk
[-] Datei gelöscht: C:\Users\edna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\big_bang_empire.lnk
[-] Datei gelöscht: C:\Users\edna\Desktop\BigFarm.lnk
[-] Datei gelöscht: C:\Users\edna\Desktop\big_bang_empire.lnk
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
[-] Schlüssel gelöscht: HKLM\SOFTWARE\ScreenShot
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [4630 Bytes] - [28/04/2017 03:26:00]
C:\AdwCleaner\AdwCleaner[C10].txt - [1849 Bytes] - [16/05/2017 13:19:08]
C:\AdwCleaner\AdwCleaner[C2].txt - [1422 Bytes] - [28/04/2017 04:04:11]
C:\AdwCleaner\AdwCleaner[C3].txt - [2141 Bytes] - [28/04/2017 13:48:04]
C:\AdwCleaner\AdwCleaner[C4].txt - [2279 Bytes] - [04/05/2017 00:01:07]
C:\AdwCleaner\AdwCleaner[C5].txt - [2059 Bytes] - [05/05/2017 13:55:48]
C:\AdwCleaner\AdwCleaner[C6].txt - [2951 Bytes] - [09/05/2017 13:20:14]
C:\AdwCleaner\AdwCleaner[C7].txt - [2446 Bytes] - [10/05/2017 00:22:39]
C:\AdwCleaner\AdwCleaner[C8].txt - [3370 Bytes] - [11/05/2017 13:24:15]
C:\AdwCleaner\AdwCleaner[C9].txt - [2983 Bytes] - [13/05/2017 22:30:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [4905 Bytes] - [28/04/2017 03:09:53]
C:\AdwCleaner\AdwCleaner[S10].txt - [2586 Bytes] - [10/05/2017 00:16:29]
C:\AdwCleaner\AdwCleaner[S11].txt - [3360 Bytes] - [11/05/2017 13:23:54]
C:\AdwCleaner\AdwCleaner[S12].txt - [3087 Bytes] - [13/05/2017 22:00:19]
C:\AdwCleaner\AdwCleaner[S13].txt - [3160 Bytes] - [13/05/2017 22:30:19]
C:\AdwCleaner\AdwCleaner[S14].txt - [3737 Bytes] - [16/05/2017 13:16:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [4422 Bytes] - [28/04/2017 03:19:48]
C:\AdwCleaner\AdwCleaner[S2].txt - [1636 Bytes] - [28/04/2017 04:03:41]
C:\AdwCleaner\AdwCleaner[S3].txt - [2183 Bytes] - [28/04/2017 13:41:09]
C:\AdwCleaner\AdwCleaner[S4].txt - [1841 Bytes] - [28/04/2017 13:58:37]
C:\AdwCleaner\AdwCleaner[S5].txt - [2509 Bytes] - [03/05/2017 23:49:55]
C:\AdwCleaner\AdwCleaner[S6].txt - [2349 Bytes] - [03/05/2017 23:56:08]
C:\AdwCleaner\AdwCleaner[S7].txt - [2288 Bytes] - [05/05/2017 13:09:44]
C:\AdwCleaner\AdwCleaner[S8].txt - [2283 Bytes] - [05/05/2017 13:16:45]
C:\AdwCleaner\AdwCleaner[S9].txt - [2953 Bytes] - [09/05/2017 13:15:58]
########## EOF - C:\AdwCleaner\AdwCleaner[C10].txt - [3607 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.046 - Bericht erstellt am 18/05/2017 um 16:54:47
# Aktualisiert am 24/04/2017 von Malwarebytes
# Datenbank : 2017-05-17.1 [Lokal]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : edna - EDNA
# Gestartet von : C:\Users\edna\Downloads\adwcleaner_6.046.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
[-] Dienst gelöscht: BIT
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\ProgramData\BIT
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SOFTWARE\ScreenShot
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [4630 Bytes] - [28/04/2017 03:26:00]
C:\AdwCleaner\AdwCleaner[C10].txt - [3695 Bytes] - [16/05/2017 13:19:08]
C:\AdwCleaner\AdwCleaner[C11].txt - [2859 Bytes] - [16/05/2017 17:54:11]
C:\AdwCleaner\AdwCleaner[C12].txt - [1381 Bytes] - [18/05/2017 16:54:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [1422 Bytes] - [28/04/2017 04:04:11]
C:\AdwCleaner\AdwCleaner[C3].txt - [2141 Bytes] - [28/04/2017 13:48:04]
C:\AdwCleaner\AdwCleaner[C4].txt - [2279 Bytes] - [04/05/2017 00:01:07]
C:\AdwCleaner\AdwCleaner[C5].txt - [2059 Bytes] - [05/05/2017 13:55:48]
C:\AdwCleaner\AdwCleaner[C6].txt - [2951 Bytes] - [09/05/2017 13:20:14]
C:\AdwCleaner\AdwCleaner[C7].txt - [2446 Bytes] - [10/05/2017 00:22:39]
C:\AdwCleaner\AdwCleaner[C8].txt - [3370 Bytes] - [11/05/2017 13:24:15]
C:\AdwCleaner\AdwCleaner[C9].txt - [2983 Bytes] - [13/05/2017 22:30:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [4905 Bytes] - [28/04/2017 03:09:53]
C:\AdwCleaner\AdwCleaner[S10].txt - [2586 Bytes] - [10/05/2017 00:16:29]
C:\AdwCleaner\AdwCleaner[S11].txt - [3360 Bytes] - [11/05/2017 13:23:54]
C:\AdwCleaner\AdwCleaner[S12].txt - [3087 Bytes] - [13/05/2017 22:00:19]
C:\AdwCleaner\AdwCleaner[S13].txt - [3160 Bytes] - [13/05/2017 22:30:19]
C:\AdwCleaner\AdwCleaner[S14].txt - [3737 Bytes] - [16/05/2017 13:16:56]
C:\AdwCleaner\AdwCleaner[S15].txt - [3163 Bytes] - [16/05/2017 17:53:49]
C:\AdwCleaner\AdwCleaner[S16].txt - [3312 Bytes] - [17/05/2017 21:15:24]
C:\AdwCleaner\AdwCleaner[S17].txt - [3573 Bytes] - [18/05/2017 16:54:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [4422 Bytes] - [28/04/2017 03:19:48]
C:\AdwCleaner\AdwCleaner[S2].txt - [1636 Bytes] - [28/04/2017 04:03:41]
C:\AdwCleaner\AdwCleaner[S3].txt - [2183 Bytes] - [28/04/2017 13:41:09]
C:\AdwCleaner\AdwCleaner[S4].txt - [1841 Bytes] - [28/04/2017 13:58:37]
C:\AdwCleaner\AdwCleaner[S5].txt - [2509 Bytes] - [03/05/2017 23:49:55]
C:\AdwCleaner\AdwCleaner[S6].txt - [2349 Bytes] - [03/05/2017 23:56:08]
C:\AdwCleaner\AdwCleaner[S7].txt - [2288 Bytes] - [05/05/2017 13:09:44]
C:\AdwCleaner\AdwCleaner[S8].txt - [2283 Bytes] - [05/05/2017 13:16:45]
C:\AdwCleaner\AdwCleaner[S9].txt - [2953 Bytes] - [09/05/2017 13:15:58]
########## EOF - C:\AdwCleaner\AdwCleaner[C12].txt - [3361 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.046 - Bericht erstellt am 18/05/2017 um 21:06:49
# Aktualisiert am 24/04/2017 von Malwarebytes
# Datenbank : 2017-05-18.1 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : edna - EDNA
# Gestartet von : C:\Users\edna\Downloads\adwcleaner_6.046.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
[-] Dienst gelöscht: CSHMDR
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [4630 Bytes] - [28/04/2017 03:26:00]
C:\AdwCleaner\AdwCleaner[C10].txt - [3695 Bytes] - [16/05/2017 13:19:08]
C:\AdwCleaner\AdwCleaner[C11].txt - [2859 Bytes] - [16/05/2017 17:54:11]
C:\AdwCleaner\AdwCleaner[C12].txt - [3445 Bytes] - [18/05/2017 16:54:47]
C:\AdwCleaner\AdwCleaner[C13].txt - [1330 Bytes] - [18/05/2017 21:06:49]
C:\AdwCleaner\AdwCleaner[C2].txt - [1422 Bytes] - [28/04/2017 04:04:11]
C:\AdwCleaner\AdwCleaner[C3].txt - [2141 Bytes] - [28/04/2017 13:48:04]
C:\AdwCleaner\AdwCleaner[C4].txt - [2279 Bytes] - [04/05/2017 00:01:07]
C:\AdwCleaner\AdwCleaner[C5].txt - [2059 Bytes] - [05/05/2017 13:55:48]
C:\AdwCleaner\AdwCleaner[C6].txt - [2951 Bytes] - [09/05/2017 13:20:14]
C:\AdwCleaner\AdwCleaner[C7].txt - [2446 Bytes] - [10/05/2017 00:22:39]
C:\AdwCleaner\AdwCleaner[C8].txt - [3370 Bytes] - [11/05/2017 13:24:15]
C:\AdwCleaner\AdwCleaner[C9].txt - [2983 Bytes] - [13/05/2017 22:30:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [4905 Bytes] - [28/04/2017 03:09:53]
C:\AdwCleaner\AdwCleaner[S10].txt - [2586 Bytes] - [10/05/2017 00:16:29]
C:\AdwCleaner\AdwCleaner[S11].txt - [3360 Bytes] - [11/05/2017 13:23:54]
C:\AdwCleaner\AdwCleaner[S12].txt - [3087 Bytes] - [13/05/2017 22:00:19]
C:\AdwCleaner\AdwCleaner[S13].txt - [3160 Bytes] - [13/05/2017 22:30:19]
C:\AdwCleaner\AdwCleaner[S14].txt - [3737 Bytes] - [16/05/2017 13:16:56]
C:\AdwCleaner\AdwCleaner[S15].txt - [3163 Bytes] - [16/05/2017 17:53:49]
C:\AdwCleaner\AdwCleaner[S16].txt - [3312 Bytes] - [17/05/2017 21:15:24]
C:\AdwCleaner\AdwCleaner[S17].txt - [3573 Bytes] - [18/05/2017 16:54:27]
C:\AdwCleaner\AdwCleaner[S18].txt - [3635 Bytes] - [18/05/2017 21:06:30]
C:\AdwCleaner\AdwCleaner[S1].txt - [4422 Bytes] - [28/04/2017 03:19:48]
C:\AdwCleaner\AdwCleaner[S2].txt - [1636 Bytes] - [28/04/2017 04:03:41]
C:\AdwCleaner\AdwCleaner[S3].txt - [2183 Bytes] - [28/04/2017 13:41:09]
C:\AdwCleaner\AdwCleaner[S4].txt - [1841 Bytes] - [28/04/2017 13:58:37]
C:\AdwCleaner\AdwCleaner[S5].txt - [2509 Bytes] - [03/05/2017 23:49:55]
C:\AdwCleaner\AdwCleaner[S6].txt - [2349 Bytes] - [03/05/2017 23:56:08]
C:\AdwCleaner\AdwCleaner[S7].txt - [2288 Bytes] - [05/05/2017 13:09:44]
C:\AdwCleaner\AdwCleaner[S8].txt - [2283 Bytes] - [05/05/2017 13:16:45]
C:\AdwCleaner\AdwCleaner[S9].txt - [2953 Bytes] - [09/05/2017 13:15:58]
########## EOF - C:\AdwCleaner\AdwCleaner[C13].txt - [3384 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.047 - Bericht erstellt am 23/05/2017 um 12:58:45
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-05-22.1 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : edna - EDNA
# Gestartet von : C:\Users\edna\Downloads\adwcleaner_6.047.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
[-] Dienst gelöscht: WinSAPSvc
[-] Dienst gelöscht: SNARE
[-] Dienst gelöscht: BIT
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Users\edna\AppData\Roaming\WinSAPSvc
[-] Ordner gelöscht: C:\Users\edna\AppData\Local\SNARE
[-] Ordner gelöscht: C:\ProgramData\BIT
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
[-] Aufgabe gelöscht: Milimili
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[-] Schlüssel gelöscht: HKLM\SOFTWARE\ScreenShot
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [4630 Bytes] - [28/04/2017 03:26:00]
C:\AdwCleaner\AdwCleaner[C10].txt - [3695 Bytes] - [16/05/2017 13:19:08]
C:\AdwCleaner\AdwCleaner[C11].txt - [2859 Bytes] - [16/05/2017 17:54:11]
C:\AdwCleaner\AdwCleaner[C12].txt - [3445 Bytes] - [18/05/2017 16:54:47]
C:\AdwCleaner\AdwCleaner[C13].txt - [3468 Bytes] - [18/05/2017 21:06:49]
C:\AdwCleaner\AdwCleaner[C14].txt - [1946 Bytes] - [23/05/2017 12:58:45]
C:\AdwCleaner\AdwCleaner[C2].txt - [1422 Bytes] - [28/04/2017 04:04:11]
C:\AdwCleaner\AdwCleaner[C3].txt - [2141 Bytes] - [28/04/2017 13:48:04]
C:\AdwCleaner\AdwCleaner[C4].txt - [2279 Bytes] - [04/05/2017 00:01:07]
C:\AdwCleaner\AdwCleaner[C5].txt - [2059 Bytes] - [05/05/2017 13:55:48]
C:\AdwCleaner\AdwCleaner[C6].txt - [2951 Bytes] - [09/05/2017 13:20:14]
C:\AdwCleaner\AdwCleaner[C7].txt - [2446 Bytes] - [10/05/2017 00:22:39]
C:\AdwCleaner\AdwCleaner[C8].txt - [3370 Bytes] - [11/05/2017 13:24:15]
C:\AdwCleaner\AdwCleaner[C9].txt - [2983 Bytes] - [13/05/2017 22:30:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [4905 Bytes] - [28/04/2017 03:09:53]
C:\AdwCleaner\AdwCleaner[S10].txt - [2586 Bytes] - [10/05/2017 00:16:29]
C:\AdwCleaner\AdwCleaner[S11].txt - [3360 Bytes] - [11/05/2017 13:23:54]
C:\AdwCleaner\AdwCleaner[S12].txt - [3087 Bytes] - [13/05/2017 22:00:19]
C:\AdwCleaner\AdwCleaner[S13].txt - [3160 Bytes] - [13/05/2017 22:30:19]
C:\AdwCleaner\AdwCleaner[S14].txt - [3737 Bytes] - [16/05/2017 13:16:56]
C:\AdwCleaner\AdwCleaner[S15].txt - [3163 Bytes] - [16/05/2017 17:53:49]
C:\AdwCleaner\AdwCleaner[S16].txt - [3312 Bytes] - [17/05/2017 21:15:24]
C:\AdwCleaner\AdwCleaner[S17].txt - [3573 Bytes] - [18/05/2017 16:54:27]
C:\AdwCleaner\AdwCleaner[S18].txt - [3635 Bytes] - [18/05/2017 21:06:30]
C:\AdwCleaner\AdwCleaner[S19].txt - [3682 Bytes] - [19/05/2017 21:09:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [4422 Bytes] - [28/04/2017 03:19:48]
C:\AdwCleaner\AdwCleaner[S20].txt - [3755 Bytes] - [20/05/2017 11:20:41]
C:\AdwCleaner\AdwCleaner[S21].txt - [3829 Bytes] - [21/05/2017 13:37:18]
C:\AdwCleaner\AdwCleaner[S22].txt - [4425 Bytes] - [23/05/2017 12:58:10]
C:\AdwCleaner\AdwCleaner[S2].txt - [1636 Bytes] - [28/04/2017 04:03:41]
C:\AdwCleaner\AdwCleaner[S3].txt - [2183 Bytes] - [28/04/2017 13:41:09]
C:\AdwCleaner\AdwCleaner[S4].txt - [1841 Bytes] - [28/04/2017 13:58:37]
C:\AdwCleaner\AdwCleaner[S5].txt - [2509 Bytes] - [03/05/2017 23:49:55]
C:\AdwCleaner\AdwCleaner[S6].txt - [2349 Bytes] - [03/05/2017 23:56:08]
C:\AdwCleaner\AdwCleaner[S7].txt - [2288 Bytes] - [05/05/2017 13:09:44]
C:\AdwCleaner\AdwCleaner[S8].txt - [2283 Bytes] - [05/05/2017 13:16:45]
C:\AdwCleaner\AdwCleaner[S9].txt - [2953 Bytes] - [09/05/2017 13:15:58]
########## EOF - C:\AdwCleaner\AdwCleaner[C14].txt - [4296 Bytes] ##########
Aus dem mbam-logs werde ich gerade nicht schlau, da es nach 0 Funden aussieht, obwohl es hunderte auf einmal gab  <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2017/05/21 13:13:59 +0200</date> <logfile>mbam-log-2017-05-21 (13-13-47).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.1.8.1057</version> <malware-database>v2017.05.21.02</malware-database> <rootkit-database>v2017.04.02.01</rootkit-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 8.1</osversion> <arch>x64</arch> <username>edna</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>314796</objects> <time>1092</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>2</values> <datas>0</datas> <folders>0</folders> <files>0</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES</path><valuename>{48019F32-2C2D-4A7E-BA95-94B77B137746}</valuename><vendor>Adware.Elex</vendor><action>success</action><valuedata>v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\MIO\loader\hgstxhts541075a9e680_jd12001a08x9la08x9lax.dat|Name=QQLive下载器hgstxhts541075a9e680_jd12001a08x9la08x9lax.dat|</valuedata><hash>fcca18022e7b5dd981e0ae32f30ef30d</hash></value> <value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES</path><valuename>{FAD559EF-F061-4C16-B0C7-9347E3BE32C7}</valuename><vendor>Adware.Elex</vendor><action>success</action><valuedata>v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\MIO\loader\hgstxhts541075a9e680_jd12001a08x9la08x9lax.dat|Name=QQLive下载器hgstxhts541075a9e680_jd12001a08x9la08x9lax.dat|</valuedata><hash>9b2b63b77a2f8ea868f9815f02ffcf31</hash></value> </items> </mbam-log> <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2017/05/19 20:47:29 +0200</date> <logfile>mbam-log-2017-05-19 (20-47-21).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.1.8.1057</version> <malware-database>v2017.05.19.07</malware-database> <rootkit-database>v2017.04.02.01</rootkit-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 8.1</osversion> <arch>x64</arch> <username>edna</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>320430</objects> <time>1128</time> <processes>0</processes> <modules>0</modules> <keys>1</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>0</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <key><path>HKLM\SOFTWARE\WOW6432NODE\Dayglad</path><vendor>Adware.Ghokswa</vendor><action>success</action><hash>fe058b8fe5c4b4827b97eaf50ef3847c</hash></key> </items> </mbam-log> Das ist alles was ich bis jetzt gefunden habe. Danke noch einmal. Geändert von cookie_1 (23.05.2017 um 23:30 Uhr) |
|
24.05.2017, 14:36
| #2 |
| /// TB-Ausbilder   | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitere Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
24.05.2017, 18:08
| #3 |
| | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitere Hallo Matthias, hier die Logs
__________________Code:
ATTFilter 18:39:09.0639 0x2748 TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
18:39:09.0639 0x2748 UEFI system
18:39:15.0992 0x2748 ============================================================
18:39:15.0992 0x2748 Current date / time: 2017/05/24 18:39:15.0992
18:39:15.0992 0x2748 SystemInfo:
18:39:15.0992 0x2748
18:39:15.0992 0x2748 OS Version: 6.3.9600 ServicePack: 0.0
18:39:15.0992 0x2748 Product type: Workstation
18:39:15.0992 0x2748 ComputerName: EDNA
18:39:15.0992 0x2748 UserName: edna
18:39:15.0992 0x2748 Windows directory: C:\Windows
18:39:15.0992 0x2748 System windows directory: C:\Windows
18:39:15.0992 0x2748 Running under WOW64
18:39:15.0992 0x2748 Processor architecture: Intel x64
18:39:15.0992 0x2748 Number of processors: 4
18:39:15.0992 0x2748 Page size: 0x1000
18:39:15.0992 0x2748 Boot type: Normal boot
18:39:15.0992 0x2748 CodeIntegrityOptions = 0x00000001
18:39:15.0992 0x2748 ============================================================
18:39:15.0993 0x2748 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18685, osProperties = 0x19
18:39:16.0188 0x2748 System UUID: {7B744147-AE45-F8BD-32BD-816F1B7740F6}
18:39:16.0502 0x2748 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:39:16.0503 0x2748 ============================================================
18:39:16.0504 0x2748 \Device\Harddisk0\DR0:
18:39:16.0504 0x2748 GPT partitions:
18:39:16.0504 0x2748 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {88F82A74-97F7-4AC1-9EB0-B8C4A32D490D}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
18:39:16.0504 0x2748 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {D586E759-4BEA-4853-AA29-BA82F67852E3}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
18:39:16.0504 0x2748 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {0249D21D-3A80-48E5-8441-962EC89D814F}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
18:39:16.0504 0x2748 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {02E8C7A7-02F0-45CF-AFBE-1CC72DD0535A}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x55424800
18:39:16.0504 0x2748 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BDC830CB-ACB3-467B-B60A-3BF018A40BE1}, Name: Basic data partition, StartLBA 0x555AF000, BlocksNum 0x1F94800
18:39:16.0504 0x2748 MBR partitions:
18:39:16.0504 0x2748 ============================================================
18:39:16.0522 0x2748 C: <-> \Device\Harddisk0\DR0\Partition4
18:39:16.0568 0x2748 D: <-> \Device\Harddisk0\DR0\Partition5
18:39:16.0568 0x2748 ============================================================
18:39:16.0568 0x2748 Initialize success
18:39:16.0568 0x2748 ============================================================
18:39:28.0670 0x11b0 ============================================================
18:39:28.0671 0x11b0 Scan started
18:39:28.0671 0x11b0 Mode: Manual; SigCheck; TDLFS;
18:39:28.0671 0x11b0 ============================================================
18:39:28.0671 0x11b0 KSN ping started
18:39:28.0871 0x11b0 KSN ping finished: true
18:39:30.0413 0x11b0 ================ Scan system memory ========================
18:39:30.0413 0x11b0 System memory - ok
18:39:30.0413 0x11b0 ================ Scan services =============================
18:39:30.0539 0x11b0 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
18:39:30.0584 0x11b0 1394ohci - ok
18:39:30.0629 0x11b0 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys
18:39:30.0673 0x11b0 3ware - ok
18:39:30.0704 0x11b0 [ F39180029723D7779C80360F9E255709, F4831FEE79AAF4DB66BF58D3F89B8A6DD8F38CD546B3C653BFF7052DDA112CC6 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
18:39:30.0722 0x11b0 Accelerometer - ok
18:39:30.0759 0x11b0 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:39:30.0792 0x11b0 ACPI - ok
18:39:30.0812 0x11b0 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
18:39:30.0837 0x11b0 acpiex - ok
18:39:30.0846 0x11b0 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
18:39:30.0867 0x11b0 acpipagr - ok
18:39:30.0879 0x11b0 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
18:39:30.0899 0x11b0 AcpiPmi - ok
18:39:30.0905 0x11b0 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys
18:39:30.0938 0x11b0 acpitime - ok
18:39:30.0967 0x11b0 [ 2F0683FD2DF1D92E891CACA14B45A8C1, B4A8D6A183FA0B7D642FAD6B51C19FEC998481E1C49480D2B391E5D8B55F5BBD ] adfs C:\Windows\system32\drivers\adfs.sys
18:39:30.0993 0x11b0 adfs - ok
18:39:31.0080 0x11b0 [ 57A3B9A69F14414ACE12AFD6BA701773, E17FD004315B666E3A880C987A83A2B6C6156C3D6E9550AAC6F686348F7CE7AC ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
18:39:31.0090 0x11b0 Adobe Version Cue CS4 - ok
18:39:31.0179 0x11b0 [ E6A1D864EC90F4397DF5AB2633B34DD4, 05F1B7291EBDD9CA1D74649C0DAFCBE5F2CF93E92C5CA16A8AC10B6DF83101A0 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:39:31.0190 0x11b0 AdobeFlashPlayerUpdateSvc - ok
18:39:31.0243 0x11b0 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
18:39:31.0283 0x11b0 ADP80XX - ok
18:39:31.0315 0x11b0 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:39:31.0329 0x11b0 AeLookupSvc - ok
18:39:31.0357 0x11b0 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\Windows\system32\drivers\afd.sys
18:39:31.0394 0x11b0 AFD - ok
18:39:31.0437 0x11b0 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:39:31.0468 0x11b0 agp440 - ok
18:39:31.0494 0x11b0 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
18:39:31.0516 0x11b0 ahcache - ok
18:39:31.0549 0x11b0 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe
18:39:31.0560 0x11b0 ALG - ok
18:39:31.0572 0x11b0 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
18:39:31.0601 0x11b0 AmdK8 - ok
18:39:31.0618 0x11b0 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
18:39:31.0641 0x11b0 AmdPPM - ok
18:39:31.0650 0x11b0 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:39:31.0684 0x11b0 amdsata - ok
18:39:31.0706 0x11b0 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:39:31.0732 0x11b0 amdsbs - ok
18:39:31.0746 0x11b0 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:39:31.0763 0x11b0 amdxata - ok
18:39:31.0797 0x11b0 [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
18:39:31.0808 0x11b0 AppHostSvc - ok
18:39:31.0840 0x11b0 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys
18:39:31.0862 0x11b0 AppID - ok
18:39:31.0887 0x11b0 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:39:31.0897 0x11b0 AppIDSvc - ok
18:39:31.0934 0x11b0 [ 734622FBA766DBD65B1803549B24A04A, 3B6872B87A60D4DA265D3B8AB0561A929CFE2C097419183E93D3843422363C89 ] Appinfo C:\Windows\System32\appinfo.dll
18:39:31.0945 0x11b0 Appinfo - ok
18:39:31.0977 0x11b0 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll
18:39:31.0995 0x11b0 AppReadiness - ok
18:39:32.0057 0x11b0 [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
18:39:32.0093 0x11b0 AppXSvc - ok
18:39:32.0115 0x11b0 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:39:32.0135 0x11b0 arcsas - ok
18:39:32.0196 0x11b0 [ 866582BB58A8889235A0C8F29C7B4318, 7385D6EEA77ED7FFF526015519D70007F0E94BCF791BD7A1D0D66B133C20019F ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:39:32.0215 0x11b0 aspnet_state - ok
18:39:32.0224 0x11b0 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:39:32.0253 0x11b0 AsyncMac - ok
18:39:32.0269 0x11b0 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys
18:39:32.0288 0x11b0 atapi - ok
18:39:32.0322 0x11b0 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
18:39:32.0347 0x11b0 AudioEndpointBuilder - ok
18:39:32.0376 0x11b0 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:39:32.0399 0x11b0 Audiosrv - ok
18:39:32.0481 0x11b0 [ 25A0986A222D76411010A6D6B9141AC1, 4E36989CC9D9D0421236F01F7CA0DB417B0E9D2D50C1ED375C273BD752083CCE ] AVG Antivirus C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
18:39:32.0492 0x11b0 AVG Antivirus - ok
18:39:32.0520 0x11b0 [ 63A02B2298DA306327403F3F01BC3790, BF6587BAE2128E763A381F1F89D4DDED5E53A1CF3040B0B0157ADE8710CED697 ] avgbdisk C:\Windows\system32\drivers\avgbdiska.sys
18:39:32.0536 0x11b0 avgbdisk - ok
18:39:32.0764 0x11b0 [ 773B1568F99AAB185987D2D14201D4D3, 34F6299BFAD487668138177D1560D237EA25F3202DD5A1342038BA7882AD31EB ] avgbIDSAgent C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
18:39:32.0907 0x11b0 avgbIDSAgent - ok
18:39:32.0990 0x11b0 [ 1FA0918F3365FE1AB30F47D3A4A23F05, 20CC987D7B1DB32C6533E08A4530DDBB87A3BB2A0D69F46B547209B3E69DDD65 ] avgbidsdriver C:\Windows\system32\drivers\avgbidsdrivera.sys
18:39:33.0009 0x11b0 avgbidsdriver - ok
18:39:33.0025 0x11b0 [ A597136B52F1BE69ABB2CBE0D197E22F, AF76D95891C8719CA4A7AD820AEA0830FC7ED73C89D53BF0997F8DD7AF085E37 ] avgbidsh C:\Windows\system32\drivers\avgbidsha.sys
18:39:33.0041 0x11b0 avgbidsh - ok
18:39:33.0058 0x11b0 [ F8F277D752CFCF570928C28C4E7236C1, 4D50732F2FF6C307140D81FA1EF0215A6A5D10836520EAB42037AF59C9CD0FAE ] avgblog C:\Windows\system32\drivers\avgbloga.sys
18:39:33.0078 0x11b0 avgblog - ok
18:39:33.0120 0x11b0 [ 207AA6B47C050DD13110D399BD4DA292, 182D4F65B13606F561B5A5CF124E3CB08D61D00C1B60478BFDECD1EEA119091F ] avgbuniv C:\Windows\system32\drivers\avgbuniva.sys
18:39:33.0132 0x11b0 avgbuniv - ok
18:39:33.0143 0x11b0 [ 2DD8AEB4EAB07384E03C7221CCD55523, 93F53610C81955D91B8120835340641C8C74EC6707DC7A350BD6A46B3EB01152 ] avgHwid C:\Windows\system32\drivers\avgHwid.sys
18:39:33.0161 0x11b0 avgHwid - ok
18:39:33.0176 0x11b0 [ E390FC7F473E9881B798B44BF31E41FA, 4D95748B0FADB28BEA0A19ED0ACD9358CE044D4E091328CE337B0A96CA236985 ] avgMonFlt C:\Windows\system32\drivers\avgMonFlt.sys
18:39:33.0224 0x11b0 avgMonFlt - ok
18:39:33.0261 0x11b0 [ 76680F830E770DE4D75031E2D3E85711, 7F2844F9797671BBD98D2657642D377A26528671E9C61F7DF3F4B9C253FA4DB4 ] avgRdr C:\Windows\system32\drivers\avgRdr2.sys
18:39:33.0280 0x11b0 avgRdr - ok
18:39:33.0289 0x11b0 [ B67F104F18418BD36BA3DD6F4ADBFC06, 1D994DCA5FC290B80B4DE93EC36A7BBE50DBBB14748B06449B0B513A513AD2E8 ] avgRvrt C:\Windows\system32\drivers\avgRvrt.sys
18:39:33.0307 0x11b0 avgRvrt - ok
18:39:33.0354 0x11b0 [ 4101FFAB906644DB3A43FFA050AC19D4, F09E142B6BF99EBF18A12B6C79DC5B046F38546380CE5067EB6A2DA5B5B65378 ] avgSnx C:\Windows\system32\drivers\avgSnx.sys
18:39:33.0417 0x11b0 avgSnx - ok
18:39:33.0458 0x11b0 [ F65863676D846FE699BD96623F996C4D, 5A47DC73650B63FC23B7CF65E393C593E6EFE443361A01252F49B733D8083508 ] avgSP C:\Windows\system32\drivers\avgSP.sys
18:39:33.0492 0x11b0 avgSP - ok
18:39:33.0508 0x11b0 [ E9D39B538EC9CCD1966F48FA62CEA5A9, 18FD5A30FDD20C6CADE8C8DAA7BE5DE00F432BEDA9EFFBC898E308DD543E1092 ] avgStm C:\Windows\system32\drivers\avgStm.sys
18:39:33.0517 0x11b0 avgStm - ok
18:39:33.0590 0x11b0 [ 670DFE18F3FDB58199E6DD160CAB92C0, 6E54E9F13E9B7321523A125C4EABA32EA6002AD10BB3386171D989227B460706 ] avgsvc C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
18:39:33.0623 0x11b0 avgsvc - ok
18:39:33.0646 0x11b0 [ 55E8C8AB6D024FD94AA59448A05B0F43, 59F9FC2295EACE29C3D84BEA58000988274CAD9F0A7E8CDD58159A5D6B8E4D16 ] avgVmm C:\Windows\system32\drivers\avgVmm.sys
18:39:33.0681 0x11b0 avgVmm - ok
18:39:33.0707 0x11b0 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:39:33.0718 0x11b0 AxInstSV - ok
18:39:33.0753 0x11b0 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:39:33.0787 0x11b0 b06bdrv - ok
18:39:33.0798 0x11b0 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
18:39:33.0817 0x11b0 BasicDisplay - ok
18:39:33.0854 0x11b0 [ 195BD339B4B782B42C19489DCFB4D110, E63CC0AEF1875D5D127E341CF65117DABC9E376A83E615EC8D01F6AB705DABAD ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
18:39:33.0874 0x11b0 BasicRender - ok
18:39:33.0899 0x11b0 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
18:39:33.0915 0x11b0 bcmfn2 - ok
18:39:33.0951 0x11b0 [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC C:\Windows\System32\bdesvc.dll
18:39:33.0966 0x11b0 BDESVC - ok
18:39:33.0983 0x11b0 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys
18:39:34.0003 0x11b0 Beep - ok
18:39:34.0042 0x11b0 [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE C:\Windows\System32\bfe.dll
18:39:34.0067 0x11b0 BFE - ok
18:39:34.0120 0x11b0 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll
18:39:34.0147 0x11b0 BITS - ok
18:39:34.0215 0x11b0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:39:34.0227 0x11b0 Bonjour Service - ok
18:39:34.0251 0x11b0 [ 4938A9236300A356F97E378491EE4844, 60D892960D48EEF48F8EC4DE4F174EBD0BC0E7B28B6D8723D554CD1979EB55B4 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:39:34.0272 0x11b0 bowser - ok
18:39:34.0301 0x11b0 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
18:39:34.0314 0x11b0 BrokerInfrastructure - ok
18:39:34.0324 0x11b0 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll
18:39:34.0336 0x11b0 Browser - ok
18:39:34.0361 0x11b0 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
18:39:34.0381 0x11b0 BthAvrcpTg - ok
18:39:34.0403 0x11b0 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
18:39:34.0426 0x11b0 BthHFEnum - ok
18:39:34.0446 0x11b0 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
18:39:34.0466 0x11b0 bthhfhid - ok
18:39:34.0502 0x11b0 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
18:39:34.0516 0x11b0 BthHFSrv - ok
18:39:34.0532 0x11b0 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
18:39:34.0561 0x11b0 BTHMODEM - ok
18:39:34.0597 0x11b0 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll
18:39:34.0608 0x11b0 bthserv - ok
18:39:34.0663 0x11b0 [ DEE40211AA700A0A9D7F95EC38DE0714, F3926D92D940311D7E1E7E656116B1B48C4D6B3AFC35017658C4EC3D0A33EF40 ] Cachedrv server C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
18:39:34.0668 0x11b0 Cachedrv server - detected UnsignedFile.Multi.Generic ( 1 )
18:39:35.0070 0x11b0 Detect skipped due to KSN trusted
18:39:35.0070 0x11b0 Cachedrv server - ok
18:39:35.0114 0x11b0 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:39:35.0137 0x11b0 cdfs - ok
18:39:35.0159 0x11b0 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys
18:39:35.0182 0x11b0 cdrom - ok
18:39:35.0220 0x11b0 [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] CertPropSvc C:\Windows\System32\certprop.dll
18:39:35.0232 0x11b0 CertPropSvc - ok
18:39:35.0246 0x11b0 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys
18:39:35.0267 0x11b0 circlass - ok
18:39:35.0310 0x11b0 [ 9DA497AEAF35AA7BF7710132FC2A9906, D38DF749222BD0B6E8E6442CC79D56CF827A1430ACAB4F85F7FC469DD31A211C ] CLFS C:\Windows\system32\drivers\CLFS.sys
18:39:35.0338 0x11b0 CLFS - ok
18:39:35.0373 0x11b0 [ 3E76A1547F2448BCEE3D2F4AE3931AB5, 31B41723FAA4210A86B1AE02D6C052BD8B738C4B89FB0177C1AE997D24BA5B8C ] CLVirtualDrive C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
18:39:35.0391 0x11b0 CLVirtualDrive - ok
18:39:35.0413 0x11b0 [ 39F71BF21E7F8EBE9B4810BC95EE26D6, 6134013F918D41A1AA8C814217A272F2C428FA3FE97DB66501FA50A488B0C991 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
18:39:35.0431 0x11b0 clwvd - ok
18:39:35.0454 0x11b0 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
18:39:35.0473 0x11b0 CmBatt - ok
18:39:35.0512 0x11b0 [ C8823A6ECE66B997C8E9F413D1D671E7, D739A194BCA4C1979C5B2A71F4B8DAB0BCC1524808C50BA302847B6C82D77250 ] CNG C:\Windows\system32\Drivers\cng.sys
18:39:35.0539 0x11b0 CNG - ok
18:39:35.0550 0x11b0 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
18:39:35.0571 0x11b0 CompositeBus - ok
18:39:35.0575 0x11b0 COMSysApp - ok
18:39:35.0588 0x11b0 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys
18:39:35.0610 0x11b0 condrv - ok
18:39:35.0689 0x11b0 [ 10A4DCE58A85F2B9321A5D69C8E611A9, 9EA09DC78C8E3444C145AF9D50E4728D5F5C36F425071D64BCF9A942B0C0AF76 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:39:35.0700 0x11b0 cphs - ok
18:39:35.0728 0x11b0 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:39:35.0757 0x11b0 CryptSvc - ok
18:39:35.0836 0x11b0 [ DDAC7684F4BC3F655ED31D8AA494E9AB, 6AE08B3E0544A4A07235BEFE2F18653BB03240039CCC1A1777FE5E342E057AFC ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:39:35.0856 0x11b0 cvhsvc - ok
18:39:35.0936 0x11b0 [ 398AA4D2401AF8C831C90B96415F1DE5, 891B9E15A103744EA74C970DC489B8CFD326CEA0C51244E8E52B51ADADE2C0E8 ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
18:39:35.0942 0x11b0 CyberLink PowerDVD 12 Media Server Monitor Service - ok
18:39:35.0964 0x11b0 [ FF250422744FC22839C4CD8D111AF95B, B48A8B536B4A217CA205279D8D64F9F8766AA19CAF41A345679C0192A107616F ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
18:39:35.0974 0x11b0 CyberLink PowerDVD 12 Media Server Service - ok
18:39:35.0996 0x11b0 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\Windows\system32\drivers\dam.sys
18:39:36.0016 0x11b0 dam - ok
18:39:36.0059 0x11b0 [ 20CC6E9FE25ACD34BE4FCDDB7B08364D, 295B2BBDC860A4CD65CD09C975D08CA1B8E4FE60AD0CA084CAB149A3E9D64B40 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:39:36.0085 0x11b0 DcomLaunch - ok
18:39:36.0124 0x11b0 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll
18:39:36.0142 0x11b0 defragsvc - ok
18:39:36.0163 0x11b0 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
18:39:36.0180 0x11b0 DeviceAssociationService - ok
18:39:36.0205 0x11b0 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
18:39:36.0218 0x11b0 DeviceInstall - ok
18:39:36.0264 0x11b0 [ 4FED6AD69C9EE1EE7FD3C88437138855, 71E0863898F2E3B1F9769C8A9980E2063042961D417FE0C969B2E5B7A0013978 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
18:39:36.0287 0x11b0 Dfsc - ok
18:39:36.0333 0x11b0 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll
18:39:36.0360 0x11b0 Dhcp - ok
18:39:36.0421 0x11b0 [ 0AC9F83A5508935DE89C447473085EEA, 223782B17BACEFB0A663EB13514B68B919C95EF641CDDA7AC30CB239BC4307EC ] DiagTrack C:\Windows\system32\diagtrack.dll
18:39:36.0459 0x11b0 DiagTrack - ok
18:39:36.0488 0x11b0 [ 8B1E62881D5AC68E673CD94B136B34AC, A0C50F17041E43AC07B67A74F2C408820316201439F47CDEA37A4F5891CC0E6F ] disk C:\Windows\system32\drivers\disk.sys
18:39:36.0519 0x11b0 disk - ok
18:39:36.0555 0x11b0 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
18:39:36.0575 0x11b0 dmvsc - ok
18:39:36.0603 0x11b0 [ 1E365F2B4C8F6D4D9FF0D1B4A93C230C, 5CAC22131F376D55F09BF875F7CBC4D8827EBC189EEB5D713D693A3510B20077 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:39:36.0617 0x11b0 Dnscache - ok
18:39:36.0648 0x11b0 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll
18:39:36.0662 0x11b0 dot3svc - ok
18:39:36.0692 0x11b0 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\Windows\system32\dps.dll
18:39:36.0706 0x11b0 DPS - ok
18:39:36.0732 0x11b0 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:39:36.0749 0x11b0 drmkaud - ok
18:39:36.0779 0x11b0 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
18:39:36.0793 0x11b0 DsmSvc - ok
18:39:36.0867 0x11b0 [ 24C40570BAFEA48E9CB2B87008DCA152, 2D7CCBE5C354667BFBA0B6D6B8F34201AD2992273FB98767C9AD3C72D890A628 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:39:36.0929 0x11b0 DXGKrnl - ok
18:39:36.0961 0x11b0 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll
18:39:36.0972 0x11b0 Eaphost - ok
18:39:37.0086 0x11b0 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:39:37.0159 0x11b0 ebdrv - ok
18:39:37.0188 0x11b0 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe
18:39:37.0198 0x11b0 EFS - ok
18:39:37.0224 0x11b0 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
18:39:37.0244 0x11b0 EhStorClass - ok
18:39:37.0263 0x11b0 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
18:39:37.0284 0x11b0 EhStorTcgDrv - ok
18:39:37.0349 0x11b0 [ 568F7FB00D308AC75D61DF6C61A09B83, D1DDEC268845097C54496220CDF297C0D2B85C312219B5A3AE9BFA35D82AF2CF ] ElfoService C:\Program Files (x86)\ElsterFormular Update Service\elfoService.exe
18:39:37.0382 0x11b0 ElfoService - ok
18:39:37.0396 0x11b0 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys
18:39:37.0430 0x11b0 ErrDev - ok
18:39:37.0480 0x11b0 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll
18:39:37.0498 0x11b0 EventSystem - ok
18:39:37.0513 0x11b0 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys
18:39:37.0544 0x11b0 exfat - ok
18:39:37.0570 0x11b0 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:39:37.0594 0x11b0 fastfat - ok
18:39:37.0633 0x11b0 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe
18:39:37.0654 0x11b0 Fax - ok
18:39:37.0666 0x11b0 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys
18:39:37.0696 0x11b0 fdc - ok
18:39:37.0732 0x11b0 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll
18:39:37.0742 0x11b0 fdPHost - ok
18:39:37.0750 0x11b0 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll
18:39:37.0762 0x11b0 FDResPub - ok
18:39:37.0790 0x11b0 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll
18:39:37.0801 0x11b0 fhsvc - ok
18:39:37.0827 0x11b0 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:39:37.0869 0x11b0 FileInfo - ok
18:39:37.0892 0x11b0 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:39:37.0918 0x11b0 Filetrace - ok
18:39:37.0959 0x11b0 [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:39:37.0975 0x11b0 FLEXnet Licensing Service - ok
18:39:38.0045 0x11b0 [ 1C3FB052A0BB72EDAED90785C34D6EED, 5300A82D1A79EBA1768F545E73974E3B8CE189AB39CDF905BF42AFA2E497186B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:39:38.0067 0x11b0 FLEXnet Licensing Service 64 - ok
18:39:38.0091 0x11b0 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
18:39:38.0111 0x11b0 flpydisk - ok
18:39:38.0148 0x11b0 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:39:38.0169 0x11b0 FltMgr - ok
18:39:38.0231 0x11b0 [ 359A7382DB639FE051455D868DEFF1A0, 1FFB6D8C96D9559081092F4BCA221AF993E40388D4951F72FFE6389894465A97 ] FontCache C:\Windows\system32\FntCache.dll
18:39:38.0264 0x11b0 FontCache - ok
18:39:38.0315 0x11b0 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:39:38.0322 0x11b0 FontCache3.0.0.0 - ok
18:39:38.0350 0x11b0 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:39:38.0364 0x11b0 FsDepends - ok
18:39:38.0379 0x11b0 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:39:38.0495 0x11b0 Fs_Rec - ok
18:39:38.0594 0x11b0 [ D4AB6EE3D715BC44C00277FD934FAACF, DE8A8B14D7BA73BA1B5A833DE193CA65EDFE512A57D84F4F2CE19D9646D97F4E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:39:38.0660 0x11b0 fvevol - ok
18:39:38.0706 0x11b0 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
18:39:38.0726 0x11b0 FxPPM - ok
18:39:38.0792 0x11b0 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:39:38.0811 0x11b0 gagp30kx - ok
18:39:38.0834 0x11b0 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
18:39:38.0867 0x11b0 gencounter - ok
18:39:38.0902 0x11b0 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
18:39:38.0924 0x11b0 GPIOClx0101 - ok
18:39:39.0000 0x11b0 [ 9678FD4747A4F2E2318245EE6099482E, C76AE30E8BA77DC330F9CFE5ECEA58FAE0995396742923B564A2257DE24D7B32 ] gpsvc C:\Windows\System32\gpsvc.dll
18:39:39.0033 0x11b0 gpsvc - ok
18:39:39.0062 0x11b0 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:39:39.0094 0x11b0 HdAudAddService - ok
18:39:39.0121 0x11b0 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
18:39:39.0142 0x11b0 HDAudBus - ok
18:39:39.0161 0x11b0 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
18:39:39.0181 0x11b0 HidBatt - ok
18:39:39.0213 0x11b0 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys
18:39:39.0235 0x11b0 HidBth - ok
18:39:39.0254 0x11b0 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
18:39:39.0275 0x11b0 hidi2c - ok
18:39:39.0283 0x11b0 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys
18:39:39.0305 0x11b0 HidIr - ok
18:39:39.0329 0x11b0 [ D42E350C3F5B9DDCE7BDDB109B413109, F015CCAB3719B1834DF3EE0265D905675C743F116526A2882B6077E540B8A74F ] hidkmdf C:\Windows\System32\drivers\hidkmdf.sys
18:39:39.0345 0x11b0 hidkmdf - ok
18:39:39.0370 0x11b0 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll
18:39:39.0381 0x11b0 hidserv - ok
18:39:39.0410 0x11b0 [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb C:\Windows\System32\drivers\hidusb.sys
18:39:39.0431 0x11b0 HidUsb - ok
18:39:39.0464 0x11b0 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll
18:39:39.0476 0x11b0 hkmsvc - ok
18:39:39.0492 0x11b0 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:39:39.0508 0x11b0 HomeGroupListener - ok
18:39:39.0527 0x11b0 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:39:39.0544 0x11b0 HomeGroupProvider - ok
18:39:39.0564 0x11b0 [ 8B8E6BD988EAF18C1B86704BF05E5C03, 84052C116032F3DC47B0D3A7A8FC8E86DF94DDB3136C866D8FC8A3DF23209DEC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
18:39:39.0581 0x11b0 hpdskflt - ok
18:39:39.0648 0x11b0 [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:39:39.0674 0x11b0 hpqwmiex - ok
18:39:39.0699 0x11b0 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:39:39.0734 0x11b0 HpSAMD - ok
18:39:39.0761 0x11b0 [ 0865F178E272C682B0689F1AA269128D, F8CC23EA339F0C917C3948FF35BEFE10664CCFF8796954898E41F4EC1618E5E1 ] hpsrv C:\Windows\system32\Hpservice.exe
18:39:39.0768 0x11b0 hpsrv - ok
18:39:39.0808 0x11b0 [ 91ADA2CF99A0C28A231763E033FD6F98, 80F6ABD22D018EBF5AC3FD5BEE941962B29B1517EACE0C7730C00D7DE17CEFAC ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
18:39:39.0815 0x11b0 HPSupportSolutionsFrameworkService - ok
18:39:39.0871 0x11b0 [ F5F3F27E5823A4DF0193CC2534029742, F0126009F8CE9B85A2E9CFC257D1A3117B1CD5A739369502576B1CDF49E1DF85 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
18:39:39.0897 0x11b0 HPWMISVC - ok
18:39:39.0939 0x11b0 [ 030DD4F01AF3C32BA1AD00B549156F99, 5FDF4B199FDE1110CBC9DB164001A971057C982EB6AD5542BCD74AB3446E2D70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:39:40.0005 0x11b0 HTTP - ok
18:39:40.0022 0x11b0 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:39:40.0035 0x11b0 hwpolicy - ok
18:39:40.0050 0x11b0 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
18:39:40.0078 0x11b0 hyperkbd - ok
18:39:40.0094 0x11b0 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
18:39:40.0113 0x11b0 HyperVideo - ok
18:39:40.0146 0x11b0 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
18:39:40.0187 0x11b0 i8042prt - ok
18:39:40.0214 0x11b0 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
18:39:40.0236 0x11b0 iaLPSSi_GPIO - ok
18:39:40.0248 0x11b0 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
18:39:40.0266 0x11b0 iaLPSSi_I2C - ok
18:39:40.0303 0x11b0 [ 60F6526DB3297C7324957EF3143F88FF, F0D4AF7E66CD42793C5137B4F5E66AFCE13253C3FF8D397921EA23CD04D49763 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
18:39:40.0321 0x11b0 iaStorA - ok
18:39:40.0354 0x11b0 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
18:39:40.0388 0x11b0 iaStorAV - ok
18:39:40.0437 0x11b0 [ 9D7AFC77C928460336642D6EFDB5BDEA, 9CF555B94A21D7A518B9228B6BE86679200FEC4219156D7D2183CDC906BA4548 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:39:40.0445 0x11b0 IAStorDataMgrSvc - ok
18:39:40.0478 0x11b0 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:39:40.0510 0x11b0 iaStorV - ok
18:39:40.0513 0x11b0 IEEtwCollectorService - ok
18:39:40.0643 0x11b0 [ 40E022751ECBBAEAB90C199F3B8358FC, 3C8B150AA67029ADF3221E76B37B9E277F38059EAF9F3E0EA380144600039156 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:39:40.0736 0x11b0 igfx - ok
18:39:40.0792 0x11b0 [ 5697FD05EC6915A1E7193D658D8D6E05, 0179C3AF29880AA21F609CB471034EA5FA49324ACCE12736866675C037EBEC7A ] IKEEXT C:\Windows\System32\ikeext.dll
18:39:40.0821 0x11b0 IKEEXT - ok
18:39:40.0845 0x11b0 [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
18:39:40.0874 0x11b0 intaud_WaveExtensible - ok
18:39:40.0981 0x11b0 [ FA2B7507CD49908B2260949E52F8B9FE, 0EA0B3B25A3B668CA18313E34138DADA5C9835E476A1BFC56588B946DF0A92E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:39:41.0104 0x11b0 IntcAzAudAddService - ok
18:39:41.0138 0x11b0 [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:39:41.0152 0x11b0 IntcDAud - ok
18:39:41.0212 0x11b0 [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:39:41.0228 0x11b0 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
18:39:41.0523 0x11b0 Detect skipped due to KSN trusted
18:39:41.0523 0x11b0 Intel(R) Capability Licensing Service Interface - ok
18:39:41.0551 0x11b0 [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
18:39:41.0571 0x11b0 Intel(R) Capability Licensing Service TCP IP Interface - ok
18:39:41.0630 0x11b0 [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
18:39:41.0638 0x11b0 Intel(R) ME Service - ok
18:39:41.0649 0x11b0 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys
18:39:41.0668 0x11b0 intelide - ok
18:39:41.0687 0x11b0 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\Windows\system32\drivers\intelpep.sys
18:39:41.0713 0x11b0 intelpep - ok
18:39:41.0741 0x11b0 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys
18:39:41.0760 0x11b0 intelppm - ok
18:39:41.0779 0x11b0 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:41.0803 0x11b0 IpFilterDriver - ok
18:39:41.0855 0x11b0 [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:39:41.0880 0x11b0 iphlpsvc - ok
18:39:41.0907 0x11b0 [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
18:39:41.0929 0x11b0 IPMIDRV - ok
18:39:41.0951 0x11b0 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:39:41.0983 0x11b0 IPNAT - ok
18:39:41.0997 0x11b0 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:39:42.0017 0x11b0 IRENUM - ok
18:39:42.0044 0x11b0 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:39:42.0063 0x11b0 isapnp - ok
18:39:42.0089 0x11b0 [ 744DE92A339763C15C6B988C27439633, B566E04BB3C7BBE736158DFA19A6361ABD7E43ABC5F690CFDA6AD50405C17A94 ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
18:39:42.0111 0x11b0 iScsiPrt - ok
18:39:42.0136 0x11b0 [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus C:\Windows\System32\drivers\iwdbus.sys
18:39:42.0153 0x11b0 iwdbus - ok
18:39:42.0193 0x11b0 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:39:42.0202 0x11b0 jhi_service - ok
18:39:42.0211 0x11b0 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
18:39:42.0231 0x11b0 kbdclass - ok
18:39:42.0253 0x11b0 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
18:39:42.0273 0x11b0 kbdhid - ok
18:39:42.0291 0x11b0 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
18:39:42.0311 0x11b0 kdnic - ok
18:39:42.0322 0x11b0 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe
18:39:42.0331 0x11b0 KeyIso - ok
18:39:42.0361 0x11b0 [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:39:42.0377 0x11b0 KSecDD - ok
18:39:42.0414 0x11b0 [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:39:42.0436 0x11b0 KSecPkg - ok
18:39:42.0459 0x11b0 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:39:42.0480 0x11b0 ksthunk - ok
18:39:42.0510 0x11b0 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:39:42.0526 0x11b0 KtmRm - ok
18:39:42.0556 0x11b0 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll
18:39:42.0571 0x11b0 LanmanServer - ok
18:39:42.0601 0x11b0 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:39:42.0618 0x11b0 LanmanWorkstation - ok
18:39:42.0650 0x11b0 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
18:39:42.0667 0x11b0 lfsvc - ok
18:39:42.0690 0x11b0 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:39:42.0713 0x11b0 lltdio - ok
18:39:42.0746 0x11b0 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:39:42.0762 0x11b0 lltdsvc - ok
18:39:42.0786 0x11b0 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:39:42.0796 0x11b0 lmhosts - ok
18:39:42.0831 0x11b0 [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:39:42.0843 0x11b0 LMS - ok
18:39:42.0863 0x11b0 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:39:42.0895 0x11b0 LSI_SAS - ok
18:39:42.0918 0x11b0 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:39:42.0938 0x11b0 LSI_SAS2 - ok
18:39:42.0958 0x11b0 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
18:39:42.0990 0x11b0 LSI_SAS3 - ok
18:39:43.0006 0x11b0 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
18:39:43.0026 0x11b0 LSI_SSS - ok
18:39:43.0067 0x11b0 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\Windows\System32\lsm.dll
18:39:43.0090 0x11b0 LSM - ok
18:39:43.0108 0x11b0 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys
18:39:43.0132 0x11b0 luafv - ok
18:39:43.0158 0x11b0 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys
18:39:43.0177 0x11b0 megasas - ok
18:39:43.0203 0x11b0 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys
18:39:43.0250 0x11b0 megasr - ok
18:39:43.0267 0x11b0 [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
18:39:43.0275 0x11b0 MEIx64 - ok
18:39:43.0307 0x11b0 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll
18:39:43.0329 0x11b0 MMCSS - ok
18:39:43.0336 0x11b0 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys
18:39:43.0358 0x11b0 Modem - ok
18:39:43.0373 0x11b0 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys
18:39:43.0392 0x11b0 monitor - ok
18:39:43.0409 0x11b0 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\Windows\System32\drivers\mouclass.sys
18:39:43.0430 0x11b0 mouclass - ok
18:39:43.0458 0x11b0 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\Windows\System32\drivers\mouhid.sys
18:39:43.0478 0x11b0 mouhid - ok
18:39:43.0508 0x11b0 [ 24DABC0A77FAFDC0E379AB3B30F61BB6, E66624ABBF1D742879035F9161F9D3713DE7B759B3D3CF8B96C9E397A02FCF82 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:39:43.0528 0x11b0 mountmgr - ok
18:39:43.0621 0x11b0 [ 65C0F9AE99ECCCA7C5C3CEFA7ED80904, AABEBEAED256318B5B8C1BC36A2E365CB942ED591C78E78EC6C55EF94A522342 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:39:43.0630 0x11b0 MozillaMaintenance - ok
18:39:43.0659 0x11b0 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:39:43.0678 0x11b0 mpsdrv - ok
18:39:43.0715 0x11b0 [ D1418745A5472F3930A288E05B9E2C05, 95785F0FA7EE239459C0288DB37E9E54648029FD6FE45A61E6343526D67FFA32 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:39:43.0740 0x11b0 MpsSvc - ok
18:39:43.0777 0x11b0 [ 3F818C1518DA702C8F10259095C9BDE0, B98C1A6F9A3C01A10503B2B2C45CC89AFF17B346B15990F4DB4820F68BDC62C8 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:39:43.0801 0x11b0 MRxDAV - ok
18:39:43.0836 0x11b0 [ DE1513C338189348F6934A25CF6E4D19, 905A405E85FB75D6700BF4997BC5F3692068B9A236385543C286809C9D502358 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:43.0862 0x11b0 mrxsmb - ok
18:39:43.0880 0x11b0 [ 706BEFE7F8943E0DB0086B0B64E27453, 936763A7A8CB9E7F5DE3DA368F5F97E87FD25A0C56493DD82A1C8170D57CE4DA ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:43.0904 0x11b0 mrxsmb10 - ok
18:39:43.0922 0x11b0 [ DE5AAC19EB9B9C3AFF9CAE30D7EB107A, BA03EB556444670B47A56669AD8ECB400E37BE71119FAB8D8324538F76670F8B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:43.0942 0x11b0 mrxsmb20 - ok
18:39:43.0964 0x11b0 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
18:39:43.0986 0x11b0 MsBridge - ok
18:39:44.0016 0x11b0 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe
18:39:44.0028 0x11b0 MSDTC - ok
18:39:44.0052 0x11b0 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:39:44.0084 0x11b0 Msfs - ok
18:39:44.0104 0x11b0 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
18:39:44.0122 0x11b0 msgpiowin32 - ok
18:39:44.0133 0x11b0 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:39:44.0154 0x11b0 mshidkmdf - ok
18:39:44.0165 0x11b0 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
18:39:44.0188 0x11b0 mshidumdf - ok
18:39:44.0219 0x11b0 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:39:44.0237 0x11b0 msisadrv - ok
18:39:44.0267 0x11b0 [ A06142B3850B06972F1C89748FAA2C02, B1CCC5C8D100FEB384FCC85FED2A77F47DA4C9BA5F6889A130F4D73E30ACAA78 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:39:44.0278 0x11b0 MSiSCSI - ok
18:39:44.0281 0x11b0 msiserver - ok
18:39:44.0295 0x11b0 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:39:44.0315 0x11b0 MSKSSRV - ok
18:39:44.0352 0x11b0 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
18:39:44.0372 0x11b0 MsLldp - ok
18:39:44.0384 0x11b0 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:44.0403 0x11b0 MSPCLOCK - ok
18:39:44.0417 0x11b0 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:39:44.0435 0x11b0 MSPQM - ok
18:39:44.0452 0x11b0 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:39:44.0473 0x11b0 MsRPC - ok
18:39:44.0487 0x11b0 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
18:39:44.0506 0x11b0 mssmbios - ok
18:39:44.0519 0x11b0 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:39:44.0538 0x11b0 MSTEE - ok
18:39:44.0569 0x11b0 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
18:39:44.0588 0x11b0 MTConfig - ok
18:39:44.0621 0x11b0 [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup C:\Windows\system32\Drivers\mup.sys
18:39:44.0641 0x11b0 Mup - ok
18:39:44.0659 0x11b0 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys
18:39:44.0680 0x11b0 mvumis - ok
18:39:44.0726 0x11b0 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll
18:39:44.0744 0x11b0 napagent - ok
18:39:44.0765 0x11b0 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:39:44.0797 0x11b0 NativeWifiP - ok
18:39:44.0820 0x11b0 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll
18:39:44.0832 0x11b0 NcaSvc - ok
18:39:44.0861 0x11b0 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll
18:39:44.0873 0x11b0 NcbService - ok
18:39:44.0901 0x11b0 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
18:39:44.0912 0x11b0 NcdAutoSetup - ok
18:39:44.0958 0x11b0 [ FFAA6C6E798FBA448FA7628A1B277F5C, 9E1F2C848A019CE6397F652A21AE43B76149EF95452BB8353249BD9E28D98083 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:39:45.0014 0x11b0 NDIS - ok
18:39:45.0037 0x11b0 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:39:45.0058 0x11b0 NdisCap - ok
18:39:45.0080 0x11b0 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
18:39:45.0102 0x11b0 NdisImPlatform - ok
18:39:45.0130 0x11b0 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:45.0149 0x11b0 NdisTapi - ok
18:39:45.0168 0x11b0 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:45.0189 0x11b0 Ndisuio - ok
18:39:45.0201 0x11b0 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
18:39:45.0230 0x11b0 NdisVirtualBus - ok
18:39:45.0266 0x11b0 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:45.0291 0x11b0 NdisWan - ok
18:39:45.0296 0x11b0 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:45.0317 0x11b0 NdisWanLegacy - ok
18:39:45.0337 0x11b0 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:39:45.0357 0x11b0 NDProxy - ok
18:39:45.0384 0x11b0 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys
18:39:45.0406 0x11b0 Ndu - ok
18:39:45.0417 0x11b0 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:39:45.0436 0x11b0 NetBIOS - ok
18:39:45.0467 0x11b0 [ 9DC17B7D9D84C37C102D379FCC7D4942, D522022ED4395686837E96F57EE29F8065FB749D1195B60D2A406FB33F696C09 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:39:45.0496 0x11b0 NetBT - ok
18:39:45.0511 0x11b0 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe
18:39:45.0521 0x11b0 Netlogon - ok
18:39:45.0541 0x11b0 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll
18:39:45.0555 0x11b0 Netman - ok
18:39:45.0592 0x11b0 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll
18:39:45.0612 0x11b0 netprofm - ok
18:39:45.0672 0x11b0 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:39:45.0731 0x11b0 NetTcpPortSharing - ok
18:39:45.0757 0x11b0 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\Windows\System32\drivers\netvsc63.sys
18:39:45.0779 0x11b0 netvsc - ok
18:39:45.0818 0x11b0 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll
18:39:45.0834 0x11b0 NlaSvc - ok
18:39:45.0861 0x11b0 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:39:45.0883 0x11b0 Npfs - ok
18:39:45.0899 0x11b0 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
18:39:45.0921 0x11b0 npsvctrig - ok
18:39:45.0945 0x11b0 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll
18:39:45.0958 0x11b0 nsi - ok
18:39:45.0968 0x11b0 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:39:46.0002 0x11b0 nsiproxy - ok
18:39:46.0079 0x11b0 [ E6E90E10CE26DD04868AED601091A124, 94D3EB05BAC5B667638254AE28A4802C209F65B7E210EB0F703ADAEE1B9481EF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:39:46.0161 0x11b0 Ntfs - ok
18:39:46.0188 0x11b0 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys
18:39:46.0208 0x11b0 Null - ok
18:39:46.0519 0x11b0 [ 0B01F2DCE39774A5EAE644C4FFC27217, 100CAB9E303AEED488A95C3F2CA66FBF8C529B92A3A826E5530F4A017B4C0F9B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:39:46.0741 0x11b0 nvlddmkm - ok
18:39:46.0769 0x11b0 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:39:46.0791 0x11b0 nvraid - ok
18:39:46.0805 0x11b0 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:39:46.0833 0x11b0 nvstor - ok
18:39:46.0874 0x11b0 [ FFBE76FF462AD3D89ECF4D16BA4C5FDD, D1C5C8FC6A731147A6C3823531F8D0DBA34DF1357A7EA20119692A3DF0B3105D ] nvsvc C:\Windows\system32\nvvsvc.exe
18:39:46.0897 0x11b0 nvsvc - ok
18:39:46.0961 0x11b0 [ E2E917575376AD577F225F4721CA1E28, 6588EF4BF265BF1F824E88357FDF97AAD303C0149E147589ABE89E0E4880D717 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:39:46.0989 0x11b0 nvUpdatusService - ok
18:39:47.0021 0x11b0 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:39:47.0041 0x11b0 nv_agp - ok
18:39:47.0099 0x11b0 [ 1300D100EF891C98504DE38624D3F639, 3F7D5A1BB725DC224E08EFC0D6A7F579FC78C64554BAF02D58A6624B91D6384E ] omniserv C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
18:39:47.0102 0x11b0 omniserv - detected UnsignedFile.Multi.Generic ( 1 )
18:39:47.0276 0x11b0 Detect skipped due to KSN trusted
18:39:47.0276 0x11b0 omniserv - ok
18:39:47.0303 0x11b0 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:39:47.0311 0x11b0 ose - ok
18:39:47.0453 0x11b0 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:39:47.0552 0x11b0 osppsvc - ok
18:39:47.0596 0x11b0 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:39:47.0617 0x11b0 p2pimsvc - ok
18:39:47.0669 0x11b0 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll
18:39:47.0691 0x11b0 p2psvc - ok
18:39:47.0722 0x11b0 [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport C:\Windows\System32\drivers\parport.sys
18:39:47.0749 0x11b0 Parport - ok
18:39:47.0774 0x11b0 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:39:47.0798 0x11b0 partmgr - ok
18:39:47.0836 0x11b0 [ 0A2DF1055FEEA30DFF73DAC0DA45FDE4, 497B2AE591ABBCFA8FC571D9C1D750006212F2D2DDF12F5A9E7FFA811CD707A3 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:39:47.0858 0x11b0 PcaSvc - ok
18:39:47.0883 0x11b0 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys
18:39:47.0931 0x11b0 pci - ok
18:39:48.0097 0x11b0 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys
18:39:48.0116 0x11b0 pciide - ok
18:39:48.0173 0x11b0 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:39:48.0195 0x11b0 pcmcia - ok
18:39:48.0208 0x11b0 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys
18:39:48.0228 0x11b0 pcw - ok
18:39:48.0257 0x11b0 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\Windows\system32\drivers\pdc.sys
18:39:48.0277 0x11b0 pdc - ok
18:39:48.0314 0x11b0 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:39:48.0333 0x11b0 PEAUTH - ok
18:39:48.0405 0x11b0 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:39:48.0415 0x11b0 PerfHost - ok
18:39:48.0489 0x11b0 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\Windows\system32\pla.dll
18:39:48.0525 0x11b0 pla - ok
18:39:48.0550 0x11b0 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:39:48.0562 0x11b0 PlugPlay - ok
18:39:48.0586 0x11b0 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:39:48.0597 0x11b0 PNRPAutoReg - ok
18:39:48.0617 0x11b0 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:39:48.0633 0x11b0 PNRPsvc - ok
18:39:48.0669 0x11b0 [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:39:48.0685 0x11b0 PolicyAgent - ok
18:39:48.0707 0x11b0 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\Windows\system32\umpo.dll
18:39:48.0719 0x11b0 Power - ok
18:39:48.0754 0x11b0 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:39:48.0776 0x11b0 PptpMiniport - ok
18:39:48.0904 0x11b0 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
18:39:48.0962 0x11b0 PrintNotify - ok
18:39:48.0994 0x11b0 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys
18:39:49.0015 0x11b0 Processor - ok
18:39:49.0044 0x11b0 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\Windows\system32\profsvc.dll
18:39:49.0058 0x11b0 ProfSvc - ok
18:39:49.0080 0x11b0 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:39:49.0106 0x11b0 Psched - ok
18:39:49.0129 0x11b0 [ 901DBA98359966A62A6548596988E931, 01EB45DC6B382A8F45BB2F4ECA8F89263CEE4BE1C412C94FFF706544942A74A8 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:39:49.0170 0x11b0 PxHlpa64 - ok
18:39:49.0208 0x11b0 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll
18:39:49.0223 0x11b0 QWAVE - ok
18:39:49.0244 0x11b0 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:39:49.0263 0x11b0 QWAVEdrv - ok
18:39:49.0295 0x11b0 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:39:49.0315 0x11b0 RasAcd - ok
18:39:49.0357 0x11b0 [ D5ECE7E7F349EB3C4B152AFF3577280D, 3A5D3E440D1ED72D654BBFE30A73667F055C0AD04375C22C202F21BF75B612B2 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:39:49.0385 0x11b0 RasAgileVpn - ok
18:39:49.0400 0x11b0 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll
18:39:49.0412 0x11b0 RasAuto - ok
18:39:49.0440 0x11b0 [ 235624C147E3CB4C288D5D3D8E8D64A2, B3F182019DBAD9C761FE9F62EAED34AD5902B41A13A766D814FC3E2EA29D8D92 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:49.0462 0x11b0 Rasl2tp - ok
18:39:49.0491 0x11b0 [ 15C0034561FE5B03FA376F1A6232478B, 0F9B5C2BD7D8803FF3C5ED957D3F0859F2A59B74510E4659FBF05EDCBF230208 ] RasMan C:\Windows\System32\rasmans.dll
18:39:49.0510 0x11b0 RasMan - ok
18:39:49.0530 0x11b0 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:49.0554 0x11b0 RasPppoe - ok
18:39:49.0581 0x11b0 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:39:49.0611 0x11b0 RasSstp - ok
18:39:49.0645 0x11b0 [ D67ED4AB59D1EF66B05AD1A81AC28B26, 72E750A9A6B484D8BEDE52FA6DABEF4D95765DE491152E1F6C856D0590B50C28 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:39:49.0674 0x11b0 rdbss - ok
18:39:49.0700 0x11b0 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
18:39:49.0720 0x11b0 rdpbus - ok
18:39:49.0734 0x11b0 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:39:49.0758 0x11b0 RDPDR - ok
18:39:49.0789 0x11b0 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
|
|
24.05.2017, 18:10
| #4 |
| | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitereCode:
ATTFilter 18:39:49.0806 0x11b0 RdpVideoMiniport - ok
18:39:49.0836 0x11b0 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:39:49.0861 0x11b0 rdyboost - ok
18:39:49.0901 0x11b0 [ 2D39BCFA4DD1081B8F282B623456B858, DD8C433B66B6661F4DBD1784CBD334441B508BE84932DD443F7AD51CEA192BA9 ] ReFS C:\Windows\system32\drivers\ReFS.sys
18:39:49.0946 0x11b0 ReFS - ok
18:39:49.0981 0x11b0 [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:39:49.0994 0x11b0 RemoteAccess - ok
18:39:50.0032 0x11b0 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:39:50.0045 0x11b0 RemoteRegistry - ok
18:39:50.0063 0x11b0 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:39:50.0076 0x11b0 RpcEptMapper - ok
18:39:50.0100 0x11b0 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe
18:39:50.0110 0x11b0 RpcLocator - ok
18:39:50.0148 0x11b0 [ 20CC6E9FE25ACD34BE4FCDDB7B08364D, 295B2BBDC860A4CD65CD09C975D08CA1B8E4FE60AD0CA084CAB149A3E9D64B40 ] RpcSs C:\Windows\system32\rpcss.dll
18:39:50.0172 0x11b0 RpcSs - ok
18:39:50.0191 0x11b0 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:39:50.0227 0x11b0 rspndr - ok
18:39:50.0285 0x11b0 [ DABD4AB3D049ECA6AFFD61B63A997728, 6F89D5AF4A02F7FC455922533D14486D4ED86E005523302A917E4F12B70B3794 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
18:39:50.0298 0x11b0 RtkAudioService - ok
18:39:50.0328 0x11b0 [ CFE738C524F35B6E523A4D0F54840C30, 73E051DEA744EEC5202693C11EDABB36DE2D086160648D4E41F1F299CBAD8409 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
18:39:50.0363 0x11b0 RTL8168 - ok
18:39:50.0394 0x11b0 [ 78CA6B333D92B3344AE6DC54013203A6, 368647BD2A737ECF079D8D1BEF3FFC379A563136FCCB0880861333B9EF150283 ] RTSPER C:\Windows\system32\DRIVERS\RtsPer.sys
18:39:50.0426 0x11b0 RTSPER - ok
18:39:50.0515 0x11b0 [ 0004430BB4664C095ACEF32733035F04, 559BEF335397F9B21ABCB720BF8C4D5E257168B8859109B886E7B277FA572BD7 ] RTWlanE C:\Windows\system32\DRIVERS\rtwlane.sys
18:39:50.0610 0x11b0 RTWlanE - ok
18:39:50.0638 0x11b0 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
18:39:50.0658 0x11b0 s3cap - ok
18:39:50.0689 0x11b0 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe
18:39:50.0698 0x11b0 SamSs - ok
18:39:50.0723 0x11b0 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:39:50.0743 0x11b0 sbp2port - ok
18:39:50.0775 0x11b0 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:39:50.0790 0x11b0 SCardSvr - ok
18:39:50.0819 0x11b0 [ 92D2FA1870F4EB4A9BA767DB6E0DEF6F, AB019E17D5F330CBB7F7CAF8CEB01F3F3DBBB181CDE19E4C2354AF51E66C8291 ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
18:39:50.0831 0x11b0 ScDeviceEnum - ok
18:39:50.0856 0x11b0 [ FA7ABD857DEB0FE3C94CC39A4C845E66, ACD551F75E00C4EB9CFDA73B04051D0BF5FF0BA67C716E1989A21683D8777A41 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:39:50.0877 0x11b0 scfilter - ok
18:39:50.0936 0x11b0 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\Windows\system32\schedsvc.dll
18:39:50.0968 0x11b0 Schedule - ok
18:39:50.0999 0x11b0 [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:39:51.0010 0x11b0 SCPolicySvc - ok
18:39:51.0049 0x11b0 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\Windows\System32\drivers\sdbus.sys
18:39:51.0082 0x11b0 sdbus - ok
18:39:51.0109 0x11b0 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys
18:39:51.0129 0x11b0 sdstor - ok
18:39:51.0156 0x11b0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:39:51.0176 0x11b0 secdrv - ok
18:39:51.0199 0x11b0 [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\Windows\system32\seclogon.dll
18:39:51.0211 0x11b0 seclogon - ok
18:39:51.0235 0x11b0 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll
18:39:51.0247 0x11b0 SENS - ok
18:39:51.0280 0x11b0 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:39:51.0294 0x11b0 SensrSvc - ok
18:39:51.0309 0x11b0 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys
18:39:51.0329 0x11b0 SerCx - ok
18:39:51.0348 0x11b0 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
18:39:51.0371 0x11b0 SerCx2 - ok
18:39:51.0402 0x11b0 [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum C:\Windows\System32\drivers\serenum.sys
18:39:51.0421 0x11b0 Serenum - ok
18:39:51.0441 0x11b0 [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial C:\Windows\System32\drivers\serial.sys
18:39:51.0463 0x11b0 Serial - ok
18:39:51.0503 0x11b0 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\Windows\System32\drivers\sermouse.sys
18:39:51.0523 0x11b0 sermouse - ok
18:39:51.0581 0x11b0 [ C42D93E4211D16EE0315D38C6618659E, CA280B8B42C4F7C47669DF3129E4FD56F861D94D8840C26EFFC669757B4EC495 ] SessionEnv C:\Windows\system32\sessenv.dll
18:39:51.0599 0x11b0 SessionEnv - ok
18:39:51.0620 0x11b0 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
18:39:51.0641 0x11b0 sfloppy - ok
18:39:51.0705 0x11b0 [ B2F21560016B3C200FC34F2BD13DE469, CBA4728F4F9C9BCC163B0AD1B4BCC370836CC07668F66EF732D03904382D7828 ] Sftfs C:\Windows\system32\DRIVERS\Sftfswin7.sys
18:39:51.0743 0x11b0 Sftfs - ok
18:39:51.0808 0x11b0 [ 13693B6354DD6E72DC5131DA7D764B90, 447EFDA7CFB1F62EA316219D996406C8DC374097DB903F362D6E945227D8BB2D ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:39:51.0822 0x11b0 sftlist - ok
18:39:51.0847 0x11b0 [ AD9449F3BF407DBD1742A465F2163847, E4BD90893B24BB391B1F47230741FAB941520BEF82E1F1629EE5475BC73D61F6 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaywin7.sys
18:39:51.0870 0x11b0 Sftplay - ok
18:39:51.0876 0x11b0 [ 78A1496BA75C7D5700CECB77DDD291BB, 662312024B907531F12609803CFAB36B2AD7F117B03E7F01B0851BF964A9F1A6 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirwin7.sys
18:39:51.0891 0x11b0 Sftredir - ok
18:39:51.0905 0x11b0 [ DA674FD0164D64BD4980A619410D57E3, 46DC26FCAADA34B1B18B51BA51462741A2FE55CCCA967FC7349158DFB044DC6B ] Sftvol C:\Windows\system32\DRIVERS\Sftvolwin7.sys
18:39:51.0923 0x11b0 Sftvol - ok
18:39:51.0953 0x11b0 [ C3CDDD18F43D44AB713CF8C4916F7696, 38093295825AFDD08D7E32CC4EF2A6C447F6D6E3C6F7EA5554C25E7C3F16FC92 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:39:51.0963 0x11b0 sftvsa - ok
18:39:51.0999 0x11b0 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:39:52.0017 0x11b0 SharedAccess - ok
18:39:52.0079 0x11b0 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:39:52.0100 0x11b0 ShellHWDetection - ok
18:39:52.0118 0x11b0 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:39:52.0135 0x11b0 SiSRaid2 - ok
18:39:52.0164 0x11b0 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:39:52.0190 0x11b0 SiSRaid4 - ok
18:39:52.0239 0x11b0 [ B72B80E6FF423C5011E745CB76DA9A08, 18A6B9D46E91AD4D463EB5CB832702392D2E162577F90C328B515FCE69FABD15 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:39:52.0255 0x11b0 SkypeUpdate - ok
18:39:52.0278 0x11b0 [ 0224CD52A27E06F80A91621A633D64ED, F15C16F6851F79648E142B79F63B447EF387EF7C9A075BD2A7AAED626BFFB656 ] SmbDrv C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
18:39:52.0288 0x11b0 SmbDrv - ok
18:39:52.0308 0x11b0 [ EBC839A7079CE7B353153AF9FAE8A57A, BEA3A1DEEA0CB0EE2E1B73CD592CC77C9B9FDEA2A0EA9369A0E10DEF97C5F923 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
18:39:52.0315 0x11b0 SmbDrvI - ok
18:39:52.0349 0x11b0 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll
18:39:52.0360 0x11b0 smphost - ok
18:39:52.0372 0x11b0 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:39:52.0383 0x11b0 SNMPTRAP - ok
18:39:52.0421 0x11b0 [ F6AF6499C3788105EA7AF1DA27769A77, F847789B0AD498CC9C985F334F7BA0906ACB41FB356CC2EF2A00C62C75D94A79 ] spaceport C:\Windows\system32\drivers\spaceport.sys
18:39:52.0452 0x11b0 spaceport - ok
18:39:52.0464 0x11b0 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
18:39:52.0484 0x11b0 SpbCx - ok
18:39:52.0528 0x11b0 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\Windows\System32\spoolsv.exe
18:39:52.0560 0x11b0 Spooler - ok
18:39:52.0729 0x11b0 [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc C:\Windows\system32\sppsvc.exe
18:39:52.0874 0x11b0 sppsvc - ok
18:39:52.0912 0x11b0 [ 937CC1CBAE9451CF7B7902151A56ACCB, 8F6B08CDDA51649D18D37EF10EB95C79E285F95595B2B465E6978C18B0730700 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:39:52.0938 0x11b0 srv - ok
18:39:52.0965 0x11b0 [ 94ED1930732AD40C4C65C645BE56F48A, 7AA35AD96FBA1CDD70DE3FB6CD64DD8E4BE98F31F2433CD8EA90531D267B09D2 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:39:53.0002 0x11b0 srv2 - ok
18:39:53.0037 0x11b0 [ FABC49666708EA562549E78E6FBF3191, BE1FEBFC259308B39C727915C41A67CD50720A6E2A68D148F4F2F926AED43B02 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:39:53.0061 0x11b0 srvnet - ok
18:39:53.0090 0x11b0 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:39:53.0105 0x11b0 SSDPSRV - ok
18:39:53.0124 0x11b0 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:39:53.0137 0x11b0 SstpSvc - ok
18:39:53.0158 0x11b0 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:39:53.0178 0x11b0 stexstor - ok
18:39:53.0226 0x11b0 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll
18:39:53.0248 0x11b0 stisvc - ok
18:39:53.0260 0x11b0 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys
18:39:53.0280 0x11b0 storahci - ok
18:39:53.0314 0x11b0 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:39:53.0334 0x11b0 storflt - ok
18:39:53.0358 0x11b0 [ 0EDD1F4D470C775740625B06A60C9DD5, 94964D0A793B1C984E87095249EE383A5E669D05BA6BF9F655587887E6CE3C19 ] stornvme C:\Windows\system32\drivers\stornvme.sys
18:39:53.0394 0x11b0 stornvme - ok
18:39:53.0420 0x11b0 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll
18:39:53.0431 0x11b0 StorSvc - ok
18:39:53.0465 0x11b0 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:39:53.0500 0x11b0 storvsc - ok
18:39:53.0525 0x11b0 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll
18:39:53.0536 0x11b0 svsvc - ok
18:39:53.0561 0x11b0 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys
18:39:53.0577 0x11b0 swenum - ok
18:39:53.0621 0x11b0 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll
18:39:53.0644 0x11b0 swprv - ok
18:39:53.0684 0x11b0 [ 2D6C2C672D092B82FD22AFDB9E32B1EF, E5988F82955D9A5EE712831CF0E420A88316E7126BC24D834460CF7115F91AD4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:39:53.0698 0x11b0 SynTP - ok
18:39:53.0758 0x11b0 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\Windows\system32\sysmain.dll
18:39:53.0792 0x11b0 SysMain - ok
18:39:53.0822 0x11b0 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
18:39:53.0838 0x11b0 SystemEventsBroker - ok
18:39:53.0867 0x11b0 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:39:53.0880 0x11b0 TabletInputService - ok
18:39:53.0922 0x11b0 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll
18:39:53.0937 0x11b0 TapiSrv - ok
18:39:54.0027 0x11b0 [ 2F10C145F517419E17203632FCDA0A13, 143F5837AE79E3EDB98F17A4661ECD5BCBFEB317077286B51E765560339B53A8 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:39:54.0117 0x11b0 Tcpip - ok
18:39:54.0169 0x11b0 [ 2F10C145F517419E17203632FCDA0A13, 143F5837AE79E3EDB98F17A4661ECD5BCBFEB317077286B51E765560339B53A8 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:39:54.0254 0x11b0 TCPIP6 - ok
18:39:54.0273 0x11b0 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:39:54.0293 0x11b0 tcpipreg - ok
18:39:54.0313 0x11b0 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:39:54.0335 0x11b0 tdx - ok
18:39:54.0358 0x11b0 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys
18:39:54.0377 0x11b0 terminpt - ok
18:39:54.0424 0x11b0 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll
18:39:54.0453 0x11b0 TermService - ok
18:39:54.0482 0x11b0 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll
18:39:54.0494 0x11b0 Themes - ok
18:39:54.0530 0x11b0 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll
18:39:54.0541 0x11b0 THREADORDER - ok
18:39:54.0559 0x11b0 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
18:39:54.0574 0x11b0 TimeBroker - ok
18:39:54.0602 0x11b0 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\Windows\system32\drivers\tpm.sys
18:39:54.0625 0x11b0 TPM - ok
18:39:54.0650 0x11b0 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll
18:39:54.0662 0x11b0 TrkWks - ok
18:39:54.0699 0x11b0 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:39:54.0709 0x11b0 TrustedInstaller - ok
18:39:54.0733 0x11b0 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:39:54.0754 0x11b0 TsUsbFlt - ok
18:39:54.0778 0x11b0 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
18:39:54.0797 0x11b0 TsUsbGD - ok
18:39:54.0999 0x11b0 [ A7727DAD653AFC812C154A8A3334914D, D760B98534A238FAB54D57C842CF21EF0634AA9652E160B4E861543A43AD2A65 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
18:39:55.0104 0x11b0 TuneUp.UtilitiesSvc - ok
18:39:55.0134 0x11b0 [ 9B5C98C9F9EF5E62806DCD58B0D8EACE, B4B8A3F943C2C401CA1ED05BDA0C6D631106B258FB40C433AC856DCA7E8D7F7A ] TuneUpUtilitiesDrv C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
18:39:55.0148 0x11b0 TuneUpUtilitiesDrv - ok
18:39:55.0176 0x11b0 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:39:55.0200 0x11b0 tunnel - ok
18:39:55.0228 0x11b0 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:39:55.0248 0x11b0 uagp35 - ok
18:39:55.0260 0x11b0 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
18:39:55.0280 0x11b0 UASPStor - ok
18:39:55.0320 0x11b0 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
18:39:55.0344 0x11b0 UCX01000 - ok
18:39:55.0370 0x11b0 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:39:55.0396 0x11b0 udfs - ok
18:39:55.0427 0x11b0 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys
18:39:55.0445 0x11b0 UEFI - ok
18:39:55.0476 0x11b0 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:39:55.0489 0x11b0 UI0Detect - ok
18:39:55.0497 0x11b0 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:39:55.0517 0x11b0 uliagpkx - ok
18:39:55.0541 0x11b0 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys
18:39:55.0561 0x11b0 umbus - ok
18:39:55.0578 0x11b0 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys
18:39:55.0597 0x11b0 UmPass - ok
18:39:55.0640 0x11b0 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll
18:39:55.0655 0x11b0 UmRdpService - ok
18:39:55.0700 0x11b0 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll
18:39:55.0719 0x11b0 upnphost - ok
18:39:55.0754 0x11b0 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
18:39:55.0776 0x11b0 usbccgp - ok
18:39:55.0808 0x11b0 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys
18:39:55.0830 0x11b0 usbcir - ok
18:39:55.0856 0x11b0 [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci C:\Windows\System32\drivers\usbehci.sys
18:39:55.0877 0x11b0 usbehci - ok
18:39:55.0911 0x11b0 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\Windows\System32\drivers\usbhub.sys
18:39:55.0943 0x11b0 usbhub - ok
18:39:55.0981 0x11b0 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
18:39:56.0012 0x11b0 USBHUB3 - ok
18:39:56.0030 0x11b0 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\Windows\System32\drivers\usbohci.sys
18:39:56.0049 0x11b0 usbohci - ok
18:39:56.0068 0x11b0 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys
18:39:56.0089 0x11b0 usbprint - ok
18:39:56.0106 0x11b0 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\Windows\System32\drivers\usbscan.sys
18:39:56.0127 0x11b0 usbscan - ok
18:39:56.0147 0x11b0 [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
18:39:56.0169 0x11b0 USBSTOR - ok
18:39:56.0190 0x11b0 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
18:39:56.0210 0x11b0 usbuhci - ok
18:39:56.0244 0x11b0 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:39:56.0269 0x11b0 usbvideo - ok
18:39:56.0306 0x11b0 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
18:39:56.0333 0x11b0 USBXHCI - ok
18:39:56.0345 0x11b0 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe
18:39:56.0355 0x11b0 VaultSvc - ok
18:39:56.0385 0x11b0 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:39:56.0407 0x11b0 vdrvroot - ok
18:39:56.0465 0x11b0 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\Windows\System32\vds.exe
18:39:56.0498 0x11b0 vds - ok
18:39:56.0529 0x11b0 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
18:39:56.0553 0x11b0 VerifierExt - ok
18:39:56.0589 0x11b0 [ 8ABB4BABF59F092DF0B43778D8FD1884, 94C2100CE86448543A8DD586AD4A128AB9EB37959238D70F33EF59202270AC6C ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
18:39:56.0625 0x11b0 vhdmp - ok
18:39:56.0642 0x11b0 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys
18:39:56.0662 0x11b0 viaide - ok
18:39:56.0695 0x11b0 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:39:56.0714 0x11b0 vmbus - ok
18:39:56.0746 0x11b0 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
18:39:56.0765 0x11b0 VMBusHID - ok
18:39:56.0806 0x11b0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
18:39:56.0824 0x11b0 vmicguestinterface - ok
18:39:56.0835 0x11b0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
18:39:56.0853 0x11b0 vmicheartbeat - ok
18:39:56.0866 0x11b0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
18:39:56.0884 0x11b0 vmickvpexchange - ok
18:39:56.0897 0x11b0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll
18:39:56.0916 0x11b0 vmicrdv - ok
18:39:56.0928 0x11b0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll
18:39:56.0946 0x11b0 vmicshutdown - ok
18:39:56.0959 0x11b0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll
18:39:56.0977 0x11b0 vmictimesync - ok
18:39:56.0989 0x11b0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll
18:39:57.0009 0x11b0 vmicvss - ok
18:39:57.0030 0x11b0 [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:39:57.0051 0x11b0 volmgr - ok
18:39:57.0084 0x11b0 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:39:57.0112 0x11b0 volmgrx - ok
18:39:57.0141 0x11b0 [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:39:57.0170 0x11b0 volsnap - ok
18:39:57.0197 0x11b0 [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci C:\Windows\System32\drivers\vpci.sys
18:39:57.0216 0x11b0 vpci - ok
18:39:57.0241 0x11b0 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:39:57.0264 0x11b0 vsmraid - ok
18:39:57.0315 0x11b0 [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS C:\Windows\system32\vssvc.exe
18:39:57.0349 0x11b0 VSS - ok
18:39:57.0381 0x11b0 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
18:39:57.0408 0x11b0 VSTXRAID - ok
18:39:57.0430 0x11b0 [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:39:57.0451 0x11b0 vwifibus - ok
18:39:57.0466 0x11b0 [ 29AB43937FFDA0B0FB56984226E698C6, 6A1A559964FE5D594E54988C46149969E6FFD5A8D5A6862E14648B608794CC29 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:39:57.0631 0x11b0 vwififlt - ok
18:39:57.0671 0x11b0 [ 8B8624A93E3F88CB923AEB05B6313227, 2856B63CD376BF2B1A9129581E7B9207588D4EAFD29A2C8D98F176FEAFDE26A9 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:39:57.0740 0x11b0 vwifimp - ok
18:39:57.0796 0x11b0 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\Windows\system32\w32time.dll
18:39:57.0816 0x11b0 W32Time - ok
18:39:57.0855 0x11b0 [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc C:\Windows\system32\inetsrv\w3logsvc.dll
18:39:57.0865 0x11b0 w3logsvc - ok
18:39:57.0910 0x11b0 [ A212A4F5D2BB731F9CC6E2C546A0B464, 32828D9A153519D3521F89419DCE91ABB25AD0601A525ED8947C1FA2434DF608 ] WacHidRouter C:\Windows\System32\drivers\wachidrouter.sys
18:39:57.0929 0x11b0 WacHidRouter - ok
18:39:57.0952 0x11b0 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
18:39:57.0974 0x11b0 WacomPen - ok
18:39:58.0000 0x11b0 [ E722E0C28881186D1B7E09A66C4D4DA5, 8BAF9D96706EE4251F20E850ECDF4201ADB04C9A8E31FD5C669F75E2299A0414 ] wacomrouterfilter C:\Windows\System32\drivers\wacomrouterfilter.sys
18:39:58.0015 0x11b0 wacomrouterfilter - ok
18:39:58.0038 0x11b0 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:39:58.0061 0x11b0 Wanarp - ok
18:39:58.0066 0x11b0 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:39:58.0088 0x11b0 Wanarpv6 - ok
18:39:58.0128 0x11b0 [ BD674869EC08E857775A9F6047312B95, 9EAAAB12BA15125A2DAA61AFC0077F59B79AFC3458C331CD00F9E5136A763EA6 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
18:39:58.0149 0x11b0 WAS - ok
18:39:58.0222 0x11b0 [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine C:\Windows\system32\wbengine.exe
18:39:58.0266 0x11b0 wbengine - ok
18:39:58.0309 0x11b0 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:39:58.0331 0x11b0 WbioSrvc - ok
18:39:58.0347 0x11b0 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
18:39:58.0366 0x11b0 Wcmsvc - ok
18:39:58.0400 0x11b0 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:39:58.0420 0x11b0 wcncsvc - ok
18:39:58.0447 0x11b0 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:39:58.0461 0x11b0 WcsPlugInService - ok
18:39:58.0493 0x11b0 [ F2E08D1C067FEFC3A42D21FD4810F1D3, A8AD114094D9AE3BC6F76940EF873FD21CCF130DE7F8712950F1962DCE25F1B3 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
18:39:58.0514 0x11b0 WdBoot - ok
18:39:58.0553 0x11b0 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:39:58.0593 0x11b0 Wdf01000 - ok
18:39:58.0638 0x11b0 [ E234820E6B84ABA5E84E00227F505AE8, 645B809B883D8F678F2535B575AA1D595F27EBFCE0A16433E9A54CC266BD74F2 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
18:39:58.0665 0x11b0 WdFilter - ok
18:39:58.0693 0x11b0 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:39:58.0706 0x11b0 WdiServiceHost - ok
18:39:58.0710 0x11b0 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:39:58.0723 0x11b0 WdiSystemHost - ok
18:39:58.0757 0x11b0 [ 9955F303C20C4F58DB6645C6248DE1C8, 1A04B5C0EF2FE0CDBA054104727C54A02072B829BEAF4F3E4D16E581B50593F1 ] wdm_usb C:\Windows\system32\DRIVERS\usb2ser.sys
18:39:58.0801 0x11b0 wdm_usb - ok
18:39:58.0831 0x11b0 [ A74AD6D80AC26E1B5DD276FC927F2BAC, F73F090D46BB2AAA6A8D148C658B2EA8C07B16201BB800A9283F4017DC249809 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
18:39:58.0853 0x11b0 WdNisDrv - ok
18:39:58.0876 0x11b0 WdNisSvc - ok
18:39:58.0904 0x11b0 [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient C:\Windows\System32\webclnt.dll
18:39:58.0920 0x11b0 WebClient - ok
18:39:58.0957 0x11b0 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:39:58.0972 0x11b0 Wecsvc - ok
18:39:58.0995 0x11b0 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
18:39:59.0007 0x11b0 WEPHOSTSVC - ok
18:39:59.0027 0x11b0 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:39:59.0058 0x11b0 wercplsupport - ok
18:39:59.0072 0x11b0 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll
18:39:59.0086 0x11b0 WerSvc - ok
18:39:59.0120 0x11b0 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
18:39:59.0141 0x11b0 WFPLWFS - ok
18:39:59.0155 0x11b0 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll
18:39:59.0166 0x11b0 WiaRpc - ok
18:39:59.0199 0x11b0 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:39:59.0218 0x11b0 WIMMount - ok
18:39:59.0220 0x11b0 WinDefend - ok
18:39:59.0267 0x11b0 [ 0E70990EC2E5D2331AA5E88DB0CFB826, 79DFF565C3FCBC691E8FEB669CEC00E340FD2A2AFA4488D23A7CC63A2A98A5C1 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
18:39:59.0290 0x11b0 WinHttpAutoProxySvc - ok
18:39:59.0340 0x11b0 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:39:59.0365 0x11b0 Winmgmt - ok
18:39:59.0455 0x11b0 [ B56BFFFB740D76E634DB7B4802E36E4E, 2AA84756DE882463AE4C7BA0DCDEE3E5501DDF673ADD3F37B2B814FB0342E61F ] WinRM C:\Windows\system32\WsmSvc.dll
18:39:59.0510 0x11b0 WinRM - ok
18:39:59.0531 0x11b0 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb C:\Windows\System32\drivers\WinUsb.sys
18:39:59.0553 0x11b0 WinUsb - ok
18:39:59.0577 0x11b0 [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
18:39:59.0596 0x11b0 WirelessButtonDriver - ok
18:39:59.0657 0x11b0 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll
18:39:59.0693 0x11b0 WlanSvc - ok
18:39:59.0764 0x11b0 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll
18:39:59.0804 0x11b0 wlidsvc - ok
18:39:59.0819 0x11b0 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
18:39:59.0839 0x11b0 WmiAcpi - ok
18:39:59.0875 0x11b0 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:39:59.0886 0x11b0 wmiApSrv - ok
18:39:59.0899 0x11b0 WMPNetworkSvc - ok
18:39:59.0918 0x11b0 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
18:39:59.0955 0x11b0 Wof - ok
18:40:00.0022 0x11b0 [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
18:40:00.0060 0x11b0 workfolderssvc - ok
18:40:00.0093 0x11b0 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
18:40:00.0112 0x11b0 wpcfltr - ok
18:40:00.0133 0x11b0 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:40:00.0144 0x11b0 WPCSvc - ok
18:40:00.0164 0x11b0 [ DBDCE2378F65F0A07D4644AC103037E7, 99714F0CD31297C9831BAF04768F467F6E0BF710C859CEDCA83069226BF1A68A ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:40:00.0176 0x11b0 WPDBusEnum - ok
18:40:00.0191 0x11b0 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
18:40:00.0210 0x11b0 WpdUpFltr - ok
18:40:00.0220 0x11b0 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:40:00.0241 0x11b0 ws2ifsl - ok
18:40:00.0273 0x11b0 [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc C:\Windows\System32\wscsvc.dll
18:40:00.0286 0x11b0 wscsvc - ok
18:40:00.0289 0x11b0 WSearch - ok
18:40:00.0405 0x11b0 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll
18:40:00.0487 0x11b0 WSService - ok
18:40:00.0545 0x11b0 [ 539D52A1CB4CC3BFB9B6CAD7883B8ECA, 3CAC8F755F85F06C6FFA8C5328943DC55F410EAAA64F0E4241C3E7F60A48D4A9 ] WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
18:40:00.0561 0x11b0 WTabletServiceCon - ok
18:40:00.0668 0x11b0 [ 970B6A52041C641E47D6A31288C08716, B40A2FE234C1E3E1F05BBF9656B46C97188C4589E2471DE15FF3C621063FE815 ] wuauserv C:\Windows\system32\wuaueng.dll
18:40:00.0739 0x11b0 wuauserv - ok
18:40:00.0778 0x11b0 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:40:00.0810 0x11b0 WudfPf - ok
18:40:00.0834 0x11b0 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
18:40:00.0859 0x11b0 WUDFRd - ok
18:40:00.0872 0x11b0 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:40:00.0885 0x11b0 wudfsvc - ok
18:40:00.0892 0x11b0 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\Windows\System32\drivers\WUDFRd.sys
18:40:00.0914 0x11b0 WUDFWpdFs - ok
18:40:00.0921 0x11b0 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\Windows\System32\drivers\WUDFRd.sys
18:40:00.0954 0x11b0 WUDFWpdMtp - ok
18:40:00.0999 0x11b0 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:40:01.0018 0x11b0 WwanSvc - ok
18:40:01.0027 0x11b0 ================ Scan global ===============================
18:40:01.0077 0x11b0 [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\Windows\system32\basesrv.dll
18:40:01.0148 0x11b0 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
18:40:01.0177 0x11b0 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
18:40:01.0222 0x11b0 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
18:40:01.0229 0x11b0 [ Global ] - ok
18:40:01.0230 0x11b0 ================ Scan MBR ==================================
18:40:01.0249 0x11b0 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:40:01.0319 0x11b0 \Device\Harddisk0\DR0 - ok
18:40:01.0320 0x11b0 ================ Scan VBR ==================================
18:40:01.0322 0x11b0 [ B178BB18F122D041795346CDD35B3327 ] \Device\Harddisk0\DR0\Partition1
18:40:01.0323 0x11b0 \Device\Harddisk0\DR0\Partition1 - ok
18:40:01.0350 0x11b0 [ 1A1C00B876990D77AC368331D05744BF ] \Device\Harddisk0\DR0\Partition2
18:40:01.0350 0x11b0 \Device\Harddisk0\DR0\Partition2 - ok
18:40:01.0367 0x11b0 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
18:40:01.0367 0x11b0 \Device\Harddisk0\DR0\Partition3 - ok
18:40:01.0381 0x11b0 [ 2E82EB15CCDE2AE16EEA14514CC83763 ] \Device\Harddisk0\DR0\Partition4
18:40:01.0383 0x11b0 \Device\Harddisk0\DR0\Partition4 - ok
18:40:01.0410 0x11b0 [ E1A3D9072DC6F8F83CBDF2AD61B9C463 ] \Device\Harddisk0\DR0\Partition5
18:40:01.0412 0x11b0 \Device\Harddisk0\DR0\Partition5 - ok
18:40:01.0412 0x11b0 ================ Scan generic autorun ======================
18:40:01.0640 0x11b0 [ CF161C7C6B23A8827C41292F60E6B078, 5A5BCA8AD6D5CE7CB92C2A65173A2DE0D17C1404747C2BF751687DDA0C728FEA ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
18:40:01.0857 0x11b0 RTHDVCPL - ok
18:40:01.0894 0x11b0 [ 829B05FC19F71A9F6B77E126A8876D1F, CC7519DDE36C6C2CBCDF8C48FA5EFC9CA0D70856EDA6C38724E2333F719158F3 ] C:\Windows\system32\igfxtray.exe
18:40:01.0908 0x11b0 IgfxTray - ok
18:40:01.0932 0x11b0 [ 0C00C1914ABA8C86B084C1BD980867B5, EAE84166B81B02343D4F81508AFBED3CCC6B9CD19BC3A10D7041F4A9FF3CBC40 ] C:\Windows\system32\hkcmd.exe
18:40:01.0953 0x11b0 HotKeysCmds - ok
18:40:01.0991 0x11b0 [ 712066A5167491F7B9226B45E14981EA, E5FF7228836AA204F5E5BFF2A8809FF97A5B3E08DDCA7629A08F87CE5715F080 ] C:\Windows\system32\igfxpers.exe
18:40:02.0014 0x11b0 Persistence - ok
18:40:02.0110 0x11b0 [ 88DA2E50CBCD4C062632EE34923C5913, A0EEFC404049798B2319C90F8FB3A9A42323204DB89182F7A968B8723F913B79 ] C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
18:40:02.0200 0x11b0 SimplePass - ok
18:40:02.0230 0x11b0 [ B5F08FCC816B933D8EC1FACCE62B2A12, 950A1764E90EE11BCC033C30BD823855AA92E62479AF6ECA762F491FF670A125 ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
18:40:02.0238 0x11b0 OPBHOBroker - ok
18:40:02.0249 0x11b0 [ 1C8F76268DE368A288C6AFB2F00F348F, CB25D1332C694CD460038FC2A5CD1D223AEECBBEDD1768B0F6727219EEF16ABA ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
18:40:02.0257 0x11b0 OPBHOBrokerDesktop - ok
18:40:02.0257 0x11b0 SynTPEnh - ok
18:40:02.0306 0x11b0 [ 90B5961694842A04122436F217A07AC6, 47D0EB626EF60D407C6099B49E93EB5434B89C27E1BCD4FBB822BFD3958350B0 ] C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe
18:40:02.0319 0x11b0 AvgUi - ok
18:40:02.0367 0x11b0 [ D9034BE319B5F56796662BA970426CA5, EF9523B4FD8FF85F00948EFAD46E4DED17B9FFA889E7975E91B51241384C9838 ] C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe
18:40:02.0380 0x11b0 AVGUI.exe - ok
18:40:02.0439 0x11b0 [ 56C262B2CFDE9A101455CE6A60762C6C, 66504DC72530E788962CF7D88EE14804098CE52675BA3143A291694D31036E10 ] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
18:40:02.0446 0x11b0 AccelerometerSysTrayApplet - ok
18:40:02.0499 0x11b0 [ E2043ABD9E13E1B7BF74B1D05E15AA47, B59953E4F2392858601551A4FA2024742B99E6AF48D71C3155548C97E25A1FA9 ] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
18:40:02.0524 0x11b0 HPMessageService - ok
18:40:02.0593 0x11b0 [ 57C635C41750117D206C90DA9C599777, D5291ED79FC08217758FB526FC8CCC9D374B65B49446104D271C36B0C1298446 ] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
18:40:02.0629 0x11b0 BrMfcWnd - detected UnsignedFile.Multi.Generic ( 1 )
18:40:03.0061 0x11b0 Detect skipped due to KSN trusted
18:40:03.0061 0x11b0 BrMfcWnd - ok
18:40:03.0117 0x11b0 [ 4DE3EF07E0854547309C6B40235A9D44, F73D8E6D98583865D1C8DB728058D83C72A3908E21E04EF313FCB829C040A1EC ] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
18:40:03.0123 0x11b0 ControlCenter3 - detected UnsignedFile.Multi.Generic ( 1 )
18:40:03.0463 0x11b0 Detect skipped due to KSN trusted
18:40:03.0463 0x11b0 ControlCenter3 - ok
18:40:03.0507 0x11b0 [ 90B5961694842A04122436F217A07AC6, 47D0EB626EF60D407C6099B49E93EB5434B89C27E1BCD4FBB822BFD3958350B0 ] C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe
18:40:03.0518 0x11b0 AvgUi - ok
18:40:03.0575 0x11b0 [ 33040C4D7902CF7FB7C54311B17FB1F3, D803FFC394219B984DBF84C759AE6B56F4F04D4C6CBF593A4FEEAF9ADCE99138 ] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
18:40:03.0587 0x11b0 YouCam Service - ok
18:40:03.0674 0x11b0 [ E43A851F7B12DE589424D6C656155CFC, FD42172921C18D1BBDFC0C5CFFFD6D0534764D770E210CA3E1DF61A66A99BE62 ] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
18:40:03.0692 0x11b0 AdobeCS4ServiceManager - ok
18:40:03.0753 0x11b0 [ 5E5637173FDD195AD51F0C7223CA1D29, 4D2A3CFF3273F0074540F4AFD957742F76D3F01C35272A42985A825651BA17E4 ] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
18:40:03.0766 0x11b0 Adobe_ID0ENQBO - ok
18:40:03.0824 0x11b0 [ 72349E9D78CD00F9CC0A1F0DD6F4AB12, 123A9379129F1F367C042ABDCB16B773B368E8F323D307643303BEF7230F860D ] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
18:40:03.0843 0x11b0 BambooCore - ok
18:40:03.0885 0x11b0 [ 81A6C17BA5A134A9E7DC82D39D2196BC, 6CEBFDC28032BDA1A902ABC7A6A0A2D1F6C8D5B5AA46AC6D65AEA340405293B1 ] C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
18:40:03.0900 0x11b0 Bamboo Dock - detected UnsignedFile.Multi.Generic ( 1 )
18:40:04.0046 0x11b0 Detect skipped due to KSN trusted
18:40:04.0046 0x11b0 Bamboo Dock - ok
18:40:04.0046 0x11b0 Waiting for KSN requests completion. In queue: 181
18:40:04.0402 0x1d00 Object required for P2P: [ F264662C057A54AA2DE41B3C7551712F ] sppsvc
18:40:04.0726 0x1d00 Object send P2P result: true
18:40:05.0058 0x11b0 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.209.0 ), 0x60110 ( disabled : outofdate )
18:40:05.0059 0x11b0 AV detected via SS2: AVG Antivirus, C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe ( 17.4.3482.0 ), 0x41000 ( enabled : updated )
18:40:05.0133 0x11b0 Win FW state via NFP2: enabled ( trusted )
18:40:05.0293 0x11b0 ============================================================
18:40:05.0293 0x11b0 Scan finished
18:40:05.0293 0x11b0 ============================================================
18:40:05.0298 0x1120 Detected object count: 0
18:40:05.0298 0x1120 Actual detected object count: 0
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
durchgeführt von edna (Administrator) auf EDNA (24-05-2017 18:30:38)
Gestartet von C:\Users\edna\Downloads
Geladene Profile: UpdatusUser & edna (Verfügbare Profile: UpdatusUser & edna)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Farbar) C:\Users\edna\Downloads\FRST64(1).exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-05] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-05-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [629848 2011-06-24] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Run: [Bamboo Dock] => C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [225792 2016-08-25] ()
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B06723A-FDFE-4E97-BF74-1EA62201DBC9}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
URLSearchHook: [S-1-5-21-4228764417-1678587509-1480794071-1001] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> {6C1AAC34-CF82-42D9-98BB-927F06618ADD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4228764417-1678587509-1480794071-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: lt3omf3d.default-1495134155076
FF ProfilePath: C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\lt3omf3d.default-1495134155076 [2017-05-24]
FF Extension: (uBlock Origin) - C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\lt3omf3d.default-1495134155076\Extensions\uBlock0@raymondhill.net.xpi [2017-05-21]
FF HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\oemqkvkm.default\extensions\cliqz@cliqz.com => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-05-15] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-04-27] (AVG Technologies CZ, s.r.o.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [Datei ist nicht signiert]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-18] (CyberLink)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\elfoService.exe [1283336 2017-04-21] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [Datei ist nicht signiert]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-17] (Realtek Semiconductor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314128 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-05-15] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [129776 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102280 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [570320 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [160008 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340824 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-10-05] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2946264 2013-10-19] (Realtek Semiconductor Corporation )
R3 Sftfs; C:\Windows\system32\DRIVERS\Sftfswin7.sys [765288 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\system32\DRIVERS\Sftplaywin7.sys [268648 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\system32\DRIVERS\Sftvolwin7.sys [22376 2011-10-01] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-06-01] (AVG Netherlands B.V.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-24 18:30 - 2017-05-24 18:31 - 00020287 _____ C:\Users\edna\Downloads\FRST.txt
2017-05-24 18:30 - 2017-05-24 18:30 - 00000000 ____D C:\FRST
2017-05-24 18:29 - 2017-05-24 18:29 - 02429952 _____ (Farbar) C:\Users\edna\Downloads\FRST64(1).exe
2017-05-23 12:56 - 2017-05-23 12:56 - 00000000 ____D C:\Program Files (x86)\MIO
2017-05-23 12:55 - 2017-05-23 12:59 - 00000000 ____D C:\Program Files (x86)\Gerrupy
2017-05-23 12:55 - 2017-05-23 12:55 - 00000000 ____D C:\Program Files\MK
2017-05-23 12:55 - 2017-05-23 12:55 - 00000000 ____D C:\Jopetiondipas
2017-05-21 13:35 - 2017-05-21 13:35 - 00000000 ____D C:\Users\edna\AppData\Roaming\Synaptics
2017-05-21 13:34 - 2017-05-23 13:00 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-21 13:31 - 2017-05-21 13:31 - 00011681 _____ C:\Users\edna\AppData\Local\recently-used.xbel
2017-05-20 15:11 - 2017-05-24 14:27 - 00000000 ____D C:\Users\edna\AppData\LocalLow\Mozilla
2017-05-20 15:11 - 2017-05-20 15:16 - 00000000 ____D C:\Users\edna\AppData\Local\Mozilla
2017-05-20 15:11 - 2017-05-20 15:11 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-20 15:11 - 2017-05-20 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-20 15:11 - 2017-05-20 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-20 13:08 - 2017-05-20 13:08 - 00000000 ____D C:\Users\edna\AppData\Local\Macromedia
2017-05-20 11:38 - 2017-05-20 13:19 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-05-19 23:30 - 2017-05-19 23:41 - 00011706 _____ C:\Users\edna\Documents\Einnahme überschuss 2016.ods
2017-05-19 21:32 - 2017-05-19 21:32 - 00000000 ____D C:\Users\edna\AppData\Local\CEF
2017-05-19 21:07 - 2017-05-19 21:07 - 04110280 _____ C:\Users\edna\Downloads\adwcleaner_6.047.exe
2017-05-16 17:39 - 2017-05-16 17:39 - 01770496 _____ (Farbar) C:\Users\edna\Downloads\FRST.exe
2017-05-16 17:38 - 2017-05-16 17:38 - 02429952 _____ (Farbar) C:\Users\edna\Downloads\FRST64.exe
2017-05-16 15:36 - 2017-05-21 13:40 - 00000542 _____ C:\Users\edna\Desktop\JRT.txt
2017-05-16 15:34 - 2017-05-16 15:34 - 01663672 _____ (Malwarebytes) C:\Users\edna\Downloads\JRT.exe
2017-05-15 21:05 - 2017-05-15 21:05 - 00001160 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Users\edna\AppData\Roaming\elsterformular
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Program Files (x86)\ElsterFormular Update Service
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2017-05-15 20:02 - 2017-05-15 20:24 - 235253760 _____ C:\Users\edna\Downloads\ElsterFormularUnternehmerSelbstaendige.msi
2017-05-15 10:14 - 2017-05-15 10:14 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-05-11 13:32 - 2017-04-29 00:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-11 13:32 - 2017-04-29 00:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 16:52 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-05-10 16:09 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-10 16:08 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 16:08 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 16:08 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-10 16:08 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 16:08 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 16:08 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-10 16:08 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 16:08 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 16:08 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 16:08 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 16:08 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 16:08 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 16:08 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 16:08 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 16:08 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 16:08 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 16:08 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 16:08 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-10 16:08 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 16:08 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 16:08 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 16:08 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 16:08 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-10 16:08 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 16:08 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 16:08 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 16:08 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 16:08 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 16:08 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 16:08 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 16:08 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 16:08 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 16:08 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-10 16:08 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 16:08 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 16:08 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-10 16:08 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 16:08 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 16:08 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 16:08 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 16:08 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-10 16:08 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 16:08 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 16:08 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 16:08 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 16:08 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 16:08 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 16:08 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 16:08 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 16:08 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 16:08 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 16:08 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 16:08 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 16:08 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 16:08 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 16:08 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-10 16:08 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-10 16:08 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-10 16:08 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-10 16:08 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-10 16:08 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-10 16:08 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 16:08 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 16:08 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 16:08 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 16:08 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 16:08 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 16:08 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-10 16:08 - 2017-03-11 01:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-10 16:08 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-10 16:08 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-10 16:08 - 2017-03-08 04:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-08 00:14 - 2017-05-08 00:14 - 03120875 _____ C:\Users\edna\Downloads\MLG_Plakat_Sommer2017_print.pdf
2017-05-03 23:28 - 2017-05-03 23:28 - 00000000 ____D C:\Program Files (x86)\IIS
2017-04-28 03:08 - 2017-05-23 12:58 - 00000000 ____D C:\AdwCleaner
2017-04-28 02:53 - 2017-04-28 02:53 - 00000000 ___HD C:\$AV_AVG
2017-04-28 02:51 - 2017-04-28 02:51 - 00000000 ____D C:\Users\edna\AppData\Local\Google
2017-04-28 02:33 - 2017-05-03 23:25 - 00000000 _____ C:\Windows\SysWOW64\11
2017-04-27 18:44 - 2017-04-27 19:08 - 00001156 _____ C:\Users\edna\Desktop\Avast Browser Cleanup.lnk
2017-04-27 18:44 - 2017-04-27 18:44 - 00004210 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-4228764417-1678587509-1480794071-1002
2017-04-27 18:44 - 2017-04-27 18:44 - 00003364 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-4228764417-1678587509-1480794071-1002
2017-04-27 18:44 - 2017-04-27 18:44 - 00000000 ____D C:\Users\edna\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2017-04-27 18:44 - 2017-04-27 18:44 - 00000000 ____D C:\Users\edna\AppData\Roaming\AVAST Software
2017-04-27 18:43 - 2017-04-27 18:43 - 04284888 _____ (AVAST Software) C:\Users\edna\Downloads\avast-browser-cleanup-sfx.exe
2017-04-26 11:54 - 2017-05-05 12:26 - 00000000 ____D C:\Insist
2017-04-25 23:25 - 2017-05-15 10:15 - 00160008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys
2017-04-25 23:25 - 2017-05-15 10:15 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-04-25 23:25 - 2017-05-15 10:14 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00159496 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.149483610904601
2017-04-25 23:25 - 2017-05-15 10:14 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00102280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-04-25 23:23 - 2017-05-04 14:24 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-24 14:26 - 2014-10-02 12:10 - 00000000 __RDO C:\Users\edna\SkyDrive
2017-05-24 14:26 - 2014-10-02 12:08 - 00000000 ____D C:\Users\edna\Documents\Youcam
2017-05-24 14:25 - 2016-09-21 20:52 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-24 01:08 - 2014-10-05 18:06 - 00000000 ____D C:\Windows\system32\MRT
2017-05-24 01:07 - 2014-10-05 18:06 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-23 23:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-23 23:16 - 2014-10-05 12:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-23 12:59 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-21 13:35 - 2015-02-02 20:33 - 00237056 ___SH C:\Users\edna\Desktop\Thumbs.db
2017-05-21 13:35 - 2014-10-02 12:07 - 00000000 ____D C:\Users\edna\AppData\Roaming\Adobe
2017-05-21 13:32 - 2015-02-02 19:56 - 00000000 ____D C:\Users\edna\.gimp-2.8
2017-05-21 13:31 - 2017-02-07 21:38 - 00000000 ____D C:\Users\edna\Documents\Taschen Werbung
2017-05-21 13:31 - 2015-02-02 20:09 - 00000000 ____D C:\Users\edna\AppData\Local\gtk-2.0
2017-05-20 15:30 - 2014-10-02 12:12 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4228764417-1678587509-1480794071-1002
2017-05-20 15:20 - 2015-01-21 14:20 - 00910848 ___SH C:\Users\edna\Documents\Thumbs.db
2017-05-20 15:11 - 2014-10-02 12:26 - 00000000 ____D C:\Users\edna\AppData\Roaming\Mozilla
2017-05-20 14:25 - 2014-10-02 12:10 - 00000000 ____D C:\Users\edna\AppData\Roaming\Hewlett-Packard
2017-05-20 11:38 - 2016-01-05 00:42 - 00000000 ____D C:\Users\edna\Dropbox
2017-05-19 23:24 - 2016-07-22 21:59 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForedna.job
2017-05-16 13:35 - 2014-04-05 11:10 - 00000000 ____D C:\Users\Public\CyberLink
2017-05-16 13:14 - 2014-10-05 11:24 - 02076672 ___SH C:\Users\edna\Downloads\Thumbs.db
2017-05-14 19:34 - 2016-03-15 02:42 - 00000000 ____D C:\Users\edna\Documents\edna page fb
2017-05-12 13:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-05-11 16:55 - 2013-08-22 16:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-05-11 16:54 - 2014-10-03 13:14 - 00216740 ____H C:\Users\edna\AppData\Local\IconCache.db.backup
2017-05-11 13:30 - 2013-08-22 16:44 - 02982488 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 13:30 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-11 13:27 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\inetsrv
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 00:38 - 2014-10-03 00:12 - 00004342 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 00:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-09 00:17 - 2017-04-07 10:51 - 00000000 _____ C:\Windows\SysWOW64\1
2017-05-05 13:12 - 2013-08-22 21:12 - 00000000 ____D C:\Windows\SKB
2017-05-01 00:36 - 2014-01-18 02:40 - 00802436 _____ C:\Windows\system32\perfh007.dat
2017-05-01 00:36 - 2014-01-18 02:40 - 00175180 _____ C:\Windows\system32\perfc007.dat
2017-05-01 00:36 - 2013-08-26 08:09 - 01926152 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-28 13:49 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-04-28 04:04 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppCompat
2017-04-27 19:09 - 2016-08-25 16:25 - 00001164 _____ C:\Users\Public\Desktop\Bamboo Dock.lnk
2017-04-27 19:09 - 2016-08-02 11:11 - 00002567 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2017-04-27 19:09 - 2015-01-21 13:52 - 00001126 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2017-04-27 19:09 - 2014-10-21 19:30 - 00002076 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2017-04-27 19:09 - 2014-10-05 12:41 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2017-04-27 19:09 - 2014-10-02 23:35 - 00002709 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-27 19:09 - 2014-10-02 12:06 - 00002119 _____ C:\Users\Public\Desktop\Snapfish Fotos.lnk
2017-04-27 19:09 - 2014-01-17 18:52 - 00001109 _____ C:\Users\Public\Desktop\HP Connected Music.lnk
2017-04-27 19:08 - 2015-12-13 23:43 - 00002254 _____ C:\Users\edna\Desktop\HP Support Assistant.lnk
2017-04-27 19:08 - 2014-10-02 12:07 - 00001461 _____ C:\Users\edna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-27 19:05 - 2016-08-24 13:41 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2017-04-27 19:05 - 2016-08-24 13:41 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2017-04-27 19:05 - 2016-06-15 22:16 - 00000000 ____D C:\Users\edna\Desktop\Sony Ericsson handy
2017-04-27 19:05 - 2015-09-06 22:22 - 00000000 ____D C:\Users\edna\AppData\Roaming\Wacom
2017-04-27 19:05 - 2014-10-28 22:41 - 00000000 ____D C:\Users\edna\AppData\Local\HPConnectedMusic
2017-04-27 19:05 - 2014-10-06 01:31 - 00000000 ___RD C:\Windows\BrowserChoice
2017-04-27 19:05 - 2014-10-03 12:10 - 00000000 ____D C:\Users\edna\AppData\Roaming\CyberLink
2017-04-27 19:05 - 2014-10-03 00:11 - 00000000 ____D C:\Users\edna\AppData\Local\Adobe
2017-04-27 19:05 - 2014-10-02 23:35 - 00000000 ____D C:\Users\edna\AppData\Roaming\Skype
2017-04-27 19:05 - 2014-10-02 12:04 - 00000000 ____D C:\Users\edna
2017-04-27 19:05 - 2014-04-05 10:55 - 00000000 ____D C:\Users\UpdatusUser
2017-04-27 19:05 - 2013-09-01 04:03 - 00000000 ___HD C:\SYSTEM.SAV
2017-04-27 19:05 - 2013-08-26 08:57 - 00000000 ____D C:\Windows\Panther
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\security
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Registration
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\InputMethod
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\IME
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\FileManager
2017-04-27 19:05 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-04-27 19:04 - 2016-08-25 16:24 - 00000000 ____D C:\Program Files (x86)\Bamboo Dock
2017-04-27 19:04 - 2015-09-06 22:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-27 19:04 - 2015-05-22 12:11 - 00000000 ____D C:\Users\edna\AppData\Local\Avg
2017-04-27 19:04 - 2014-04-05 10:48 - 00000000 ____D C:\Intel
2017-04-27 19:04 - 2013-08-26 08:13 - 00000000 ____D C:\inetpub
2017-04-27 19:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-25 23:26 - 2015-10-29 00:44 - 00000000 ____D C:\Users\edna\AppData\Roaming\AVG
2017-04-25 23:23 - 2014-11-17 15:01 - 00000000 ____D C:\Program Files (x86)\AVG
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-05-21 13:31 - 2017-05-21 13:31 - 0011681 _____ () C:\Users\edna\AppData\Local\recently-used.xbel
2014-10-21 22:20 - 2014-10-21 22:20 - 0000017 _____ () C:\Users\edna\AppData\Local\resmon.resmoncfg
Einige Dateien in TEMP:
====================
2015-10-29 00:36 - 2015-10-29 00:36 - 2892128 _____ (AVG Technologies) C:\Users\edna\AppData\Local\Temp\avg-42e6413a-4c6d-467a-9c8f-7356e6170842.exe
2016-07-30 22:52 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_0814948098.exe
2016-08-22 12:20 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_081612154702.exe
2016-04-19 16:48 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_08171384307.exe
2015-11-18 13:53 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_081914340837.exe
2016-05-31 19:03 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_082145295288.exe
2016-06-24 23:12 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_08415330106.exe
2016-01-26 16:03 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_08483769921.exe
2016-01-05 19:23 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_08703164287.exe
2015-04-13 00:07 - 2015-04-13 00:07 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\edna\AppData\Local\Temp\COMAP.EXE
2014-10-05 11:28 - 2013-06-04 10:30 - 0050432 ____R () C:\Users\edna\AppData\Local\Temp\Extract.exe
2008-09-03 15:55 - 2008-09-03 15:55 - 2044781 _____ (Adobe Systems Incorporated) C:\Users\edna\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
2015-01-19 20:32 - 2015-01-19 20:33 - 31598424 _____ () C:\Users\edna\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
2015-12-13 23:35 - 2015-10-22 02:08 - 0595656 _____ (Hewlett-Packard) C:\Users\edna\AppData\Local\Temp\HPSFUpdater.exe
2015-03-11 16:06 - 2015-03-11 16:06 - 45210216 _____ (Skype Technologies S.A.) C:\Users\edna\AppData\Local\Temp\SkypeSetup.exe
2014-10-04 23:56 - 2014-10-04 23:56 - 33594832 _____ (Hewlett-Packard Company ) C:\Users\edna\AppData\Local\Temp\SP65168.exe
2015-12-13 23:40 - 2015-09-28 10:36 - 0144912 _____ (Hewlett-Packard Company) C:\Users\edna\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-05-21 04:03
==================== Ende von FRST.txt ============================
|
|
24.05.2017, 18:11
| #5 |
| | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitereCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24-05-2017
durchgeführt von edna (24-05-2017 18:31:47)
Gestartet von C:\Users\edna\Downloads
Windows 8.1 (Update) (X64) (2014-10-02 10:06:35)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4228764417-1678587509-1480794071-500 - Administrator - Disabled)
edna (S-1-5-21-4228764417-1678587509-1480794071-1002 - Administrator - Enabled) => C:\Users\edna
Gast (S-1-5-21-4228764417-1678587509-1480794071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4228764417-1678587509-1480794071-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-4228764417-1678587509-1480794071-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Production Premium (HKLM-x32\...\Adobe_36ac9dc8c9a94feb9e5886810012e78) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Avast Browser Cleanup (HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Avast Browser Cleanup) (Version: 12.1.2272.125 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.181.3.3057 - AVG Technologies)
AVG (Version: 1.181.4 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 3.9 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 3.9.0 - Wacom Europe GmbH) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-250C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3418 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
FMW 1 (Version: 1.192.3 - AVG Technologies) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.7140.5002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 de)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
NVIDIA Grafiktreiber 332.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.33 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {06F7C41D-D5E2-4E69-A379-7EC71450C2FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {2E57DDF3-3D32-4ABF-81B4-9BC22484B5DC} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {2E5B046F-67B8-45E2-9878-CA617433EA49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {36A2D39C-0682-41F3-8797-82C9366F6F50} - System32\Tasks\avast! BCU UpdateS-1-5-21-4228764417-1678587509-1480794071-1002 => C:\Users\edna\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {3859DD2C-8FD1-429B-A754-F51C17DE31E4} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
Task: {4256B94E-7A49-4C09-B33A-E8697F6B7AB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {429DE438-2600-44BE-B437-815EF975F4FC} - \Drerbaghtnojerch -> Keine Datei <==== ACHTUNG
Task: {511D66B1-9D09-4FF3-BDFF-0CE04EFC72BC} - System32\Tasks\avastBCLS-1-5-21-4228764417-1678587509-1480794071-1002 => C:\Users\edna\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2017-04-27] (AVAST Software)
Task: {6C94D66A-556E-4048-8F6F-7D00795C50ED} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {7E52FDB0-39AD-4A72-B5C4-688AC37D7421} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {7F419B32-5A52-4188-B3A6-C6EB9C29D4F1} - System32\Tasks\Plotekaresagh Cloud => C:\Program Files (x86)\Gerrupy\xnuhock.exe
Task: {8758E008-35CF-4C51-8674-888EABAEB3A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {9BF9C791-CB81-4A0C-AC03-03CDFD59A4AB} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {9C388871-C240-49A4-A015-C1548F093291} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {AC3698EB-C09F-4D0B-9B1F-837A93A2B62E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {B3DCE44B-E303-4EE4-876A-2880FD7514E5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-05-24] (Microsoft Corporation)
Task: {B9BC956D-5370-4FD2-8E3F-8FAF7082860C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {E1AE9BC6-65CB-4234-B847-D356B6A1E94D} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-05-15] (AVG Technologies CZ, s.r.o.)
Task: {EB0EEC96-3CC2-4749-AE30-1609F938E6A2} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\0116avtUpdateInfo.job => C:\ProgramData\Avg_Update_0116avt\0116avt_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avtUpdateInfo.job => C:\ProgramData\Avg_Update_1114avt\1114avt_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1215avtUpdateInfo.job => C:\ProgramData\Avg_Update_1215avt\1215avt_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\HPCeeScheduleForedna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-10-14 12:23 - 2013-10-14 12:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 12:24 - 2013-10-14 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 12:25 - 2013-10-14 12:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-04-05 10:55 - 2014-01-06 10:13 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-06 22:20 - 2014-08-19 12:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-10-14 12:30 - 2013-10-14 12:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-10-21 19:26 - 2012-09-25 11:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2014-04-05 10:49 - 2013-09-04 03:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-11-28 22:18 - 2016-11-28 22:17 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00999024 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 67717632 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00178120 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00224352 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00685784 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2014-10-21 19:25 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-04-05 11:11 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\edna\Desktop\callsheet.pdf:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\edna\Downloads\339086_skazochnaya_-vedmochka_-feya_1920x1081_(www.GdeFon.ru).jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "BambooCore"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\StartupApproved\Run: => "Bamboo Dock"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{16C6F6A6-5D26-4694-84A8-CD2C687A8151}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2B9D7545-77BC-4656-851B-74169A864C54}] => (Allow) LPort=2869
FirewallRules: [{91967DFA-A622-47B8-9BB7-D1B111FD5F2C}] => (Allow) LPort=1900
FirewallRules: [{59B96128-4C17-4F4A-AD48-51A20DAB1520}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{052496C1-B58A-4C23-9E73-A538E92C32BB}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{F09F378A-B635-49F4-8543-D11F1658FCB5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7AD682DA-88B2-430F-BDCC-D7904957AA45}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9108D28E-943C-4262-92DC-E645C2A3F549}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{391613A5-7B03-4A4A-A88A-BFA3A0AEF525}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60DB0F6C-B3AC-400D-9E23-07713D0D99C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF57A77C-26B9-4940-84D3-1DF2562CA08E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{677239CD-98A4-4438-898E-7E3E90BBE00C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{AF1A809A-D778-4112-BBDD-04630CB09A65}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CB949687-965F-4E28-B055-7506325FB603}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{8B897B5D-0BB3-4407-9760-62C5CE344AEC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{50CDEC7F-552D-4626-90D6-95902FE81035}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{234CD96B-710C-4973-946C-E54D430B5032}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{473854B7-7E0D-48C8-B67B-BDF3C9657E1B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{F2204B47-A524-46D9-81B3-66B0D6F17973}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1D2BBFAF-15DE-4C64-A2BE-1FE3B1E0F6AA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{8FEB0469-075B-4104-B15F-247CAAE3A30D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{61961E0B-F44D-4FB7-8957-2F4FB6558A17}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [TCP Query User{A1B2F60F-2835-4ACA-A1E3-F3A796F4329A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1204C10F-BF5E-4C57-B725-BC220CEA160D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3542656F-E78A-4D8C-B9C7-105F78026FE9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{55968293-47E3-4B9A-A964-F9CE0507CB8D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F80FCE7A-F3E2-4CCC-9714-DFCD0E815EB7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{C268A130-5B3F-4523-9BCA-D92FC20D9198}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{0BF077A3-1820-4D41-BE1D-74FCDE62D968}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{68FC4011-4162-49FC-BEB7-19A112A969B9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{85663279-8374-411F-A65E-19B3BB67F7D1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{374A1F8F-AD0C-492D-9813-B03B5DB4A7B8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{4620EA77-0B38-4467-AB4A-E50F7A752A79}] => (Allow) LPort=5353
FirewallRules: [{25BD84B4-09A5-4D09-ACB9-B8D6ED13D957}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{DAE35A15-6A4D-4A27-8257-F8BCD32F149E}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{E41CDAD8-C835-49D9-85B9-2E38B078D849}] => (Allow) LPort=3703
FirewallRules: [{CF5F3447-3128-4523-B33A-E10D7064E585}] => (Allow) LPort=3704
FirewallRules: [{E51B9F90-6F73-4B95-9500-65F53E6E346A}] => (Allow) LPort=51000
FirewallRules: [{A43F3F22-737A-411F-8C11-96AE8A34DEE9}] => (Allow) LPort=51001
FirewallRules: [{CEE03B55-1772-4D8B-8CED-FF8723DA3FDD}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{9A4EC9B0-1EF1-4BDE-8578-9BF3ECC7F8E0}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{99928D59-B2CD-4CDA-B340-2E0DB9DA8BDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF2FD207-B79C-4B5E-867C-7B49DA14EABA}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{A792010E-C408-4443-9001-6880630CF2A3}] => (Allow) C:\Program Files (x86)\Jamper\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
15-05-2017 21:03:25 ElsterFormular wird installiert
16-05-2017 15:34:47 JRT Pre-Junkware Removal
18-05-2017 01:25:07 JRT Pre-Junkware Removal
18-05-2017 16:50:29 JRT Pre-Junkware Removal
18-05-2017 21:13:19 JRT Pre-Junkware Removal
20-05-2017 13:06:14 JRT Pre-Junkware Removal
21-05-2017 13:38:07 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/24/2017 05:48:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9014015
Error: (05/24/2017 05:48:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9014015
Error: (05/24/2017 05:48:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2017 05:48:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9012781
Error: (05/24/2017 05:48:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9012781
Error: (05/24/2017 05:48:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2017 05:48:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9011359
Error: (05/24/2017 05:48:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9011359
Error: (05/24/2017 05:48:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2017 05:48:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9010234
Systemfehler:
=============
Error: (05/24/2017 03:18:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (05/24/2017 01:18:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (05/23/2017 01:23:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/23/2017 12:59:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Error: (05/23/2017 12:59:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Error: (05/23/2017 12:59:06 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (05/23/2017 12:58:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Error: (05/23/2017 12:58:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (05/23/2017 12:58:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/23/2017 12:58:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-04-25 23:23:21.080
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:20.590
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:19.477
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:18.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:18.051
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:17.484
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:17.010
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:10.564
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:10.102
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:01.014
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 64%
Installierter physikalischer RAM: 8122.15 MB
Verfügbarer physikalischer RAM: 2879.88 MB
Summe virtueller Speicher: 9402.15 MB
Verfügbarer virtueller Speicher: 3442.13 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:682.07 GB) (Free:606.65 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.79 GB) (Free:1.59 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 7AE21138)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
25.05.2017, 10:27
| #6 |
| /// TB-Ausbilder | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitere Servus, bitte alles genau so ausführen wie beschrieben, auch wenn du selber Ähnliches schon ausgeführt hast. Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware 3
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
26.05.2017, 01:26
| #7 |
| | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitereCode:
ATTFilter # AdwCleaner v6.047 - Bericht erstellt am 26/05/2017 um 01:44:51
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-05-25.1 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : edna - EDNA
# Gestartet von : C:\Users\edna\Downloads\adwcleaner_6.047.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
[-] Dienst gelöscht: WinSAPSvc
[-] Dienst gelöscht: SNARE
[-] Dienst gelöscht: BIT
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Users\edna\AppData\Roaming\WinSAPSvc
[-] Ordner gelöscht: C:\Program Files (x86)\Gerrupy
[-] Ordner gelöscht: C:\Users\edna\AppData\Local\SNARE
[-] Ordner gelöscht: C:\ProgramData\BIT
[-] Ordner gelöscht: C:\Jopetiondipas
***** [ Dateien ] *****
[-] Datei gelöscht: C:\Users\edna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BigFarm.lnk
[-] Datei gelöscht: C:\Users\edna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\big_bang_empire.lnk
[-] Datei gelöscht: C:\Users\edna\Desktop\BigFarm.lnk
[-] Datei gelöscht: C:\Users\edna\Desktop\big_bang_empire.lnk
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
[-] Aufgabe gelöscht: Milimili
[-] Aufgabe gelöscht: Plotekaresagh Cloud
[-] Aufgabe gelöscht: Drerbaghtnojerch
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[-] Schlüssel gelöscht: HKLM\SOFTWARE\ScreenShot
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Image File Execution Options" Schlüssel gelöscht
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Firewall Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [4630 Bytes] - [28/04/2017 03:26:00]
C:\AdwCleaner\AdwCleaner[C10].txt - [3695 Bytes] - [16/05/2017 13:19:08]
C:\AdwCleaner\AdwCleaner[C11].txt - [2859 Bytes] - [16/05/2017 17:54:11]
C:\AdwCleaner\AdwCleaner[C12].txt - [3445 Bytes] - [18/05/2017 16:54:47]
C:\AdwCleaner\AdwCleaner[C13].txt - [3468 Bytes] - [18/05/2017 21:06:49]
C:\AdwCleaner\AdwCleaner[C14].txt - [4384 Bytes] - [23/05/2017 12:58:45]
C:\AdwCleaner\AdwCleaner[C15].txt - [2828 Bytes] - [26/05/2017 01:44:51]
C:\AdwCleaner\AdwCleaner[C2].txt - [1422 Bytes] - [28/04/2017 04:04:11]
C:\AdwCleaner\AdwCleaner[C3].txt - [2141 Bytes] - [28/04/2017 13:48:04]
C:\AdwCleaner\AdwCleaner[C4].txt - [2279 Bytes] - [04/05/2017 00:01:07]
C:\AdwCleaner\AdwCleaner[C5].txt - [2059 Bytes] - [05/05/2017 13:55:48]
C:\AdwCleaner\AdwCleaner[C6].txt - [2951 Bytes] - [09/05/2017 13:20:14]
C:\AdwCleaner\AdwCleaner[C7].txt - [2446 Bytes] - [10/05/2017 00:22:39]
C:\AdwCleaner\AdwCleaner[C8].txt - [3370 Bytes] - [11/05/2017 13:24:15]
C:\AdwCleaner\AdwCleaner[C9].txt - [2983 Bytes] - [13/05/2017 22:30:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [4905 Bytes] - [28/04/2017 03:09:53]
C:\AdwCleaner\AdwCleaner[S10].txt - [2586 Bytes] - [10/05/2017 00:16:29]
C:\AdwCleaner\AdwCleaner[S11].txt - [3360 Bytes] - [11/05/2017 13:23:54]
C:\AdwCleaner\AdwCleaner[S12].txt - [3087 Bytes] - [13/05/2017 22:00:19]
C:\AdwCleaner\AdwCleaner[S13].txt - [3160 Bytes] - [13/05/2017 22:30:19]
C:\AdwCleaner\AdwCleaner[S14].txt - [3737 Bytes] - [16/05/2017 13:16:56]
C:\AdwCleaner\AdwCleaner[S15].txt - [3163 Bytes] - [16/05/2017 17:53:49]
C:\AdwCleaner\AdwCleaner[S16].txt - [3312 Bytes] - [17/05/2017 21:15:24]
C:\AdwCleaner\AdwCleaner[S17].txt - [3573 Bytes] - [18/05/2017 16:54:27]
C:\AdwCleaner\AdwCleaner[S18].txt - [3635 Bytes] - [18/05/2017 21:06:30]
C:\AdwCleaner\AdwCleaner[S19].txt - [3682 Bytes] - [19/05/2017 21:09:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [4422 Bytes] - [28/04/2017 03:19:48]
C:\AdwCleaner\AdwCleaner[S20].txt - [3755 Bytes] - [20/05/2017 11:20:41]
C:\AdwCleaner\AdwCleaner[S21].txt - [3829 Bytes] - [21/05/2017 13:37:18]
C:\AdwCleaner\AdwCleaner[S22].txt - [4425 Bytes] - [23/05/2017 12:58:10]
C:\AdwCleaner\AdwCleaner[S23].txt - [5056 Bytes] - [26/05/2017 01:44:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [1636 Bytes] - [28/04/2017 04:03:41]
C:\AdwCleaner\AdwCleaner[S3].txt - [2183 Bytes] - [28/04/2017 13:41:09]
C:\AdwCleaner\AdwCleaner[S4].txt - [1841 Bytes] - [28/04/2017 13:58:37]
C:\AdwCleaner\AdwCleaner[S5].txt - [2509 Bytes] - [03/05/2017 23:49:55]
C:\AdwCleaner\AdwCleaner[S6].txt - [2349 Bytes] - [03/05/2017 23:56:08]
C:\AdwCleaner\AdwCleaner[S7].txt - [2288 Bytes] - [05/05/2017 13:09:44]
C:\AdwCleaner\AdwCleaner[S8].txt - [2283 Bytes] - [05/05/2017 13:16:45]
C:\AdwCleaner\AdwCleaner[S9].txt - [2953 Bytes] - [09/05/2017 13:15:58]
########## EOF - C:\AdwCleaner\AdwCleaner[C15].txt - [5252 Bytes] ##########
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 26.05.17
Scan-Zeit: 02:09
Protokolldatei: mbam.txt
Administrator: Ja
-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.122
Version des Aktualisierungspakets: 1.0.2022
Lizenz: Kostenlos
-Systemdaten-
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: EDNA\edna
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 374355
Erkannte Bedrohungen: 4
In die Quarantäne verschobene Bedrohungen: 4
Abgelaufene Zeit: 3 Min., 56 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 2
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE, In Quarantäne, [691], [401846],1.0.2022
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE, In Quarantäne, [691], [401846],1.0.2022
Registrierungswert: 2
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE|DEBUGGER, In Quarantäne, [691], [401846],1.0.2022
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE|DEBUGGER, In Quarantäne, [691], [401846],1.0.2022
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
durchgeführt von edna (Administrator) auf EDNA (26-05-2017 02:23:41)
Gestartet von C:\Users\edna\Downloads
Geladene Profile: UpdatusUser & edna (Verfügbare Profile: UpdatusUser & edna)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Farbar) C:\Users\edna\Downloads\FRST64(1).exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-05] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-05-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [629848 2011-06-24] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Run: [Bamboo Dock] => C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [225792 2016-08-25] ()
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B06723A-FDFE-4E97-BF74-1EA62201DBC9}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
URLSearchHook: [S-1-5-21-4228764417-1678587509-1480794071-1001] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> {6C1AAC34-CF82-42D9-98BB-927F06618ADD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4228764417-1678587509-1480794071-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: lt3omf3d.default-1495134155076
FF ProfilePath: C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\lt3omf3d.default-1495134155076 [2017-05-26]
FF Extension: (uBlock Origin) - C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\lt3omf3d.default-1495134155076\Extensions\uBlock0@raymondhill.net.xpi [2017-05-21]
FF HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\oemqkvkm.default\extensions\cliqz@cliqz.com => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-05-15] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-05-23] (AVG Technologies CZ, s.r.o.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [Datei ist nicht signiert]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-18] (CyberLink)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\elfoService.exe [1283336 2017-04-21] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [Datei ist nicht signiert]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-17] (Realtek Semiconductor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314128 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-05-15] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [129776 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102280 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [570320 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [160008 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340824 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-26] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-10-05] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2946264 2013-10-19] (Realtek Semiconductor Corporation )
R3 Sftfs; C:\Windows\system32\DRIVERS\Sftfswin7.sys [765288 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\system32\DRIVERS\Sftplaywin7.sys [268648 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\system32\DRIVERS\Sftvolwin7.sys [22376 2011-10-01] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-06-01] (AVG Netherlands B.V.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-26 02:19 - 2017-05-26 02:19 - 00001939 _____ C:\Users\edna\Desktop\mbam.txt
2017-05-26 02:04 - 2017-05-26 02:16 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-26 02:04 - 2017-05-26 02:04 - 00001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-26 02:04 - 2017-05-26 02:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-26 02:04 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-26 02:01 - 2017-05-26 02:03 - 63364552 _____ (Malwarebytes ) C:\Users\edna\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
2017-05-26 01:56 - 2017-05-26 01:56 - 00566128 _____ (Malwarebytes) C:\Users\edna\Downloads\mbam-clean-2.3.0.1001.exe
2017-05-26 01:40 - 2017-05-26 01:40 - 00000000 ____D C:\Cosusp
2017-05-24 18:39 - 2017-05-24 19:12 - 00245194 _____ C:\TDSSKiller.3.1.0.15_24.05.2017_18.39.09_log.txt
2017-05-24 18:37 - 2017-05-24 18:38 - 00007636 _____ C:\TDSSKiller.3.1.0.15_24.05.2017_18.37.14_log.txt
2017-05-24 18:35 - 2017-05-24 18:35 - 04922400 _____ (AO Kaspersky Lab) C:\Users\edna\Downloads\tdsskiller.exe
2017-05-24 18:33 - 2017-05-24 18:33 - 00047096 _____ C:\Users\edna\Desktop\FRST.txt
2017-05-24 18:33 - 2017-05-24 18:33 - 00037702 _____ C:\Users\edna\Desktop\Addition.txt
2017-05-24 18:31 - 2017-05-24 18:32 - 00037699 _____ C:\Users\edna\Downloads\Addition.txt
2017-05-24 18:30 - 2017-05-26 02:24 - 00020519 _____ C:\Users\edna\Downloads\FRST.txt
2017-05-24 18:30 - 2017-05-26 02:23 - 00000000 ____D C:\FRST
2017-05-24 18:29 - 2017-05-24 18:29 - 02429952 _____ (Farbar) C:\Users\edna\Downloads\FRST64(1).exe
2017-05-23 12:56 - 2017-05-23 12:56 - 00000000 ____D C:\Program Files (x86)\MIO
2017-05-23 12:55 - 2017-05-26 01:40 - 00000000 ____D C:\Program Files\MK
2017-05-21 13:35 - 2017-05-21 13:35 - 00000000 ____D C:\Users\edna\AppData\Roaming\Synaptics
2017-05-21 13:34 - 2017-05-26 02:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-21 13:31 - 2017-05-21 13:31 - 00011681 _____ C:\Users\edna\AppData\Local\recently-used.xbel
2017-05-20 15:11 - 2017-05-26 02:17 - 00000000 ____D C:\Users\edna\AppData\LocalLow\Mozilla
2017-05-20 15:11 - 2017-05-20 15:16 - 00000000 ____D C:\Users\edna\AppData\Local\Mozilla
2017-05-20 15:11 - 2017-05-20 15:11 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-20 15:11 - 2017-05-20 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-20 15:11 - 2017-05-20 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-20 13:08 - 2017-05-20 13:08 - 00000000 ____D C:\Users\edna\AppData\Local\Macromedia
2017-05-20 11:38 - 2017-05-20 13:19 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-05-19 23:30 - 2017-05-19 23:41 - 00011706 _____ C:\Users\edna\Documents\Einnahme überschuss 2016.ods
2017-05-19 21:32 - 2017-05-19 21:32 - 00000000 ____D C:\Users\edna\AppData\Local\CEF
2017-05-19 21:07 - 2017-05-19 21:07 - 04110280 _____ C:\Users\edna\Downloads\adwcleaner_6.047.exe
2017-05-16 17:39 - 2017-05-16 17:39 - 01770496 _____ (Farbar) C:\Users\edna\Downloads\FRST.exe
2017-05-16 17:38 - 2017-05-16 17:38 - 02429952 _____ (Farbar) C:\Users\edna\Downloads\FRST64.exe
2017-05-16 15:36 - 2017-05-21 13:40 - 00000542 _____ C:\Users\edna\Desktop\JRT.txt
2017-05-16 15:34 - 2017-05-16 15:34 - 01663672 _____ (Malwarebytes) C:\Users\edna\Downloads\JRT.exe
2017-05-15 21:05 - 2017-05-15 21:05 - 00001160 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Users\edna\AppData\Roaming\elsterformular
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Program Files (x86)\ElsterFormular Update Service
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2017-05-15 20:02 - 2017-05-15 20:24 - 235253760 _____ C:\Users\edna\Downloads\ElsterFormularUnternehmerSelbstaendige.msi
2017-05-15 10:14 - 2017-05-15 10:14 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-05-11 13:32 - 2017-04-29 00:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-11 13:32 - 2017-04-29 00:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 16:52 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-05-10 16:09 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-10 16:08 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 16:08 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 16:08 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-10 16:08 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 16:08 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 16:08 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-10 16:08 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 16:08 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 16:08 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 16:08 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 16:08 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 16:08 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 16:08 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 16:08 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 16:08 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 16:08 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 16:08 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 16:08 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-10 16:08 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 16:08 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 16:08 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 16:08 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 16:08 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-10 16:08 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 16:08 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 16:08 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 16:08 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 16:08 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 16:08 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 16:08 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 16:08 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 16:08 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 16:08 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-10 16:08 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 16:08 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 16:08 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-10 16:08 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 16:08 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 16:08 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 16:08 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 16:08 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-10 16:08 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 16:08 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 16:08 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 16:08 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 16:08 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 16:08 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 16:08 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 16:08 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 16:08 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 16:08 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 16:08 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 16:08 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 16:08 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 16:08 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 16:08 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-10 16:08 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-10 16:08 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-10 16:08 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-10 16:08 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-10 16:08 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-10 16:08 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 16:08 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 16:08 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 16:08 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 16:08 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 16:08 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 16:08 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-10 16:08 - 2017-03-11 01:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-10 16:08 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-10 16:08 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-10 16:08 - 2017-03-08 04:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-08 00:14 - 2017-05-08 00:14 - 03120875 _____ C:\Users\edna\Downloads\MLG_Plakat_Sommer2017_print.pdf
2017-05-03 23:28 - 2017-05-03 23:28 - 00000000 ____D C:\Program Files (x86)\IIS
2017-04-28 03:08 - 2017-05-26 01:44 - 00000000 ____D C:\AdwCleaner
2017-04-28 02:53 - 2017-04-28 02:53 - 00000000 ___HD C:\$AV_AVG
2017-04-28 02:51 - 2017-04-28 02:51 - 00000000 ____D C:\Users\edna\AppData\Local\Google
2017-04-28 02:33 - 2017-05-03 23:25 - 00000000 _____ C:\Windows\SysWOW64\11
2017-04-27 18:44 - 2017-04-27 19:08 - 00001156 _____ C:\Users\edna\Desktop\Avast Browser Cleanup.lnk
2017-04-27 18:44 - 2017-04-27 18:44 - 00004210 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-4228764417-1678587509-1480794071-1002
2017-04-27 18:44 - 2017-04-27 18:44 - 00003364 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-4228764417-1678587509-1480794071-1002
2017-04-27 18:44 - 2017-04-27 18:44 - 00000000 ____D C:\Users\edna\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2017-04-27 18:44 - 2017-04-27 18:44 - 00000000 ____D C:\Users\edna\AppData\Roaming\AVAST Software
2017-04-27 18:43 - 2017-04-27 18:43 - 04284888 _____ (AVAST Software) C:\Users\edna\Downloads\avast-browser-cleanup-sfx.exe
2017-04-26 11:54 - 2017-05-05 12:26 - 00000000 ____D C:\Insist
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-26 02:21 - 2014-10-02 12:12 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4228764417-1678587509-1480794071-1002
2017-05-26 02:17 - 2014-10-02 12:10 - 00000000 __RDO C:\Users\edna\SkyDrive
2017-05-26 02:17 - 2014-10-02 12:08 - 00000000 ____D C:\Users\edna\Documents\Youcam
2017-05-26 02:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-26 01:57 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-26 01:53 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-26 01:47 - 2016-09-21 20:52 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-25 12:30 - 2015-01-21 14:20 - 00910848 ___SH C:\Users\edna\Documents\Thumbs.db
2017-05-24 01:08 - 2014-10-05 18:06 - 00000000 ____D C:\Windows\system32\MRT
2017-05-24 01:07 - 2014-10-05 18:06 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-21 13:35 - 2015-02-02 20:33 - 00237056 ___SH C:\Users\edna\Desktop\Thumbs.db
2017-05-21 13:35 - 2014-10-02 12:07 - 00000000 ____D C:\Users\edna\AppData\Roaming\Adobe
2017-05-21 13:32 - 2015-02-02 19:56 - 00000000 ____D C:\Users\edna\.gimp-2.8
2017-05-21 13:31 - 2017-02-07 21:38 - 00000000 ____D C:\Users\edna\Documents\Taschen Werbung
2017-05-21 13:31 - 2015-02-02 20:09 - 00000000 ____D C:\Users\edna\AppData\Local\gtk-2.0
2017-05-20 15:11 - 2014-10-02 12:26 - 00000000 ____D C:\Users\edna\AppData\Roaming\Mozilla
2017-05-20 14:25 - 2014-10-02 12:10 - 00000000 ____D C:\Users\edna\AppData\Roaming\Hewlett-Packard
2017-05-20 11:38 - 2016-01-05 00:42 - 00000000 ____D C:\Users\edna\Dropbox
2017-05-19 23:24 - 2016-07-22 21:59 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForedna.job
2017-05-16 13:35 - 2014-04-05 11:10 - 00000000 ____D C:\Users\Public\CyberLink
2017-05-16 13:14 - 2014-10-05 11:24 - 02076672 ___SH C:\Users\edna\Downloads\Thumbs.db
2017-05-15 10:15 - 2017-04-25 23:25 - 00160008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys
2017-05-15 10:15 - 2017-04-25 23:25 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-05-15 10:14 - 2017-04-25 23:25 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00159496 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.149483610904601
2017-05-15 10:14 - 2017-04-25 23:25 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00102280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-05-14 19:34 - 2016-03-15 02:42 - 00000000 ____D C:\Users\edna\Documents\edna page fb
2017-05-12 13:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-05-11 16:55 - 2013-08-22 16:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-05-11 16:54 - 2014-10-03 13:14 - 00216740 ____H C:\Users\edna\AppData\Local\IconCache.db.backup
2017-05-11 13:30 - 2013-08-22 16:44 - 02982488 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 13:27 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\inetsrv
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 00:38 - 2014-10-03 00:12 - 00004342 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 00:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-09 00:17 - 2017-04-07 10:51 - 00000000 _____ C:\Windows\SysWOW64\1
2017-05-05 13:12 - 2013-08-22 21:12 - 00000000 ____D C:\Windows\SKB
2017-05-04 14:24 - 2017-04-25 23:23 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-01 00:36 - 2014-01-18 02:40 - 00802436 _____ C:\Windows\system32\perfh007.dat
2017-05-01 00:36 - 2014-01-18 02:40 - 00175180 _____ C:\Windows\system32\perfc007.dat
2017-05-01 00:36 - 2013-08-26 08:09 - 01926152 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-28 13:49 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-04-28 04:04 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppCompat
2017-04-27 19:09 - 2016-08-25 16:25 - 00001164 _____ C:\Users\Public\Desktop\Bamboo Dock.lnk
2017-04-27 19:09 - 2016-08-02 11:11 - 00002567 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2017-04-27 19:09 - 2015-01-21 13:52 - 00001126 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2017-04-27 19:09 - 2014-10-21 19:30 - 00002076 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2017-04-27 19:09 - 2014-10-02 23:35 - 00002709 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-27 19:09 - 2014-10-02 12:06 - 00002119 _____ C:\Users\Public\Desktop\Snapfish Fotos.lnk
2017-04-27 19:09 - 2014-01-17 18:52 - 00001109 _____ C:\Users\Public\Desktop\HP Connected Music.lnk
2017-04-27 19:08 - 2015-12-13 23:43 - 00002254 _____ C:\Users\edna\Desktop\HP Support Assistant.lnk
2017-04-27 19:08 - 2014-10-02 12:07 - 00001461 _____ C:\Users\edna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-27 19:05 - 2016-08-24 13:41 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2017-04-27 19:05 - 2016-08-24 13:41 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2017-04-27 19:05 - 2016-06-15 22:16 - 00000000 ____D C:\Users\edna\Desktop\Sony Ericsson handy
2017-04-27 19:05 - 2015-09-06 22:22 - 00000000 ____D C:\Users\edna\AppData\Roaming\Wacom
2017-04-27 19:05 - 2014-10-28 22:41 - 00000000 ____D C:\Users\edna\AppData\Local\HPConnectedMusic
2017-04-27 19:05 - 2014-10-06 01:31 - 00000000 ___RD C:\Windows\BrowserChoice
2017-04-27 19:05 - 2014-10-03 12:10 - 00000000 ____D C:\Users\edna\AppData\Roaming\CyberLink
2017-04-27 19:05 - 2014-10-03 00:11 - 00000000 ____D C:\Users\edna\AppData\Local\Adobe
2017-04-27 19:05 - 2014-10-02 23:35 - 00000000 ____D C:\Users\edna\AppData\Roaming\Skype
2017-04-27 19:05 - 2014-10-02 12:04 - 00000000 ____D C:\Users\edna
2017-04-27 19:05 - 2014-04-05 10:55 - 00000000 ____D C:\Users\UpdatusUser
2017-04-27 19:05 - 2013-09-01 04:03 - 00000000 ___HD C:\SYSTEM.SAV
2017-04-27 19:05 - 2013-08-26 08:57 - 00000000 ____D C:\Windows\Panther
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\security
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Registration
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\InputMethod
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\IME
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\FileManager
2017-04-27 19:05 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-04-27 19:04 - 2016-08-25 16:24 - 00000000 ____D C:\Program Files (x86)\Bamboo Dock
2017-04-27 19:04 - 2015-09-06 22:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-27 19:04 - 2015-05-22 12:11 - 00000000 ____D C:\Users\edna\AppData\Local\Avg
2017-04-27 19:04 - 2014-04-05 10:48 - 00000000 ____D C:\Intel
2017-04-27 19:04 - 2013-08-26 08:13 - 00000000 ____D C:\inetpub
2017-04-27 19:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-05-21 13:31 - 2017-05-21 13:31 - 0011681 _____ () C:\Users\edna\AppData\Local\recently-used.xbel
2014-10-21 22:20 - 2014-10-21 22:20 - 0000017 _____ () C:\Users\edna\AppData\Local\resmon.resmoncfg
Einige Dateien in TEMP:
====================
2015-10-29 00:36 - 2015-10-29 00:36 - 2892128 _____ (AVG Technologies) C:\Users\edna\AppData\Local\Temp\avg-42e6413a-4c6d-467a-9c8f-7356e6170842.exe
2016-07-30 22:52 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_0814948098.exe
2016-08-22 12:20 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_081612154702.exe
2016-04-19 16:48 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_08171384307.exe
2015-11-18 13:53 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_081914340837.exe
2016-05-31 19:03 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_082145295288.exe
2016-06-24 23:12 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_08415330106.exe
2016-01-26 16:03 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_08483769921.exe
2016-01-05 19:23 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\edna\AppData\Local\Temp\avguirn_08703164287.exe
2015-04-13 00:07 - 2015-04-13 00:07 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\edna\AppData\Local\Temp\COMAP.EXE
2014-10-05 11:28 - 2013-06-04 10:30 - 0050432 ____R () C:\Users\edna\AppData\Local\Temp\Extract.exe
2008-09-03 15:55 - 2008-09-03 15:55 - 2044781 _____ (Adobe Systems Incorporated) C:\Users\edna\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
2015-01-19 20:32 - 2015-01-19 20:33 - 31598424 _____ () C:\Users\edna\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
2015-12-13 23:35 - 2015-10-22 02:08 - 0595656 _____ (Hewlett-Packard) C:\Users\edna\AppData\Local\Temp\HPSFUpdater.exe
2015-03-11 16:06 - 2015-03-11 16:06 - 45210216 _____ (Skype Technologies S.A.) C:\Users\edna\AppData\Local\Temp\SkypeSetup.exe
2014-10-04 23:56 - 2014-10-04 23:56 - 33594832 _____ (Hewlett-Packard Company ) C:\Users\edna\AppData\Local\Temp\SP65168.exe
2015-12-13 23:40 - 2015-09-28 10:36 - 0144912 _____ (Hewlett-Packard Company) C:\Users\edna\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-05-21 04:03
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24-05-2017
durchgeführt von edna (26-05-2017 02:24:22)
Gestartet von C:\Users\edna\Downloads
Windows 8.1 (Update) (X64) (2014-10-02 10:06:35)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4228764417-1678587509-1480794071-500 - Administrator - Disabled)
edna (S-1-5-21-4228764417-1678587509-1480794071-1002 - Administrator - Enabled) => C:\Users\edna
Gast (S-1-5-21-4228764417-1678587509-1480794071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4228764417-1678587509-1480794071-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-4228764417-1678587509-1480794071-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Production Premium (HKLM-x32\...\Adobe_36ac9dc8c9a94feb9e5886810012e78) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Avast Browser Cleanup (HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Avast Browser Cleanup) (Version: 12.1.2272.125 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.181.3.3057 - AVG Technologies)
AVG (Version: 1.181.4 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 3.9 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 3.9.0 - Wacom Europe GmbH) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-250C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3418 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
FMW 1 (Version: 1.202.1 - AVG Technologies) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.7140.5002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 de)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
NVIDIA Grafiktreiber 332.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.33 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {06F7C41D-D5E2-4E69-A379-7EC71450C2FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {2E57DDF3-3D32-4ABF-81B4-9BC22484B5DC} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {2E5B046F-67B8-45E2-9878-CA617433EA49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {36A2D39C-0682-41F3-8797-82C9366F6F50} - System32\Tasks\avast! BCU UpdateS-1-5-21-4228764417-1678587509-1480794071-1002 => C:\Users\edna\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {3859DD2C-8FD1-429B-A754-F51C17DE31E4} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
Task: {4256B94E-7A49-4C09-B33A-E8697F6B7AB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {511D66B1-9D09-4FF3-BDFF-0CE04EFC72BC} - System32\Tasks\avastBCLS-1-5-21-4228764417-1678587509-1480794071-1002 => C:\Users\edna\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2017-04-27] (AVAST Software)
Task: {7E52FDB0-39AD-4A72-B5C4-688AC37D7421} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {8758E008-35CF-4C51-8674-888EABAEB3A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {9BF9C791-CB81-4A0C-AC03-03CDFD59A4AB} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {9C388871-C240-49A4-A015-C1548F093291} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {AC3698EB-C09F-4D0B-9B1F-837A93A2B62E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {B3DCE44B-E303-4EE4-876A-2880FD7514E5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-05-24] (Microsoft Corporation)
Task: {B9BC956D-5370-4FD2-8E3F-8FAF7082860C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {D2551041-9742-4AE7-9879-49F7ACEC7B9B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {E1AE9BC6-65CB-4234-B847-D356B6A1E94D} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-05-15] (AVG Technologies CZ, s.r.o.)
Task: {EB0EEC96-3CC2-4749-AE30-1609F938E6A2} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\0116avtUpdateInfo.job => C:\ProgramData\Avg_Update_0116avt\0116avt_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avtUpdateInfo.job => C:\ProgramData\Avg_Update_1114avt\1114avt_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1215avtUpdateInfo.job => C:\ProgramData\Avg_Update_1215avt\1215avt_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\HPCeeScheduleForedna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-05 10:55 - 2014-01-06 10:13 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-14 12:23 - 2013-10-14 12:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 12:24 - 2013-10-14 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 12:25 - 2013-10-14 12:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-09-06 22:20 - 2014-08-19 12:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-10-14 12:30 - 2013-10-14 12:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-10-21 19:26 - 2012-09-25 11:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2017-05-15 10:14 - 2017-05-15 10:14 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00999024 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 67717632 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00178120 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00224352 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2014-10-21 19:25 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-11-28 22:18 - 2016-11-28 22:17 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2014-04-05 11:11 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-04-05 10:49 - 2013-09-04 03:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\edna\Desktop\callsheet.pdf:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\edna\Downloads\339086_skazochnaya_-vedmochka_-feya_1920x1081_(www.GdeFon.ru).jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "BambooCore"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\StartupApproved\Run: => "Bamboo Dock"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
15-05-2017 21:03:25 ElsterFormular wird installiert
16-05-2017 15:34:47 JRT Pre-Junkware Removal
18-05-2017 01:25:07 JRT Pre-Junkware Removal
18-05-2017 16:50:29 JRT Pre-Junkware Removal
18-05-2017 21:13:19 JRT Pre-Junkware Removal
20-05-2017 13:06:14 JRT Pre-Junkware Removal
21-05-2017 13:38:07 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/26/2017 02:05:47 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Adobe Flash CS4\AIK1.1\runtimes\air\win\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Adobe\Adobe Flash CS4\AIK1.1\runtimes\air\win\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/26/2017 01:36:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44053094
Error: (05/26/2017 01:36:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 44053094
Error: (05/26/2017 01:36:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/25/2017 01:22:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5047
Error: (05/25/2017 01:22:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5047
Error: (05/25/2017 01:22:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/25/2017 01:22:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3750
Error: (05/25/2017 01:22:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3750
Error: (05/25/2017 01:22:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Systemfehler:
=============
Error: (05/26/2017 01:53:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
Der Dienst wurde nicht gestartet.
Error: (05/26/2017 01:45:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Error: (05/26/2017 01:45:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Error: (05/26/2017 01:45:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Error: (05/26/2017 01:45:00 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (05/26/2017 01:44:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/26/2017 01:44:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/26/2017 01:44:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/26/2017 01:44:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Support Solutions Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/26/2017 01:44:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-04-25 23:23:21.080
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:20.590
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:19.477
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:18.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:18.051
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:17.484
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:17.010
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:10.564
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:10.102
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:01.014
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 8122.15 MB
Verfügbarer physikalischer RAM: 5877.66 MB
Summe virtueller Speicher: 9402.15 MB
Verfügbarer virtueller Speicher: 7432.23 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:682.07 GB) (Free:607.92 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.79 GB) (Free:1.59 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 7AE21138)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
26.05.2017, 20:40
| #8 |
| /// TB-Ausbilder | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitere Servus, Schritt 2 habe ich im Vergleich zum letzten Mal etwas verändert, bitte beachten! Schritt 1
Schritt 2
Bitte poste mit deiner nächsten Antwort
|
|
27.05.2017, 13:54
| #9 |
| | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitere Hallo, ich habe eine kurze frage. Soll ich den kopierten Inhalt der Code-Box irgendwo abspeichern, oder was soll nun damit passieren? Freundliche Grüße |
|
27.05.2017, 14:04
| #10 | |
| /// TB-Ausbilder | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitereZitat:
Du kopierst den Inhalt, startest darauf direkt FRST und drückst auf den Button "Entfernen". FRST holt sich den Fix direkt aus der Zwischenablage (Cache).  |
|
27.05.2017, 17:15
| #11 |
| | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitere Entschuldige, mir war nicht klar, dass er sich den direkt aus der Zeischenablage holt ^^" Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24-05-2017
durchgeführt von edna (27-05-2017 18:00:43) Run:1
Gestartet von C:\Users\edna\Downloads
Geladene Profile: UpdatusUser & edna (Verfügbare Profile: UpdatusUser & edna)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
2017-05-26 01:40 - 2017-05-26 01:40 - 00000000 ____D C:\Cosusp
2017-05-23 12:56 - 2017-05-23 12:56 - 00000000 ____D C:\Program Files (x86)\MIO
2017-05-23 12:55 - 2017-05-26 01:40 - 00000000 ____D C:\Program Files\MK
2017-04-28 02:33 - 2017-05-03 23:25 - 00000000 _____ C:\Windows\SysWOW64\11
2017-05-09 00:17 - 2017-04-07 10:51 - 00000000 _____ C:\Windows\SysWOW64\1
Task: C:\Windows\Tasks\0116avtUpdateInfo.job => C:\ProgramData\Avg_Update_0116avt\0116avt_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avtUpdateInfo.job => C:\ProgramData\Avg_Update_1114avt\1114avt_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1215avtUpdateInfo.job => C:\ProgramData\Avg_Update_1215avt\1215avt_AVG-Secure-Search-Update.exe
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
*****************
Prozesse erfolgreich geschlossen.
C:\Cosusp => erfolgreich verschoben
C:\Program Files (x86)\MIO => erfolgreich verschoben
C:\Program Files\MK => erfolgreich verschoben
C:\Windows\SysWOW64\11 => erfolgreich verschoben
C:\Windows\SysWOW64\1 => erfolgreich verschoben
C:\Windows\Tasks\0116avtUpdateInfo.job => erfolgreich verschoben
C:\Windows\Tasks\1114avtUpdateInfo.job => erfolgreich verschoben
C:\Windows\Tasks\1215avtUpdateInfo.job => erfolgreich verschoben
========= dir "%ProgramFiles%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Program Files
27.05.2017 18:00 <DIR> .
27.05.2017 18:00 <DIR> ..
17.01.2014 18:43 <DIR> 7-Zip
22.06.2016 14:36 <DIR> Adobe
05.04.2014 10:59 <DIR> Bonjour
27.04.2017 19:04 <DIR> Common Files
02.02.2015 14:04 <DIR> GIMP 2
05.04.2014 11:18 <DIR> Hewlett-Packard
05.04.2014 10:56 <DIR> Intel
11.05.2017 13:24 <DIR> Internet Explorer
26.05.2017 02:04 <DIR> Malwarebytes
07.02.2015 17:25 <DIR> Microsoft Office
26.08.2013 08:12 <DIR> MSBuild
05.04.2014 10:55 <DIR> NVIDIA Corporation
02.10.2014 12:06 <DIR> Online Services
05.04.2014 10:51 <DIR> Realtek
26.08.2013 08:12 <DIR> Reference Assemblies
05.04.2014 10:48 <DIR> Synaptics
06.09.2015 22:21 <DIR> Tablet
06.09.2015 22:21 <DIR> TabletPlugins
22.04.2017 22:46 <DIR> Windows Defender
04.05.2015 02:19 <DIR> Windows Mail
27.04.2017 19:04 <DIR> Windows Media Player
04.05.2015 02:19 <DIR> Windows Multimedia Platform
02.10.2014 09:40 <DIR> Windows NT
04.05.2015 02:19 <DIR> Windows Photo Viewer
04.05.2015 02:19 <DIR> Windows Portable Devices
0 Datei(en), 0 Bytes
27 Verzeichnis(se), 652.432.711.680 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramFiles(x86)%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Program Files (x86)
27.05.2017 18:00 <DIR> .
27.05.2017 18:00 <DIR> ..
27.04.2017 19:04 <DIR> Adobe
22.06.2016 12:59 <DIR> Adobe Media Player
25.04.2017 23:23 <DIR> AVG
27.04.2017 19:04 <DIR> Bamboo Dock
05.04.2014 10:59 <DIR> Bonjour
21.10.2014 19:26 <DIR> Brother
05.10.2014 11:30 <DIR> Cisco
24.03.2017 22:44 <DIR> Common Files
25.02.2016 21:47 <DIR> CyberLink
15.05.2017 21:04 <DIR> ElsterFormular
15.05.2017 21:04 <DIR> ElsterFormular Update Service
13.12.2015 23:43 <DIR> Hewlett-Packard
17.01.2014 18:52 <DIR> HPConnectedMusic
03.05.2017 23:28 <DIR> IIS
05.04.2014 10:54 <DIR> Intel
11.05.2017 13:24 <DIR> Internet Explorer
07.02.2015 17:25 <DIR> Microsoft Application Virtualization Client
07.02.2015 17:25 <DIR> Microsoft Office
17.01.2014 18:49 <DIR> Microsoft SQL Server Compact Edition
22.08.2013 17:36 <DIR> Microsoft.NET
20.05.2017 15:11 <DIR> Mozilla Firefox
20.05.2017 15:11 <DIR> Mozilla Maintenance Service
26.08.2013 08:12 <DIR> MSBuild
05.04.2014 10:56 <DIR> NVIDIA Corporation
02.10.2014 12:06 <DIR> Online Services
21.01.2015 13:51 <DIR> OpenOffice 4
05.10.2014 11:29 <DIR> Realtek
26.08.2013 08:12 <DIR> Reference Assemblies
24.03.2017 22:44 <DIR> Skype
06.09.2015 22:21 <DIR> TabletPlugins
22.04.2017 22:46 <DIR> Windows Defender
17.01.2014 18:49 <DIR> Windows Live
04.05.2015 02:15 <DIR> Windows Mail
27.04.2017 19:05 <DIR> Windows Media Player
04.05.2015 02:15 <DIR> Windows Multimedia Platform
22.08.2013 17:36 <DIR> Windows NT
04.05.2015 02:15 <DIR> Windows Photo Viewer
04.05.2015 02:15 <DIR> Windows Portable Devices
0 Datei(en), 0 Bytes
40 Verzeichnis(se), 652.432.703.488 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramData%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\ProgramData
27.04.2017 19:05 <DIR> Adobe
28.04.2017 02:36 <DIR> Apple
09.05.2017 13:26 <DIR> Avg
21.10.2014 19:17 <DIR> Brother
10.04.2017 11:47 <DIR> common
13.04.2015 00:30 <DIR> CyberLink
15.05.2017 21:06 <DIR> elsterformular
06.03.2017 13:09 <DIR> FLEXnet
14.12.2015 20:44 <DIR> Hewlett-Packard
05.04.2014 11:17 <DIR> install_clap
05.04.2014 10:56 <DIR> Intel
26.05.2017 02:04 <DIR> Malwarebytes
27.04.2017 19:05 <DIR> McAfee
27.04.2017 19:04 <DIR> MFAData
05.04.2014 10:55 <DIR> NVIDIA
05.04.2014 10:55 <DIR> NVIDIA Corporation
24.03.2017 22:44 <DIR> Package Cache
04.05.2015 02:14 <DIR> regid.1991-06.com.microsoft
24.03.2017 22:44 <DIR> Skype
05.04.2014 11:28 <DIR> Synaptics
06.09.2015 22:08 <DIR> SYSTEMAX Software Development
05.04.2014 11:17 <DIR> Temp
25.08.2016 16:26 <DIR> Wacom
17.01.2014 18:53 <DIR> {6D7D6B2B-F420-4D47-A984-F9E6A638BF48}
0 Datei(en), 0 Bytes
24 Verzeichnis(se), 652.432.699.392 Bytes frei
========= Ende von CMD: =========
========= dir "%Appdata%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Users\edna\AppData\Roaming
26.05.2017 01:44 <DIR> .
26.05.2017 01:44 <DIR> ..
21.05.2017 13:35 <DIR> Adobe
27.04.2017 18:44 <DIR> AVAST Software
25.04.2017 23:26 <DIR> AVG
31.10.2014 01:41 <DIR> Brother
27.04.2017 19:05 <DIR> CyberLink
15.05.2017 21:04 <DIR> elsterformular
26.05.2017 22:39 <DIR> Hewlett-Packard
13.12.2015 23:40 <DIR> hpqlog
02.10.2014 12:21 <DIR> Macromedia
20.05.2017 15:11 <DIR> Mozilla
21.01.2015 13:53 <DIR> OpenOffice
24.03.2017 23:16 <DIR> Profiles
27.04.2017 19:05 <DIR> Skype
08.04.2017 12:58 <DIR> SoftGrid Client
21.05.2017 13:35 <DIR> Synaptics
06.09.2015 22:08 <DIR> SYSTEMAX Software Development
27.04.2017 19:05 <DIR> Wacom
25.08.2016 16:26 <DIR> wacomid-desktop-launcher
25.08.2016 16:26 <DIR> wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
06.09.2015 22:21 <DIR> WTablet
0 Datei(en), 0 Bytes
22 Verzeichnis(se), 652.432.699.392 Bytes frei
========= Ende von CMD: =========
========= dir "%LocalAppdata%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Users\edna\AppData\Local
26.05.2017 01:52 <DIR> .
26.05.2017 01:52 <DIR> ..
27.04.2017 19:05 <DIR> Adobe
27.04.2017 19:04 <DIR> Avg
02.08.2016 11:11 <DIR> AvgSetupLog
19.05.2017 21:32 <DIR> CEF
25.02.2016 20:58 <DIR> CyberLink
18.05.2017 21:22 <DIR> Diagnostics
02.02.2015 19:56 <DIR> fontconfig
02.02.2015 19:56 <DIR> gegl-0.2
28.04.2017 02:51 <DIR> Google
21.05.2017 13:31 <DIR> gtk-2.0
23.07.2015 17:30 <DIR> GWX
03.01.2016 00:17 <DIR> Hewlett-Packard
27.04.2017 19:05 <DIR> HPConnectedMusic
20.05.2017 13:08 <DIR> Macromedia
17.11.2014 04:08 <DIR> MFAData
23.05.2017 23:34 <DIR> Microsoft
20.05.2017 15:16 <DIR> Mozilla
29.11.2015 16:04 <DIR> Packages
02.10.2014 12:07 <DIR> Power2Go8
26.05.2017 01:52 <DIR> Programs
21.05.2017 13:31 11.681 recently-used.xbel
21.10.2014 22:20 17 resmon.resmoncfg
27.05.2017 17:59 <DIR> Temp
15.03.2016 02:42 <DIR> VirtualStore
2 Datei(en), 11.698 Bytes
24 Verzeichnis(se), 652.432.695.296 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramFiles(x86)%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Program Files (x86)\Common Files
24.03.2017 22:44 <DIR> .
24.03.2017 22:44 <DIR> ..
22.06.2016 13:29 <DIR> Adobe
13.09.2016 18:47 <DIR> Adobe AIR
05.04.2014 11:11 <DIR> CyberLink
07.02.2015 17:25 <DIR> DESIGNER
05.04.2014 10:50 <DIR> InstallShield
05.04.2014 10:54 <DIR> Intel
05.04.2014 10:56 <DIR> Intel Corporation
22.06.2016 12:49 <DIR> Macrovision Shared
27.04.2017 19:04 <DIR> Microsoft Shared
05.04.2014 11:18 <DIR> Nikon
05.04.2014 10:49 <DIR> postureAgent
22.06.2016 13:35 <DIR> PX Storage Engine
22.08.2013 17:36 <DIR> Services
24.03.2017 22:44 <DIR> Skype
22.06.2016 13:35 <DIR> Sonic Shared
04.05.2015 02:14 <DIR> System
17.01.2014 18:48 <DIR> Windows Live
0 Datei(en), 0 Bytes
19 Verzeichnis(se), 652.432.695.296 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramW6432%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Program Files\Common Files
27.04.2017 19:04 <DIR> .
27.04.2017 19:04 <DIR> ..
22.06.2016 14:37 <DIR> Adobe
22.06.2016 12:54 <DIR> Macrovision Shared
27.04.2017 19:04 <DIR> microsoft shared
22.08.2013 17:36 <DIR> Services
04.05.2015 02:19 <DIR> System
0 Datei(en), 0 Bytes
7 Verzeichnis(se), 652.432.699.392 Bytes frei
========= Ende von CMD: =========
========= dir "%UserProfile%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Users\edna
27.04.2017 19:05 <DIR> .
27.04.2017 19:05 <DIR> ..
25.08.2016 16:24 2 .bdockinstall.log
21.05.2017 13:32 <DIR> .gimp-2.8
22.04.2015 09:56 <DIR> .thumbnails
19.10.2016 15:13 <DIR> Contacts
26.05.2017 02:19 <DIR> Desktop
26.05.2017 02:34 <DIR> Documents
27.05.2017 18:00 <DIR> Downloads
20.05.2017 11:38 <DIR> Dropbox
19.10.2016 15:13 <DIR> Favorites
12.05.2017 00:15 <DIR> Links
27.04.2017 19:05 <DIR> Music
27.04.2017 19:05 <DIR> Pictures
19.10.2016 15:13 <DIR> Saved Games
19.10.2016 15:13 <DIR> Searches
27.05.2017 12:03 <DIR> SkyDrive
13.11.2014 10:08 0 Sti_Trace.log
18.12.2014 14:41 <DIR> Tracing
19.10.2016 15:13 <DIR> Videos
2 Datei(en), 2 Bytes
18 Verzeichnis(se), 652.432.691.200 Bytes frei
========= Ende von CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 20971520 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52744438 B
Java, Flash, Steam htmlcache => 49850 B
Windows/system/drivers => 528993535 B
Edge => 0 B
Chrome => 0 B
Firefox => 378475518 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 296388 B
systemprofile32 => 8501796 B
LocalService => 441789 B
NetworkService => 0 B
UpdatusUser => 0 B
edna => 868858626 B
RecycleBin => 44406205 B
EmptyTemp: => 1.8 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 18:01:51 ====
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
durchgeführt von edna (Administrator) auf EDNA (27-05-2017 18:12:21)
Gestartet von C:\Users\edna\Downloads
Geladene Profile: UpdatusUser & edna (Verfügbare Profile: UpdatusUser & edna)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVAST Software) C:\Users\edna\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-05] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-05-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [629848 2011-06-24] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Run: [Bamboo Dock] => C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [225792 2016-08-25] ()
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B06723A-FDFE-4E97-BF74-1EA62201DBC9}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
URLSearchHook: [S-1-5-21-4228764417-1678587509-1480794071-1001] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> {6C1AAC34-CF82-42D9-98BB-927F06618ADD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4228764417-1678587509-1480794071-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: lt3omf3d.default-1495134155076
FF ProfilePath: C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\lt3omf3d.default-1495134155076 [2017-05-27]
FF Extension: (uBlock Origin) - C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\lt3omf3d.default-1495134155076\Extensions\uBlock0@raymondhill.net.xpi [2017-05-21]
FF HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\oemqkvkm.default\extensions\cliqz@cliqz.com => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-05-15] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-05-23] (AVG Technologies CZ, s.r.o.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [Datei ist nicht signiert]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-18] (CyberLink)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\elfoService.exe [1283336 2017-04-21] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [Datei ist nicht signiert]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-17] (Realtek Semiconductor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314128 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-05-15] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [129776 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102280 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [570320 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [160008 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340824 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-27] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-10-05] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2946264 2013-10-19] (Realtek Semiconductor Corporation )
R3 Sftfs; C:\Windows\system32\DRIVERS\Sftfswin7.sys [765288 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\system32\DRIVERS\Sftplaywin7.sys [268648 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\system32\DRIVERS\Sftvolwin7.sys [22376 2011-10-01] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-06-01] (AVG Netherlands B.V.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Drei Monate: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-27 18:00 - 2017-05-27 18:01 - 00015374 _____ C:\Users\edna\Downloads\Fixlog.txt
2017-05-27 14:51 - 2017-05-27 14:51 - 00000000 ____D C:\Users\edna\Downloads\FRST-OlderVersion
2017-05-26 22:43 - 2017-05-26 22:43 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForedna.job
2017-05-26 02:34 - 2017-05-26 02:35 - 00000000 ____D C:\Users\edna\Documents\e!nyani
2017-05-26 02:19 - 2017-05-26 02:19 - 00001939 _____ C:\Users\edna\Desktop\mbam.txt
2017-05-26 02:04 - 2017-05-27 18:03 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-26 02:04 - 2017-05-26 02:04 - 00001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-26 02:04 - 2017-05-26 02:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-26 02:04 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-26 02:01 - 2017-05-26 02:03 - 63364552 _____ (Malwarebytes ) C:\Users\edna\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
2017-05-26 01:56 - 2017-05-26 01:56 - 00566128 _____ (Malwarebytes) C:\Users\edna\Downloads\mbam-clean-2.3.0.1001.exe
2017-05-24 18:39 - 2017-05-24 19:12 - 00245194 _____ C:\TDSSKiller.3.1.0.15_24.05.2017_18.39.09_log.txt
2017-05-24 18:37 - 2017-05-24 18:38 - 00007636 _____ C:\TDSSKiller.3.1.0.15_24.05.2017_18.37.14_log.txt
2017-05-24 18:35 - 2017-05-24 18:35 - 04922400 _____ (AO Kaspersky Lab) C:\Users\edna\Downloads\tdsskiller.exe
2017-05-24 18:33 - 2017-05-24 18:33 - 00047096 _____ C:\Users\edna\Desktop\FRST.txt
2017-05-24 18:33 - 2017-05-24 18:33 - 00037702 _____ C:\Users\edna\Desktop\Addition.txt
2017-05-24 18:31 - 2017-05-26 02:24 - 00032542 _____ C:\Users\edna\Downloads\Addition.txt
2017-05-24 18:30 - 2017-05-27 18:12 - 00020495 _____ C:\Users\edna\Downloads\FRST.txt
2017-05-24 18:30 - 2017-05-27 18:12 - 00000000 ____D C:\FRST
2017-05-21 13:35 - 2017-05-21 13:35 - 00000000 ____D C:\Users\edna\AppData\Roaming\Synaptics
2017-05-21 13:34 - 2017-05-27 18:02 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-21 13:31 - 2017-05-21 13:31 - 00011681 _____ C:\Users\edna\AppData\Local\recently-used.xbel
2017-05-20 15:11 - 2017-05-27 18:04 - 00000000 ____D C:\Users\edna\AppData\LocalLow\Mozilla
2017-05-20 15:11 - 2017-05-20 15:16 - 00000000 ____D C:\Users\edna\AppData\Local\Mozilla
2017-05-20 15:11 - 2017-05-20 15:11 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-20 15:11 - 2017-05-20 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-20 15:11 - 2017-05-20 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-20 13:08 - 2017-05-20 13:08 - 00000000 ____D C:\Users\edna\AppData\Local\Macromedia
2017-05-20 11:38 - 2017-05-20 13:19 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-05-19 21:32 - 2017-05-19 21:32 - 00000000 ____D C:\Users\edna\AppData\Local\CEF
2017-05-19 21:07 - 2017-05-19 21:07 - 04110280 _____ C:\Users\edna\Downloads\adwcleaner_6.047.exe
2017-05-16 17:38 - 2017-05-27 14:51 - 02429952 _____ (Farbar) C:\Users\edna\Downloads\FRST64.exe
2017-05-16 15:36 - 2017-05-21 13:40 - 00000542 _____ C:\Users\edna\Desktop\JRT.txt
2017-05-16 15:34 - 2017-05-16 15:34 - 01663672 _____ (Malwarebytes) C:\Users\edna\Downloads\JRT.exe
2017-05-15 21:05 - 2017-05-15 21:05 - 00001160 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Users\edna\AppData\Roaming\elsterformular
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Program Files (x86)\ElsterFormular Update Service
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2017-05-15 20:02 - 2017-05-15 20:24 - 235253760 _____ C:\Users\edna\Downloads\ElsterFormularUnternehmerSelbstaendige.msi
2017-05-15 10:14 - 2017-05-15 10:14 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-05-11 13:32 - 2017-04-29 00:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-11 13:32 - 2017-04-29 00:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 16:52 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-05-10 16:09 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-10 16:08 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 16:08 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 16:08 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-10 16:08 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 16:08 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 16:08 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-10 16:08 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 16:08 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 16:08 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 16:08 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 16:08 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 16:08 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 16:08 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 16:08 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 16:08 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 16:08 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 16:08 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 16:08 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-10 16:08 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 16:08 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 16:08 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 16:08 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 16:08 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-10 16:08 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 16:08 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 16:08 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 16:08 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 16:08 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 16:08 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 16:08 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 16:08 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 16:08 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 16:08 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-10 16:08 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 16:08 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 16:08 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-10 16:08 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 16:08 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 16:08 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 16:08 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 16:08 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-10 16:08 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 16:08 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 16:08 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 16:08 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 16:08 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 16:08 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 16:08 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 16:08 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 16:08 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 16:08 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 16:08 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 16:08 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 16:08 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 16:08 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 16:08 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-10 16:08 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-10 16:08 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-10 16:08 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-10 16:08 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-10 16:08 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-10 16:08 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 16:08 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 16:08 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 16:08 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 16:08 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 16:08 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 16:08 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-10 16:08 - 2017-03-11 01:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-10 16:08 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-10 16:08 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-10 16:08 - 2017-03-08 04:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-08 00:14 - 2017-05-08 00:14 - 03120875 _____ C:\Users\edna\Downloads\MLG_Plakat_Sommer2017_print.pdf
2017-05-03 23:28 - 2017-05-03 23:28 - 00000000 ____D C:\Program Files (x86)\IIS
2017-04-28 03:08 - 2017-05-26 01:44 - 00000000 ____D C:\AdwCleaner
2017-04-28 02:53 - 2017-04-28 02:53 - 00000000 ___HD C:\$AV_AVG
2017-04-28 02:51 - 2017-04-28 02:51 - 00000000 ____D C:\Users\edna\AppData\Local\Google
2017-04-27 18:44 - 2017-04-27 19:08 - 00001156 _____ C:\Users\edna\Desktop\Avast Browser Cleanup.lnk
2017-04-27 18:44 - 2017-04-27 18:44 - 00004210 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-4228764417-1678587509-1480794071-1002
2017-04-27 18:44 - 2017-04-27 18:44 - 00003364 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-4228764417-1678587509-1480794071-1002
2017-04-27 18:44 - 2017-04-27 18:44 - 00000000 ____D C:\Users\edna\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2017-04-27 18:44 - 2017-04-27 18:44 - 00000000 ____D C:\Users\edna\AppData\Roaming\AVAST Software
2017-04-27 18:43 - 2017-04-27 18:43 - 04284888 _____ (AVAST Software) C:\Users\edna\Downloads\avast-browser-cleanup-sfx.exe
2017-04-26 11:54 - 2017-05-05 12:26 - 00000000 ____D C:\Insist
2017-04-25 23:25 - 2017-05-15 10:15 - 00160008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys
2017-04-25 23:25 - 2017-05-15 10:15 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-04-25 23:25 - 2017-05-15 10:14 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00159496 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.149483610904601
2017-04-25 23:25 - 2017-05-15 10:14 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00102280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-04-25 23:25 - 2017-05-15 10:14 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-04-25 23:23 - 2017-05-04 14:24 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk
2017-04-23 00:39 - 2017-04-23 00:39 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\aaprdyoa.sys
2017-04-18 01:27 - 2017-04-18 01:27 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\qdatvl.sys
2017-04-17 22:27 - 2017-03-14 21:06 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-17 22:27 - 2017-03-14 16:26 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-17 22:27 - 2017-03-14 16:09 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-17 22:27 - 2017-03-14 16:08 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-17 22:27 - 2017-03-14 16:06 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-17 22:27 - 2017-03-13 18:08 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-04-17 22:27 - 2017-03-12 17:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-04-17 22:27 - 2017-03-11 05:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-04-17 22:27 - 2017-03-11 05:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-17 22:27 - 2017-03-11 05:44 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-17 22:27 - 2017-03-11 05:41 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-17 22:27 - 2017-03-04 21:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-17 22:27 - 2017-03-04 21:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-17 22:27 - 2017-03-04 20:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-17 22:27 - 2017-03-04 18:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-17 22:27 - 2017-03-03 17:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-17 22:27 - 2017-03-03 17:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-17 22:27 - 2017-03-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-17 22:27 - 2017-03-03 17:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-17 22:27 - 2017-02-11 20:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-04-17 22:27 - 2017-02-11 19:00 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-17 22:27 - 2017-02-11 18:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-04-17 22:27 - 2017-02-11 18:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-04-17 22:27 - 2017-02-10 16:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-04-17 22:27 - 2017-02-04 19:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-17 22:27 - 2017-02-04 19:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-17 22:27 - 2017-02-04 19:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-17 22:27 - 2017-01-19 04:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-04-17 22:27 - 2017-01-18 16:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-17 22:27 - 2017-01-18 16:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-17 22:27 - 2017-01-14 22:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-04-17 22:27 - 2017-01-14 21:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-04-17 22:27 - 2017-01-12 18:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-04-17 22:27 - 2017-01-12 18:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-04-17 22:27 - 2017-01-12 08:12 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-04-17 22:27 - 2017-01-11 21:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-04-17 22:27 - 2017-01-11 19:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-04-17 22:27 - 2017-01-11 17:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-04-17 22:27 - 2017-01-11 00:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-04-17 22:27 - 2017-01-10 23:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-04-17 22:27 - 2017-01-10 22:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-04-17 22:27 - 2017-01-10 21:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-04-17 22:27 - 2017-01-10 21:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-04-17 22:27 - 2017-01-06 19:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-04-17 22:27 - 2017-01-06 19:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-04-17 22:27 - 2016-12-25 03:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-04-17 22:27 - 2016-12-25 03:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-04-17 22:27 - 2016-12-25 02:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-04-17 22:27 - 2016-12-25 02:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-04-17 22:27 - 2016-12-25 01:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-04-17 22:27 - 2016-12-09 10:08 - 00379736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-04-17 22:26 - 2017-03-13 18:13 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-17 22:26 - 2017-03-13 18:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-17 22:26 - 2017-03-13 18:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-17 22:26 - 2017-03-13 17:59 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-17 22:26 - 2017-03-13 17:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-17 22:26 - 2017-03-13 17:56 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-17 22:26 - 2017-03-09 23:08 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-17 22:26 - 2017-03-09 21:29 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-11 08:42 - 2017-04-23 00:40 - 00000000 ____D C:\Users\edna\Downloads\burlesque
2017-04-06 17:11 - 2017-04-06 17:11 - 00096908 _____ C:\Users\edna\Downloads\Ausstellerinfos Mai 2017.pdf
2017-03-29 21:44 - 2017-03-29 21:44 - 00012250 _____ C:\Users\edna\Desktop\wochen tabelle.odt
2017-03-25 00:57 - 2017-03-25 00:57 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\bdoh.sys
2017-03-24 22:44 - 2017-03-24 22:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-23 23:56 - 2017-03-23 23:58 - 87100697 _____ C:\Users\edna\Downloads\Zwei Models und ein Jeep - Outdoor Shooting.mp4
2017-03-23 23:49 - 2017-03-23 23:51 - 09656205 _____ C:\Users\edna\Downloads\die docklandFASHIONparty von gestern Abend im... - Ulf Krueg.mp4
2017-03-15 21:35 - 2017-02-23 16:50 - 00093360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 21:35 - 2017-02-22 16:35 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 21:35 - 2017-02-22 16:35 - 01286144 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 21:35 - 2017-02-22 16:35 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 21:35 - 2017-02-22 16:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 21:35 - 2017-02-22 16:35 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 21:35 - 2017-02-22 16:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 21:35 - 2017-02-22 16:35 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 21:35 - 2017-02-22 16:35 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-15 21:35 - 2016-06-03 19:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-03-14 21:14 - 2017-02-09 17:28 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-14 21:14 - 2017-02-09 17:19 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-14 21:14 - 2017-02-09 17:16 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-14 21:14 - 2017-02-04 22:30 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-14 21:14 - 2017-02-04 22:30 - 01523216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-03-14 21:14 - 2017-02-04 22:30 - 01490128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-14 21:14 - 2017-02-04 22:30 - 01358960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-03-14 21:14 - 2017-02-04 21:30 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-14 21:14 - 2017-02-04 19:40 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-03-14 21:14 - 2017-01-11 21:37 - 02345984 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-14 21:14 - 2017-01-10 21:08 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-14 21:14 - 2017-01-05 20:09 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-03-14 21:14 - 2017-01-05 19:29 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-03-14 21:14 - 2017-01-05 19:13 - 07796224 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-03-14 21:13 - 2017-02-09 16:59 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-03-14 21:13 - 2017-02-09 16:58 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-03-14 21:13 - 2017-02-09 16:58 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-03-14 21:13 - 2017-02-04 21:32 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2017-03-14 21:13 - 2017-02-04 20:14 - 01001472 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 21:13 - 2017-02-04 19:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-14 21:13 - 2017-02-04 19:32 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-14 21:13 - 2017-02-04 19:17 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-14 21:13 - 2017-02-04 19:10 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-03-14 21:13 - 2017-02-04 19:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-14 21:13 - 2017-01-21 23:37 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-03-14 21:13 - 2017-01-21 21:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-14 21:13 - 2017-01-21 21:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-14 21:13 - 2017-01-21 20:40 - 00756736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-14 21:13 - 2017-01-21 20:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-14 21:13 - 2017-01-14 19:49 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2017-03-14 21:13 - 2017-01-05 18:57 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-03-06 17:25 - 2017-03-06 17:28 - 00642477 _____ C:\Users\edna\Desktop\übung2.psd
2017-03-06 14:32 - 2017-03-06 14:32 - 01304794 _____ C:\Users\edna\Desktop\übungseda.psd
==================== Drei Monate: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-27 18:11 - 2014-10-05 11:24 - 02076672 ___SH C:\Users\edna\Downloads\Thumbs.db
2017-05-27 18:04 - 2015-02-02 20:33 - 00237056 ___SH C:\Users\edna\Desktop\Thumbs.db
2017-05-27 18:04 - 2014-10-02 12:10 - 00000000 ___DO C:\Users\edna\SkyDrive
2017-05-27 18:04 - 2014-10-02 12:08 - 00000000 ____D C:\Users\edna\Documents\Youcam
2017-05-27 18:02 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-27 15:29 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-27 12:02 - 2016-09-21 20:52 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-26 22:39 - 2014-10-02 12:10 - 00000000 ____D C:\Users\edna\AppData\Roaming\Hewlett-Packard
2017-05-26 02:55 - 2014-10-02 12:12 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4228764417-1678587509-1480794071-1002
2017-05-26 02:33 - 2015-01-21 14:20 - 00910848 ___SH C:\Users\edna\Documents\Thumbs.db
2017-05-26 01:57 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-24 01:08 - 2014-10-05 18:06 - 00000000 ____D C:\Windows\system32\MRT
2017-05-24 01:07 - 2014-10-05 18:06 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-21 13:35 - 2014-10-02 12:07 - 00000000 ____D C:\Users\edna\AppData\Roaming\Adobe
2017-05-21 13:32 - 2015-02-02 19:56 - 00000000 ____D C:\Users\edna\.gimp-2.8
2017-05-21 13:31 - 2015-02-02 20:09 - 00000000 ____D C:\Users\edna\AppData\Local\gtk-2.0
2017-05-20 15:11 - 2014-10-02 12:26 - 00000000 ____D C:\Users\edna\AppData\Roaming\Mozilla
2017-05-20 11:38 - 2016-01-05 00:42 - 00000000 ____D C:\Users\edna\Dropbox
2017-05-16 13:35 - 2014-04-05 11:10 - 00000000 ____D C:\Users\Public\CyberLink
2017-05-12 13:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-05-11 16:55 - 2013-08-22 16:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-05-11 16:54 - 2014-10-03 13:14 - 00216740 ____H C:\Users\edna\AppData\Local\IconCache.db.backup
2017-05-11 13:30 - 2013-08-22 16:44 - 02982488 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 13:27 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\inetsrv
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 00:38 - 2014-10-03 00:12 - 00004342 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 00:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-05 13:12 - 2013-08-22 21:12 - 00000000 ____D C:\Windows\SKB
2017-05-01 00:36 - 2014-01-18 02:40 - 00802436 _____ C:\Windows\system32\perfh007.dat
2017-05-01 00:36 - 2014-01-18 02:40 - 00175180 _____ C:\Windows\system32\perfc007.dat
2017-05-01 00:36 - 2013-08-26 08:09 - 01926152 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-28 13:49 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-04-28 04:04 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppCompat
2017-04-27 19:09 - 2016-08-25 16:25 - 00001164 _____ C:\Users\Public\Desktop\Bamboo Dock.lnk
2017-04-27 19:09 - 2016-08-02 11:11 - 00002567 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2017-04-27 19:09 - 2015-01-21 13:52 - 00001126 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2017-04-27 19:09 - 2014-10-21 19:30 - 00002076 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2017-04-27 19:09 - 2014-10-02 23:35 - 00002709 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-27 19:09 - 2014-10-02 12:06 - 00002119 _____ C:\Users\Public\Desktop\Snapfish Fotos.lnk
2017-04-27 19:09 - 2014-01-17 18:52 - 00001109 _____ C:\Users\Public\Desktop\HP Connected Music.lnk
2017-04-27 19:08 - 2015-12-13 23:43 - 00002254 _____ C:\Users\edna\Desktop\HP Support Assistant.lnk
2017-04-27 19:08 - 2014-10-02 12:07 - 00001461 _____ C:\Users\edna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-27 19:05 - 2016-08-24 13:41 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2017-04-27 19:05 - 2016-08-24 13:41 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2017-04-27 19:05 - 2016-06-15 22:16 - 00000000 ____D C:\Users\edna\Desktop\Sony Ericsson handy
2017-04-27 19:05 - 2015-09-06 22:22 - 00000000 ____D C:\Users\edna\AppData\Roaming\Wacom
2017-04-27 19:05 - 2014-10-28 22:41 - 00000000 ____D C:\Users\edna\AppData\Local\HPConnectedMusic
2017-04-27 19:05 - 2014-10-06 01:31 - 00000000 ___RD C:\Windows\BrowserChoice
2017-04-27 19:05 - 2014-10-03 12:10 - 00000000 ____D C:\Users\edna\AppData\Roaming\CyberLink
2017-04-27 19:05 - 2014-10-03 00:11 - 00000000 ____D C:\Users\edna\AppData\Local\Adobe
2017-04-27 19:05 - 2014-10-02 23:35 - 00000000 ____D C:\Users\edna\AppData\Roaming\Skype
2017-04-27 19:05 - 2014-10-02 12:04 - 00000000 ____D C:\Users\edna
2017-04-27 19:05 - 2014-04-05 10:55 - 00000000 ____D C:\Users\UpdatusUser
2017-04-27 19:05 - 2013-09-01 04:03 - 00000000 ___HD C:\SYSTEM.SAV
2017-04-27 19:05 - 2013-08-26 08:57 - 00000000 ____D C:\Windows\Panther
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\security
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Registration
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\InputMethod
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\IME
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
2017-04-27 19:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\FileManager
2017-04-27 19:05 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-04-27 19:04 - 2016-08-25 16:24 - 00000000 ____D C:\Program Files (x86)\Bamboo Dock
2017-04-27 19:04 - 2015-09-06 22:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-27 19:04 - 2015-05-22 12:11 - 00000000 ____D C:\Users\edna\AppData\Local\Avg
2017-04-27 19:04 - 2014-04-05 10:48 - 00000000 ____D C:\Intel
2017-04-27 19:04 - 2013-08-26 08:13 - 00000000 ____D C:\inetpub
2017-04-27 19:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-05-21 13:31 - 2017-05-21 13:31 - 0011681 _____ () C:\Users\edna\AppData\Local\recently-used.xbel
2014-10-21 22:20 - 2014-10-21 22:20 - 0000017 _____ () C:\Users\edna\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-05-21 04:03
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24-05-2017
durchgeführt von edna (27-05-2017 18:13:10)
Gestartet von C:\Users\edna\Downloads
Windows 8.1 (Update) (X64) (2014-10-02 10:06:35)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4228764417-1678587509-1480794071-500 - Administrator - Disabled)
edna (S-1-5-21-4228764417-1678587509-1480794071-1002 - Administrator - Enabled) => C:\Users\edna
Gast (S-1-5-21-4228764417-1678587509-1480794071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4228764417-1678587509-1480794071-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-4228764417-1678587509-1480794071-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Production Premium (HKLM-x32\...\Adobe_36ac9dc8c9a94feb9e5886810012e78) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Avast Browser Cleanup (HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Avast Browser Cleanup) (Version: 12.1.2272.125 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.181.3.3057 - AVG Technologies)
AVG (Version: 1.181.4 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 3.9 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 3.9.0 - Wacom Europe GmbH) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-250C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3418 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
FMW 1 (Version: 1.202.1 - AVG Technologies) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.7140.5002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 de)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
NVIDIA Grafiktreiber 332.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.33 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {06F7C41D-D5E2-4E69-A379-7EC71450C2FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {2E57DDF3-3D32-4ABF-81B4-9BC22484B5DC} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {2E5B046F-67B8-45E2-9878-CA617433EA49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {36A2D39C-0682-41F3-8797-82C9366F6F50} - System32\Tasks\avast! BCU UpdateS-1-5-21-4228764417-1678587509-1480794071-1002 => C:\Users\edna\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {3859DD2C-8FD1-429B-A754-F51C17DE31E4} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
Task: {4256B94E-7A49-4C09-B33A-E8697F6B7AB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {511D66B1-9D09-4FF3-BDFF-0CE04EFC72BC} - System32\Tasks\avastBCLS-1-5-21-4228764417-1678587509-1480794071-1002 => C:\Users\edna\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2017-04-27] (AVAST Software)
Task: {7E52FDB0-39AD-4A72-B5C4-688AC37D7421} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {8758E008-35CF-4C51-8674-888EABAEB3A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {881164CF-D60B-469F-AB1A-5AB4F90BAB68} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {9BF9C791-CB81-4A0C-AC03-03CDFD59A4AB} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {9C388871-C240-49A4-A015-C1548F093291} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {AC3698EB-C09F-4D0B-9B1F-837A93A2B62E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {B3DCE44B-E303-4EE4-876A-2880FD7514E5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-05-24] (Microsoft Corporation)
Task: {B9BC956D-5370-4FD2-8E3F-8FAF7082860C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {E1AE9BC6-65CB-4234-B847-D356B6A1E94D} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-05-15] (AVG Technologies CZ, s.r.o.)
Task: {EB0EEC96-3CC2-4749-AE30-1609F938E6A2} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\HPCeeScheduleForedna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-05 10:55 - 2014-01-06 10:13 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-14 12:23 - 2013-10-14 12:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 12:24 - 2013-10-14 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 12:25 - 2013-10-14 12:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-09-06 22:20 - 2014-08-19 12:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-10-14 12:30 - 2013-10-14 12:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-10-21 19:26 - 2012-09-25 11:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2014-04-05 11:11 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00999024 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 67717632 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00178120 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00224352 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2014-10-21 19:25 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-11-28 22:18 - 2016-11-28 22:17 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2014-04-05 10:49 - 2013-09-04 03:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\edna\Desktop\callsheet.pdf:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\edna\Downloads\339086_skazochnaya_-vedmochka_-feya_1920x1081_(www.GdeFon.ru).jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "BambooCore"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\StartupApproved\Run: => "Bamboo Dock"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
15-05-2017 21:03:25 ElsterFormular wird installiert
16-05-2017 15:34:47 JRT Pre-Junkware Removal
18-05-2017 01:25:07 JRT Pre-Junkware Removal
18-05-2017 16:50:29 JRT Pre-Junkware Removal
18-05-2017 21:13:19 JRT Pre-Junkware Removal
20-05-2017 13:06:14 JRT Pre-Junkware Removal
21-05-2017 13:38:07 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/27/2017 02:45:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2411703
Error: (05/27/2017 02:45:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2411703
Error: (05/27/2017 02:45:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/27/2017 02:05:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2313
Error: (05/27/2017 02:05:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2313
Error: (05/27/2017 02:05:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/27/2017 02:05:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1110
Error: (05/27/2017 02:05:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1110
Error: (05/27/2017 02:05:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/27/2017 02:05:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2143079
Systemfehler:
=============
Error: (05/27/2017 06:02:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Error: (05/27/2017 06:02:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Error: (05/27/2017 06:02:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Error: (05/27/2017 06:01:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (05/27/2017 06:00:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "AVG PC TuneUp Service" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (05/27/2017 06:00:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/27/2017 06:00:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/27/2017 06:00:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/27/2017 06:00:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/27/2017 06:00:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-04-25 23:23:21.080
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:20.590
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:19.477
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:18.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:18.051
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:17.484
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:17.010
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:10.564
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:10.102
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:01.014
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 25%
Installierter physikalischer RAM: 8122.15 MB
Verfügbarer physikalischer RAM: 6026.7 MB
Summe virtueller Speicher: 9402.15 MB
Verfügbarer virtueller Speicher: 7546.28 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:682.07 GB) (Free:609.61 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.79 GB) (Free:1.59 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 7AE21138)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
28.05.2017, 12:52
| #12 |
| /// TB-Ausbilder | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitere Servus, wir entfernen noch ein bisschen was und kontrollieren nochmal alles. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4
Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
28.05.2017, 23:50
| #13 |
| | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitereCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 28-05-2017
durchgeführt von edna (28-05-2017 22:08:10) Run:2
Gestartet von C:\Users\edna\Downloads
Geladene Profile: UpdatusUser & edna (Verfügbare Profile: UpdatusUser & edna)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
FF HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\oemqkvkm.default\extensions\cliqz@cliqz.com => nicht gefunden
Folder: C:\Program Files (x86)\IIS
Folder: C:\ProgramData\{6D7D6B2B-F420-4D47-A984-F9E6A638BF48}
Folder: C:\Insist
Folder: C:\inetpub
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
CMD: dir "%SystemDrive%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
*****************
Prozesse erfolgreich geschlossen.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => Schlüssel erfolgreich entfernt
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Schlüssel nicht gefunden.
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\Software\Mozilla\Firefox\Extensions\\cliqz@cliqz.com => Wert erfolgreich entfernt
========================= Folder: C:\Program Files (x86)\IIS ========================
2017-05-03 23:28 - 2017-05-03 23:28 - 0000000 ____D () C:\Program Files (x86)\IIS\Microsoft Web Deploy V3
2017-05-03 23:28 - 2017-05-04 00:02 - 0000000 ____D () C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\te
2017-05-03 23:28 - 2017-05-03 04:46 - 0161523 _____ () C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\te\resources.pak
====== Ende von Folder: ======
========================= Folder: C:\ProgramData\{6D7D6B2B-F420-4D47-A984-F9E6A638BF48} ========================
2014-01-17 18:53 - 2014-01-17 18:53 - 0021494 _____ () C:\ProgramData\{6D7D6B2B-F420-4D47-A984-F9E6A638BF48}\0x0409.ini
2014-01-17 18:53 - 2014-01-17 18:53 - 45617664 _____ () C:\ProgramData\{6D7D6B2B-F420-4D47-A984-F9E6A638BF48}\HP Support Assistant.msi
====== Ende von Folder: ======
========================= Folder: C:\Insist ========================
2017-05-03 23:16 - 2017-05-03 23:16 - 9037036 _____ () C:\Insist\nne.pwb
2017-05-05 12:26 - 2017-05-05 12:26 - 11494692 _____ () C:\Insist\qft.cr7
2017-04-26 11:54 - 2017-04-26 11:54 - 8467652 _____ () C:\Insist\rzf.8v0
====== Ende von Folder: ======
========================= Folder: C:\inetpub ========================
2013-08-26 08:13 - 2013-08-26 08:13 - 0000000 ____D () C:\inetpub\history
2013-08-26 08:13 - 2013-08-26 08:13 - 0000000 ____D () C:\inetpub\history\CFGHISTORY_0000000001
2013-08-26 08:13 - 2013-08-26 08:13 - 0018690 _____ () C:\inetpub\history\CFGHISTORY_0000000001\administration.config
2013-08-26 08:13 - 2013-08-26 08:13 - 0012123 _____ () C:\inetpub\history\CFGHISTORY_0000000001\applicationHost.config
2014-04-05 12:11 - 2014-04-05 12:11 - 0000000 ____D () C:\inetpub\history\CFGHISTORY_0000000002
2014-04-05 12:11 - 2013-08-26 08:13 - 0018690 _____ () C:\inetpub\history\CFGHISTORY_0000000002\administration.config
2014-04-05 12:11 - 2014-04-05 12:11 - 0012123 _____ () C:\inetpub\history\CFGHISTORY_0000000002\applicationHost.config
====== Ende von Folder: ======
========= dir "%ProgramFiles%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Program Files
27.05.2017 18:00 <DIR> .
27.05.2017 18:00 <DIR> ..
17.01.2014 18:43 <DIR> 7-Zip
22.06.2016 14:36 <DIR> Adobe
05.04.2014 10:59 <DIR> Bonjour
27.04.2017 19:04 <DIR> Common Files
02.02.2015 14:04 <DIR> GIMP 2
05.04.2014 11:18 <DIR> Hewlett-Packard
05.04.2014 10:56 <DIR> Intel
11.05.2017 13:24 <DIR> Internet Explorer
26.05.2017 02:04 <DIR> Malwarebytes
07.02.2015 17:25 <DIR> Microsoft Office
26.08.2013 08:12 <DIR> MSBuild
05.04.2014 10:55 <DIR> NVIDIA Corporation
02.10.2014 12:06 <DIR> Online Services
05.04.2014 10:51 <DIR> Realtek
26.08.2013 08:12 <DIR> Reference Assemblies
05.04.2014 10:48 <DIR> Synaptics
06.09.2015 22:21 <DIR> Tablet
06.09.2015 22:21 <DIR> TabletPlugins
22.04.2017 22:46 <DIR> Windows Defender
04.05.2015 02:19 <DIR> Windows Mail
27.04.2017 19:04 <DIR> Windows Media Player
04.05.2015 02:19 <DIR> Windows Multimedia Platform
02.10.2014 09:40 <DIR> Windows NT
04.05.2015 02:19 <DIR> Windows Photo Viewer
04.05.2015 02:19 <DIR> Windows Portable Devices
0 Datei(en), 0 Bytes
27 Verzeichnis(se), 652.532.957.184 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramFiles(x86)%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Program Files (x86)
27.05.2017 18:00 <DIR> .
27.05.2017 18:00 <DIR> ..
27.04.2017 19:04 <DIR> Adobe
22.06.2016 12:59 <DIR> Adobe Media Player
25.04.2017 23:23 <DIR> AVG
27.04.2017 19:04 <DIR> Bamboo Dock
05.04.2014 10:59 <DIR> Bonjour
21.10.2014 19:26 <DIR> Brother
05.10.2014 11:30 <DIR> Cisco
24.03.2017 22:44 <DIR> Common Files
25.02.2016 21:47 <DIR> CyberLink
15.05.2017 21:04 <DIR> ElsterFormular
15.05.2017 21:04 <DIR> ElsterFormular Update Service
13.12.2015 23:43 <DIR> Hewlett-Packard
17.01.2014 18:52 <DIR> HPConnectedMusic
03.05.2017 23:28 <DIR> IIS
05.04.2014 10:54 <DIR> Intel
11.05.2017 13:24 <DIR> Internet Explorer
07.02.2015 17:25 <DIR> Microsoft Application Virtualization Client
07.02.2015 17:25 <DIR> Microsoft Office
17.01.2014 18:49 <DIR> Microsoft SQL Server Compact Edition
22.08.2013 17:36 <DIR> Microsoft.NET
20.05.2017 15:11 <DIR> Mozilla Firefox
20.05.2017 15:11 <DIR> Mozilla Maintenance Service
26.08.2013 08:12 <DIR> MSBuild
05.04.2014 10:56 <DIR> NVIDIA Corporation
02.10.2014 12:06 <DIR> Online Services
21.01.2015 13:51 <DIR> OpenOffice 4
05.10.2014 11:29 <DIR> Realtek
26.08.2013 08:12 <DIR> Reference Assemblies
24.03.2017 22:44 <DIR> Skype
06.09.2015 22:21 <DIR> TabletPlugins
22.04.2017 22:46 <DIR> Windows Defender
17.01.2014 18:49 <DIR> Windows Live
04.05.2015 02:15 <DIR> Windows Mail
27.04.2017 19:05 <DIR> Windows Media Player
04.05.2015 02:15 <DIR> Windows Multimedia Platform
22.08.2013 17:36 <DIR> Windows NT
04.05.2015 02:15 <DIR> Windows Photo Viewer
04.05.2015 02:15 <DIR> Windows Portable Devices
0 Datei(en), 0 Bytes
40 Verzeichnis(se), 652.533.149.696 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramData%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\ProgramData
27.04.2017 19:05 <DIR> Adobe
28.04.2017 02:36 <DIR> Apple
09.05.2017 13:26 <DIR> Avg
21.10.2014 19:17 <DIR> Brother
10.04.2017 11:47 <DIR> common
13.04.2015 00:30 <DIR> CyberLink
15.05.2017 21:06 <DIR> elsterformular
06.03.2017 13:09 <DIR> FLEXnet
14.12.2015 20:44 <DIR> Hewlett-Packard
05.04.2014 11:17 <DIR> install_clap
05.04.2014 10:56 <DIR> Intel
26.05.2017 02:04 <DIR> Malwarebytes
27.04.2017 19:05 <DIR> McAfee
27.04.2017 19:04 <DIR> MFAData
05.04.2014 10:55 <DIR> NVIDIA
05.04.2014 10:55 <DIR> NVIDIA Corporation
24.03.2017 22:44 <DIR> Package Cache
04.05.2015 02:14 <DIR> regid.1991-06.com.microsoft
24.03.2017 22:44 <DIR> Skype
05.04.2014 11:28 <DIR> Synaptics
06.09.2015 22:08 <DIR> SYSTEMAX Software Development
05.04.2014 11:17 <DIR> Temp
25.08.2016 16:26 <DIR> Wacom
17.01.2014 18:53 <DIR> {6D7D6B2B-F420-4D47-A984-F9E6A638BF48}
0 Datei(en), 0 Bytes
24 Verzeichnis(se), 652.533.149.696 Bytes frei
========= Ende von CMD: =========
========= dir "%Appdata%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Users\edna\AppData\Roaming
26.05.2017 01:44 <DIR> .
26.05.2017 01:44 <DIR> ..
21.05.2017 13:35 <DIR> Adobe
27.04.2017 18:44 <DIR> AVAST Software
25.04.2017 23:26 <DIR> AVG
31.10.2014 01:41 <DIR> Brother
27.04.2017 19:05 <DIR> CyberLink
15.05.2017 21:04 <DIR> elsterformular
26.05.2017 22:39 <DIR> Hewlett-Packard
13.12.2015 23:40 <DIR> hpqlog
02.10.2014 12:21 <DIR> Macromedia
20.05.2017 15:11 <DIR> Mozilla
21.01.2015 13:53 <DIR> OpenOffice
24.03.2017 23:16 <DIR> Profiles
27.04.2017 19:05 <DIR> Skype
08.04.2017 12:58 <DIR> SoftGrid Client
21.05.2017 13:35 <DIR> Synaptics
06.09.2015 22:08 <DIR> SYSTEMAX Software Development
27.04.2017 19:05 <DIR> Wacom
25.08.2016 16:26 <DIR> wacomid-desktop-launcher
25.08.2016 16:26 <DIR> wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
06.09.2015 22:21 <DIR> WTablet
0 Datei(en), 0 Bytes
22 Verzeichnis(se), 652.533.145.600 Bytes frei
========= Ende von CMD: =========
========= dir "%LocalAppdata%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Users\edna\AppData\Local
27.05.2017 18:00 <DIR> .
27.05.2017 18:00 <DIR> ..
27.04.2017 19:05 <DIR> Adobe
27.04.2017 19:04 <DIR> Avg
02.08.2016 11:11 <DIR> AvgSetupLog
19.05.2017 21:32 <DIR> CEF
25.02.2016 20:58 <DIR> CyberLink
28.05.2017 03:31 <DIR> Diagnostics
02.02.2015 19:56 <DIR> fontconfig
02.02.2015 19:56 <DIR> gegl-0.2
28.04.2017 02:51 <DIR> Google
21.05.2017 13:31 <DIR> gtk-2.0
23.07.2015 17:30 <DIR> GWX
03.01.2016 00:17 <DIR> Hewlett-Packard
27.04.2017 19:05 <DIR> HPConnectedMusic
20.05.2017 13:08 <DIR> Macromedia
17.11.2014 04:08 <DIR> MFAData
23.05.2017 23:34 <DIR> Microsoft
20.05.2017 15:16 <DIR> Mozilla
29.11.2015 16:04 <DIR> Packages
02.10.2014 12:07 <DIR> Power2Go8
26.05.2017 01:52 <DIR> Programs
21.05.2017 13:31 11.681 recently-used.xbel
21.10.2014 22:20 17 resmon.resmoncfg
28.05.2017 22:07 <DIR> Temp
15.03.2016 02:42 <DIR> VirtualStore
2 Datei(en), 11.698 Bytes
24 Verzeichnis(se), 652.533.231.616 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramFiles(x86)%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Program Files (x86)\Common Files
24.03.2017 22:44 <DIR> .
24.03.2017 22:44 <DIR> ..
22.06.2016 13:29 <DIR> Adobe
13.09.2016 18:47 <DIR> Adobe AIR
05.04.2014 11:11 <DIR> CyberLink
07.02.2015 17:25 <DIR> DESIGNER
05.04.2014 10:50 <DIR> InstallShield
05.04.2014 10:54 <DIR> Intel
05.04.2014 10:56 <DIR> Intel Corporation
22.06.2016 12:49 <DIR> Macrovision Shared
27.04.2017 19:04 <DIR> Microsoft Shared
05.04.2014 11:18 <DIR> Nikon
05.04.2014 10:49 <DIR> postureAgent
22.06.2016 13:35 <DIR> PX Storage Engine
22.08.2013 17:36 <DIR> Services
24.03.2017 22:44 <DIR> Skype
22.06.2016 13:35 <DIR> Sonic Shared
04.05.2015 02:14 <DIR> System
17.01.2014 18:48 <DIR> Windows Live
0 Datei(en), 0 Bytes
19 Verzeichnis(se), 652.533.231.616 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramW6432%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Program Files\Common Files
27.04.2017 19:04 <DIR> .
27.04.2017 19:04 <DIR> ..
22.06.2016 14:37 <DIR> Adobe
22.06.2016 12:54 <DIR> Macrovision Shared
27.04.2017 19:04 <DIR> microsoft shared
22.08.2013 17:36 <DIR> Services
04.05.2015 02:19 <DIR> System
0 Datei(en), 0 Bytes
7 Verzeichnis(se), 652.533.231.616 Bytes frei
========= Ende von CMD: =========
========= dir "%UserProfile%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Users\edna
27.04.2017 19:05 <DIR> .
27.04.2017 19:05 <DIR> ..
25.08.2016 16:24 2 .bdockinstall.log
21.05.2017 13:32 <DIR> .gimp-2.8
22.04.2015 09:56 <DIR> .thumbnails
19.10.2016 15:13 <DIR> Contacts
26.05.2017 02:19 <DIR> Desktop
26.05.2017 02:34 <DIR> Documents
28.05.2017 22:08 <DIR> Downloads
20.05.2017 11:38 <DIR> Dropbox
19.10.2016 15:13 <DIR> Favorites
12.05.2017 00:15 <DIR> Links
27.04.2017 19:05 <DIR> Music
27.04.2017 19:05 <DIR> Pictures
19.10.2016 15:13 <DIR> Saved Games
19.10.2016 15:13 <DIR> Searches
27.05.2017 18:04 <DIR> SkyDrive
13.11.2014 10:08 0 Sti_Trace.log
18.12.2014 14:41 <DIR> Tracing
19.10.2016 15:13 <DIR> Videos
2 Datei(en), 2 Bytes
18 Verzeichnis(se), 652.533.100.544 Bytes frei
========= Ende von CMD: =========
========= dir "%SystemDrive%" =========
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: 824A-5268
Verzeichnis von C:\Users\edna\Downloads
28.05.2017 22:08 <DIR> .
28.05.2017 22:08 <DIR> ..
23.07.2015 18:15 <DIR> 01
23.07.2015 18:19 <DIR> 02
09.10.2014 00:41 95.016 0233.jpg
23.07.2015 18:28 <DIR> 03
23.07.2015 18:54 <DIR> 04
23.07.2015 18:54 <DIR> 05
23.07.2015 18:54 <DIR> 06
31.10.2014 21:01 474.536 1025302_4970483255336_639491806_o.jpg
22.12.2016 23:24 81.031 10626630_1250514718311389_1580783630729902497_n.jpg
04.03.2015 18:37 8.580 11015389_10206436174128896_191770305_n.jpg
04.03.2015 18:37 11.250 11016673_10206436174088895_2147009902_n.jpg
04.03.2015 18:37 11.519 11039765_10206436174048894_2063230737_n.jpg
04.03.2015 18:37 12.516 11040296_10206436174168897_403285512_n.jpg
04.03.2015 18:37 9.607 11047176_10206436174208898_693329004_n.jpg
20.09.2015 13:47 121.399 11228056_766888233439181_6309911686651832765_o.jpg
22.12.2016 23:24 83.375 11694933_1250514774978050_7523890473802402890_n.jpg
16.03.2016 13:41 202.502 12124218_1079688298732587_455067566_o.jpg
13.01.2017 22:00 24.699 12733598_10153857130896963_5507688691236569225_n.jpg
22.12.2016 23:25 72.352 12744756_1250514791644715_3306869975446220779_n.jpg
19.01.2015 20:30 5.571.833 13 01 2015 Wiederholungsvorlesung.pdf
29.07.2016 19:48 282.065 13320987_292453617755249_5586482195791270562_o.jpg
08.12.2016 11:49 295.719 13415649_302776180056326_9093841995855496647_o.jpg
23.04.2017 01:04 93.608 13579730_10201742469759684_1530931708_o.jpg
18.08.2016 22:07 219.882 13584665_1019079848222804_5929849998407596204_o.jpg
17.01.2017 01:30 191.299 13637565-Jahrgang-Barock-Damastentwurf-Rahmen-Musterelements-Gravur-Retro-Stil-Lizenzfreie-Bilder.jpg
02.08.2016 11:49 52.576 13871811_10201937766882722_1976476839_n.jpg
02.08.2016 11:48 45.326 13871937_10201937766482712_1977081879_n.jpg
02.08.2016 11:49 54.425 13872538_10201937766602715_222060490_n.jpg
02.08.2016 11:47 68.660 13872571_10201937766042701_415148933_n.jpg
02.08.2016 11:48 56.735 13884373_10201937766282707_2102826763_n.jpg
02.08.2016 11:48 62.258 13884413_10201937766562714_1128061116_n.jpg
02.08.2016 11:47 84.405 13884447_10201937765882697_554403288_n.jpg
02.08.2016 11:48 55.959 13900539_10201937766242706_588273785_n.jpg
02.08.2016 11:49 62.420 13900704_10201937766842721_1938183601_n.jpg
02.08.2016 11:48 43.437 13933214_10201937766522713_1057705755_n.jpg
08.08.2016 16:33 117.915 13936608_10201960114721404_492846969_n.jpg
08.08.2016 16:33 105.294 13936672_10201960114521399_1039338851_n.jpg
08.08.2016 16:33 117.844 13942191_10201960114881408_516216253_n.jpg
08.08.2016 16:34 106.996 13988786_10201960114921409_732281151_n.jpg
23.04.2017 01:13 230.683 14324534_1054369951360460_378733913700961734_o.jpg
22.09.2016 00:18 124.417 14409149_10202130550342188_1265529779_n.jpg
21.09.2016 23:54 122.646 14409250_10202130562102482_383783044_n.jpg
21.09.2016 23:53 126.673 14445660_10202130550622195_1806410279_n.jpg
22.09.2016 00:19 103.359 14454738_10202130551262211_737647239_n.jpg
12.12.2016 01:10 342.242 14566434_354490101551600_2588327347842629678_o.jpg
12.12.2016 01:10 332.420 14902971_364871023846841_1357807970718283671_o.jpg
12.12.2016 01:09 456.984 14917239_364871093846834_5914240325114325297_o.jpg
07.12.2016 22:30 227.921 15042265_374137339586876_2005861726822501407_o.jpg
08.01.2017 03:22 51.740 15966106_1416672218365699_8873660339416229813_n.jpg
28.01.2017 14:25 173.873 16179829_1676353902657812_70073603052165550_o.jpg
02.02.2017 18:45 242.732 16409901_10211083009847638_1431618624_o.jpg
02.02.2017 18:46 164.111 16443759_10211083010967666_1839547173_o.jpg
02.02.2017 18:46 136.009 16466035_10211083020527905_1715798374_o.jpg
22.04.2015 19:02 53.278 17196_1040079416033428_3806807307860235016_n.jpg
02.05.2017 21:42 209.929 18261037_10203074608983064_1163516695_o.jpg
02.05.2017 21:42 131.339 18290180_10203074609623080_236025934_o.jpg
19.05.2016 14:32 3.584.860 220-Reiterhose.pdf
13.01.2017 22:08 42.198 233bffba9a8e8f82ec7587edf3ce87c6.jpg
22.12.2016 23:24 94.451 248717_1250514768311384_1093740069685856364_n.jpg
03.10.2014 16:28 64.509 292971_522492297777192_903782722_n.jpg
03.10.2014 16:26 148.775 295924_3624293961445_1548673891_n.jpg
03.10.2014 16:21 64.868 320125_3624259680588_517934085_n.jpg
03.10.2014 16:24 90.961 320245_3624270880868_842412611_n.jpg
26.07.2015 20:19 69.983 33129760.JPG
05.10.2014 11:24 731.455 339086_skazochnaya_-vedmochka_-feya_1920x1081_(www.GdeFon.ru).jpg
03.10.2014 16:17 105.821 377717_444165082294698_91872607_n.jpg
03.10.2014 16:20 43.038 394204_3624252960420_1994660596_n.jpg
03.10.2014 16:21 72.330 396138_3624260680613_89650734_n.jpg
03.10.2014 16:28 97.224 405794_522492911110464_430437946_n.jpg
26.07.2015 20:19 33.932 418x316.jpeg
03.10.2014 16:19 77.874 419298_431930246859577_1750210109_n.jpg
03.10.2014 16:20 60.154 424726_3624259400581_1724524774_n.jpg
29.10.2016 21:18 50.963.450 430-Dor-schulter-Keulenarm.pdf
09.10.2014 00:31 44.936 443579983_961.jpg
03.10.2014 16:22 86.512 488300_3624265360730_1760487591_n.jpg
03.10.2014 16:16 72.651 523523_444164965628043_2025052361_n.jpg
03.10.2014 16:23 112.766 526237_3624269480833_746738272_n.jpg
03.10.2014 16:31 59.393 527913_522550261104729_573068278_n.jpg
03.10.2014 16:26 67.485 543541_3624293641437_2047425693_n.jpg
03.10.2014 16:17 61.893 556397_444165315628008_358773223_n.jpg
03.10.2014 16:26 87.080 556399_3624293001421_445795354_n.jpg
03.10.2014 16:22 74.886 558306_3624264240702_1376422003_n.jpg
03.10.2014 16:25 85.294 558535_3624291841392_114635037_n.jpg
03.10.2014 16:30 103.638 558668_522550164438072_655657058_n.jpg
03.10.2014 16:30 92.961 579890_522550031104752_824766474_n.jpg
13.01.2017 22:04 40.768 63f86930ecb95302b5b5b654d19b7a75.jpg
19.12.2016 05:16 160.621 663924231.jpg
19.12.2016 05:16 155.186 663924232.jpg
19.12.2016 05:16 69.400 663924234.jpg
12.12.2016 01:19 153.320 663924236.jpg
12.12.2016 01:19 183.909 663924242.jpg
24.02.2015 15:37 <DIR> A+ sponsoring
22.04.2016 10:35 64.478 A+Gruppe.pdf
16.02.2016 10:56 201.495 abschlussBachelora8be65d6-ff49-434d-b9ce-eae88257c38f.pdf
27.05.2017 18:13 31.930 Addition.txt
08.12.2016 01:45 30.698 adinekirnberg_script.zip
19.05.2017 21:07 4.110.280 adwcleaner_6.047.exe
08.12.2016 01:17 271.713 annabel.zip
15.06.2015 11:38 156.941 ARC6902972997.pdf
19.01.2015 20:29 16.497.644 AUFKLŽRUNG.odt
16.06.2015 11:19 165.532 auftrag.pdf
06.04.2017 17:11 96.908 Ausstellerinfos Mai 2017.pdf
27.04.2017 18:43 4.284.888 avast-browser-cleanup-sfx.exe
02.08.2016 11:08 3.135.696 AVG_PCTuneUp_877.exe
22.04.2016 10:35 26.327 Backstage-Orga.pdf
07.12.2014 22:29 82.768 Bafoegbescheinigung_HAW_Hamburg_2188615_20142_833_07.12.2014.pdf
16.02.2016 10:48 99.370 Bafoegbescheinigung_HAW_Hamburg_2188615_20151__16.02.2016.pdf
16.02.2016 10:50 99.369 Bafoegbescheinigung_HAW_Hamburg_2188615_20152__16.02.2016.pdf
25.02.2016 15:23 99.369 Bafoegbescheinigung_HAW_Hamburg_2188615_20161__25.02.2016.pdf
18.01.2015 23:19 4.676.169 BELLE EPOQUE.pdf
19.02.2017 21:05 <DIR> Bestellnummer 402028-Dateien
16.02.2017 17:50 6.836 Bestellnummer 402028.htm
19.10.2016 15:24 7.997 Bewerbung Julia Vahjen.odt
18.01.2015 23:13 2.665.424 BIEDERMEIER.pdf
08.12.2016 01:21 234.771 bureno.zip
23.04.2017 00:40 <DIR> burlesque
08.09.2016 23:23 57.904 card-6275980244014675581.pdf
24.06.2015 00:28 97.607 details-hochzeits-kleid-verziert-rcken-schmuck.jpg
04.01.2017 01:45 325.400 dhl-paket-pk-preisuebersicht-2017.pdf
23.03.2017 23:51 9.656.205 die docklandFASHIONparty von gestern Abend im... - Ulf Krueg.mp4
09.10.2014 00:33 182.169 Drapery-blouse-Choosing-Blouse-According-to-Your-Body-Shape.jpg
24.06.2015 00:28 82.305 dress.jpg
05.01.2016 00:35 690.072 DropboxInstaller.exe
13.09.2016 01:55 <DIR> E!NYANI EDITORIAL
06.09.2015 22:04 <DIR> Easy Paint Tool SAI
05.10.2014 19:31 9.250.457 Easy Paint Tool SAI.rar
29.01.2017 02:09 428.564 edna-fosuaa 24.1.17.pdf
15.05.2017 20:24 235.253.760 ElsterFormularUnternehmerSelbstaendige.msi
08.12.2016 01:42 2.855.447 encina_script.zip
18.01.2015 23:19 972.837 ERSTE HAELFTE 20STES JAHRHUNDERT.pdf
20.12.2015 22:48 2.354.943 fa4ed139_video_games_starcraft_cats_animals_helmets_starcraft_ii_photomanipulation_1920x1080_wallpaper_WallpaperHD_2560x1440_www.paperhi.com.jpeg
28.05.2017 22:08 806 fixlist.txt
28.05.2017 22:08 15.312 Fixlog.txt
23.04.2016 11:39 186.150 FressnapfRechnung.pdf
28.05.2017 22:06 <DIR> FRST-OlderVersion
27.05.2017 18:13 57.545 FRST.txt
28.05.2017 22:06 2.429.952 FRST64.exe
02.02.2017 19:49 48.373 gieBERzid.jpg
02.02.2015 13:56 91.670.064 gimp-2.8.14-setup.exe
18.01.2015 23:16 4.643.446 GRUENDERZEIT.pdf
19.01.2015 13:04 37.535 gruppeneinteilung2015alle.pdf
25.08.2016 11:23 77.615 Handout BA und MA Hausarbeiten.Schaub.2016.pdf
19.02.2017 21:15 173.393 il_570xN.1147790779_nz3q.jpg
02.02.2015 13:48 4.774.944 IMG_1974.tif
02.02.2015 13:47 5.596.764 IMG_1976.tif
02.02.2015 13:48 6.135.154 IMG_1984.tif
02.02.2016 15:09 98.384 Immatrikulationsbescheinigung_HAW_Hamburg_2188615_20152__02.02.2016.pdf
06.09.2015 22:56 1.162.528 Inkscape - CHIP-Installer.exe
01.06.2016 23:23 1.114.640 Jeep-0990-2000x1333.jpg
16.05.2017 15:34 1.663.672 JRT.exe
19.06.2015 21:19 20.992 Jugemdkriminalit„t..doc
09.10.2014 00:41 45.825 M-XXL-2014-new-spring-summer-women-fashion-formal-work-font-b-wide-b-font-hem.jpg
21.01.2017 23:30 5.174.317 magentacloud(1).zip
21.01.2017 23:38 6.813.555 magentacloud(2).zip
21.01.2017 23:45 10.221.795 magentacloud(3).zip
01.02.2017 20:31 131.667.523 magentacloud(4).zip
23.01.2017 21:22 18.854.939 magentacloud-Edna.zip
21.01.2017 23:18 7.529.055 magentacloud.zip
08.12.2016 01:39 18.897 maratre.zip
08.12.2016 01:38 631.249 mark_my_words.zip
26.05.2017 02:03 63.364.552 mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
26.05.2017 01:56 566.128 mbam-clean-2.3.0.1001.exe
08.12.2016 01:21 13.326 metropolis3.zip
21.10.2014 19:22 45.949.032 MFC-250C-inst-win8-A1.EXE
21.10.2014 19:23 <DIR> mflpro
08.05.2017 00:16 927.971 MLG_Aufmacher_FB_Sommer2017.jpg
08.05.2017 00:14 3.120.875 MLG_Plakat_Sommer2017_print.pdf
19.01.2015 19:41 132.031.800 MoGe 2.Semester.zip
13.01.2015 19:57 98.722.304 Moge1.WAV
13.01.2015 20:07 66.368.000 Moge2.WAV
08.12.2016 01:34 4.314.754 morva.zip
08.12.2016 01:36 42.338 night_still_comes.zip
28.04.2015 20:35 445.820 Onlineabschluss_gruenstrom_12_Sofortbonus_18009024.pdf
19.06.2015 20:50 382.464 OpenDocument-Text-neu.doc
20.06.2015 15:29 314.368 OpenDocument-Text-neu2.doc
21.01.2015 13:42 1.191.200 OpenOffice - CHIP-Installer.exe
10.11.2014 23:37 297.446.638 Pic fr Eddy.rar
18.01.2015 23:13 2.227.209 PREMIER EMPIRE.pdf
09.10.2014 00:31 39.457 qAd9Fyd5do.jpg
08.12.2016 01:18 21.452 riesling.zip
19.01.2015 20:28 4.361.601 ROKOKO.pdf
27.11.2015 19:19 30.011 RS9832556960(1).pdf
27.11.2015 19:15 30.011 RS9832556960.pdf
09.10.2014 00:42 64.179 sand-oversized-shirt-dress.jpg
15.01.2017 16:47 2.101.368 Schnittbogen_Leggings.pdf
18.01.2015 23:16 3.592.043 SECOND EMPIRE.pdf
31.10.2014 13:33 374.752 skirt.png
20.12.2015 22:45 191.362 sonic_hd_wallpapers_39107-1600x1200.jpg
25.02.2016 20:52 152.921.312 sp69718.exe
22.04.2015 18:14 137.415 studiengangBachelora7f973b1-3045-4dbc-992f-e83119c6e7ce.pdf
10.11.2015 11:46 192.239 studiengangBachelorcb91049c-124c-4892-87c4-609ed08e851c.pdf
23.02.2015 13:10 <DIR> Swiss Prima Single Versichering
08.12.2016 01:39 2.441.721 taken_by_vultures.zip
24.05.2017 18:35 4.922.400 tdsskiller.exe
22.04.2016 10:35 32.590 TErminplaning Tabelle1.pdf
22.04.2015 15:10 111.015 VodafoneWillkommen_001935187328.pdf
25.08.2016 11:23 86.742 Wissenschaftliches Arbeiten geht wie ..pdf
26.07.2015 20:19 55.868 wonderland-580x250.jpg
23.03.2017 23:58 87.100.697 Zwei Models und ein Jeep - Outdoor Shooting.mp4
09.10.2014 00:34 70.509 zz37_00.jpg
186 Datei(en), 1.646.612.196 Bytes
16 Verzeichnis(se), 652.533.092.352 Bytes frei
========= Ende von CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20300274 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 738239 B
Edge => 0 B
Chrome => 0 B
Firefox => 374185918 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1646 B
NetworkService => 0 B
UpdatusUser => 0 B
edna => 2750903 B
RecycleBin => 0 B
EmptyTemp: => 387.5 MB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 22:08:18 ====
Code:
ATTFilter
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c69506a7ea8042489caa1e870d14be1e
# end=init
# utc_time=2017-05-28 08:35:44
# local_time=2017-05-28 10:35:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 33537
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c69506a7ea8042489caa1e870d14be1e
# end=updated
# utc_time=2017-05-28 08:40:43
# local_time=2017-05-28 10:40:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c69506a7ea8042489caa1e870d14be1e
# engine=33537
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-05-28 10:32:42
# local_time=2017-05-29 12:32:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 3116792 11774485 0 0
# scanned=381858
# found=45
# cleaned=0
# scan_time=6718
sh=3CD6407DD0E5D613FF6C56B0AC6AE070BF17B170 ft=0 fh=0000000000000000 vn="JS/Adware.Agent.O Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ccqvkrfjwvieirkysxbmhcpwwwceoddd\Firefox\Profiles\gn9pk59y.default-1493850063520\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi"
sh=DE831A313A5497617F8BA97DDE436087B325AD3B ft=1 fh=c1ef22637b1c55dc vn="Variante von Win32/Adware.ELEX.QM Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\cenudrngsquuhillzrtbcfqpecrccynf\WinSAP.dll"
sh=58EE26E2E942AA13B425344C9B910F8623BFF26D ft=1 fh=c71c00119851d925 vn="Variante von Win32/Adware.ELEX.NP Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\drkkychakcdgveonbbaqcidbdmhykdiz\WinSAP.dll"
sh=B36DB906BF692EC79D7804B22523D0F7E142ACC2 ft=0 fh=0000000000000000 vn="JS/Adware.Agent.O Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\gqtvwzuongvmxhtwxuhyabagjbisfgka\Firefox\Profiles\rim5g7r9.default-1412506256146\cache2\entries\66E36292B8EE3C619F6ACCC7032966A73537620F"
sh=675B06F12005D34C8A2921E8AA73D4DCC33D4FE8 ft=1 fh=01bb7cf90dda9b00 vn="Win32/Adware.ELEX.NZ Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\hjrgykuhbbhrqgbktubqogkbbkethalm\WinSAP.dll"
sh=B1F26B7B76726D40BFE7C6EB75F82AEF9DAFE371 ft=1 fh=4fd73a04c9f44be5 vn="Variante von Win32/Adware.ELEX.QQ Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\hwundekasvticugssbxsughmatvewsax\BIT.dll"
sh=3CD6407DD0E5D613FF6C56B0AC6AE070BF17B170 ft=0 fh=0000000000000000 vn="JS/Adware.Agent.O Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\igkoricrqfkatnxyiapdggsviakjussk\Firefox\Profiles\rim5g7r9.default-1412506256146\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi"
sh=5B519E63608FA192DA1ED116F7CCF5E27DDD2A8D ft=1 fh=c36d3e537633e1ea vn="Win32/TrojanDownloader.Adload.NRK Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\igkoricrqfkatnxyiapdggsviakjussk\Firefox\Profiles\rim5g7r9.default-1412506256146\extensions\323D625D490FE8DD@ext.u\data\algoad\pll.exe"
sh=87AD277F4D3A4641BFCD10663B3027FEC3B2EA16 ft=1 fh=f8f95ce942c47e2a vn="Variante von Win32/Adware.ELEX.NB Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\kjyrptugkxztyxkmvohcevgkjzmgqanj\bin\FirefoxUpdate.exe"
sh=492FA4F4E22975DE1D63C5CA27D380259375F957 ft=1 fh=8b1a3ed431dbfb88 vn="Variante von Win32/Adware.ELEX.MC Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\klkkeffutlhmrfkeyjcjsddgutehmimd\WinSAP.dll"
sh=3E201FDEBA122CAF7A8006945FC92CA0966140FE ft=1 fh=d652ab6f88627601 vn="Variante von Win32/Adware.ELEX.NQ Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\lslgyupflozmfulmjmokaxcfprlaalqj\bin\FirefoxUpdate.exe"
sh=5F8AE99D8EB97F5CEC819BB7E2C7734F9F205F77 ft=1 fh=16d954e9329ea7be vn="Variante von Win32/Adware.ELEX.QM Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ltslopdeyizvyvjcygmxwofqtypxxccv\BIT.dll"
sh=A136022D78A11A4D85E28B95BCCEF74675F55BB5 ft=1 fh=b829833b4730f3cc vn="Variante von Win64/Adware.ELEX.Y Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ptbjbhaesinytjunefrpywjtqrcpzeig\_ALLOWDEL_d0546d9\data.tmp"
sh=B1F26B7B76726D40BFE7C6EB75F82AEF9DAFE371 ft=1 fh=4fd73a04c9f44be5 vn="Variante von Win32/Adware.ELEX.QQ Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ptbjbhaesinytjunefrpywjtqrcpzeig\_ALLOWDEL_d0546d9\kokoko1.dll"
sh=7028DCD97F2122EE6514317E67D4360B09B25A45 ft=1 fh=c71c0011ba869294 vn="Variante von Win32/Adware.ELEX.LN Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ptbjbhaesinytjunefrpywjtqrcpzeig\_ALLOWDEL_d0546d9\MIO.dll"
sh=8804007DC261615E83BAD6289FC74EE6C10B9532 ft=1 fh=0b2354e572e1d442 vn="Win32/Tencent.I eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ptbjbhaesinytjunefrpywjtqrcpzeig\_ALLOWDEL_d0546d9\MIO.exe"
sh=6201AC6247BB57C79B4BDAD23B32DBBD01047EA3 ft=0 fh=0000000000000000 vn="Variante von Win32/Snarasite.H Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\ptbjbhaesinytjunefrpywjtqrcpzeig\_ALLOWDEL_d0546d9\Snarer.msi"
sh=0B6090D715409606364AD756B505FEB2DFEA0BFF ft=1 fh=8494ecd7c8e6cf8d vn="Variante von Win32/Adware.ELEX.QR Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ptbjbhaesinytjunefrpywjtqrcpzeig\_ALLOWDEL_d0546d9\SSS.dll"
sh=571E4EFD32DD4AD3B53D0D316EDEACF188E0D063 ft=1 fh=8f7bb76b2cf1b3d8 vn="Variante von Win32/Adware.ELEX.QM Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ptbjbhaesinytjunefrpywjtqrcpzeig\_ALLOWDEL_d0546d9\UAC.dll"
sh=DE831A313A5497617F8BA97DDE436087B325AD3B ft=1 fh=c1ef22637b1c55dc vn="Variante von Win32/Adware.ELEX.QM Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ptbjbhaesinytjunefrpywjtqrcpzeig\_ALLOWDEL_d0546d9\WinSAP.dll"
sh=3E890BF39464B345FF2E052A6E043D26EB3F7FF8 ft=1 fh=c71c00115fdec10f vn="Variante von Win32/Adware.ELEX.NO Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ptbjbhaesinytjunefrpywjtqrcpzeig\_ALLOWDEL_d0546d9\XOBc.dll"
sh=3E890BF39464B345FF2E052A6E043D26EB3F7FF8 ft=1 fh=c71c00115fdec10f vn="Variante von Win32/Adware.ELEX.NO Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ptbjbhaesinytjunefrpywjtqrcpzeig\_ALLOWDEL_d0546d9\XOBd.dll"
sh=3E890BF39464B345FF2E052A6E043D26EB3F7FF8 ft=1 fh=c71c00115fdec10f vn="Variante von Win32/Adware.ELEX.NO Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\ptbjbhaesinytjunefrpywjtqrcpzeig\_ALLOWDEL_d0546d9\XOBr.dll"
sh=B36DB906BF692EC79D7804B22523D0F7E142ACC2 ft=0 fh=0000000000000000 vn="JS/Adware.Agent.O Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\qpwinndltfqtkvnkcaqngyvostftsdxt\Firefox\Profiles\rim5g7r9.default-1412506256146\cache2\entries\66E36292B8EE3C619F6ACCC7032966A73537620F"
sh=5C8E862FD7664978CFAC3A794C010F8D0DB20635 ft=1 fh=cf112ad3aa19ceda vn="Variante von Win64/Snarasite.F Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\rshnergiajluiqhorlfovkpcuublrsmv\Snare.dll"
sh=F03918F9DE75B98F713C7BF6B5AFBA5EA7A520CC ft=1 fh=9e4585f9bc7a5011 vn="Variante von Win32/GenKryptik.AIFB Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\sgmaeiipokupdpnmjtllwjuyxejwggeq\Aramory.lqe"
sh=142F33C3821B9D110FA43BD113A2187D9FF7AD66 ft=1 fh=5b76e2a69940c5b3 vn="Variante von Win32/Adware.ELEX.QZ Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\stttcauidnwbtmrzighpvvuxzzusdxyc\BIT.dll"
sh=81E3F7C8B8F3B089494C997309D5DA26830F2BDC ft=1 fh=cf112ad32f81246c vn="Variante von Win64/Snarasite.F Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\tctzkpzzfinzyvbpeanjcbqbwcvskiaa\Snare.dll"
sh=AF064EC987662C5C4B58CF3EB6DE95DF2416F2EC ft=1 fh=098c6924a6652a5b vn="Variante von Win32/Adware.ELEX.MC Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\uihaovlcbnectriwbepilaxiquxgguim\WinSAP.dll"
sh=740A7B78C79B688A11DB549327DF01E801761571 ft=1 fh=cf112ad37ae492ad vn="Variante von Win64/Snarasite.F Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\uqxhyprrfsgigmyewblmskjaxeimoalg\Snare.dll"
sh=FC8779B6BF15FD43915CB22DB4FA022B7E65272F ft=1 fh=b7b3fd58653f273b vn="Win32/Adware.ELEX.MW Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\uytkxpkhpdjviuydnuawgqipcmorqxhd\Kitty.dll"
sh=6884B96ECEADEC98E040AB2FD6FCC0B44769AF89 ft=1 fh=9d20fba43c757cf1 vn="Variante von Win32/Adware.ELEX.QM Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\vzhznelhfrwqamlwwaaxylzsewqdwncy\BIT.dll"
sh=28523F5DB265C822ED4BE5649B3470FC6E949336 ft=1 fh=f9b393b7d4d3caa0 vn="Win32/Adware.ELEX.QV Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\wdhhedmxbodijivpwgtdrrdrbxwzdbsg\WinSAP.dll"
sh=BFE5532BB8B25879DA21D89F29F767EDCB4DD671 ft=1 fh=d5e4b0c3ee021813 vn="Variante von Win32/Adware.ELEX.LA Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\wdpvcfudkxhujcsiszllmzlucghquivu\Kitty.dll"
sh=B538EAD6A948A77EB953DEECC1C7018AB6E62032 ft=1 fh=e3e8b8414291360c vn="Variante von Win32/Adware.ELEX.JC Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\wmucdcqtnvhijrbfcpyqqtxlivgfklez\WinSAP.dll"
sh=2BF90ACCC687F68467302F5D9CD5E2F83E6DC7EA ft=0 fh=0000000000000000 vn="JS/Adware.Agent.O Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\xszdfxxdngwcdkecjgbsmbyiuejwmnyk\Firefox\Profiles\u2jbuddk.default\cache2\entries\66E36292B8EE3C619F6ACCC7032966A73537620F"
sh=6358C6945DDAA94F2B00B845F0DC00E86372C321 ft=1 fh=d46c1d80f553b2b3 vn="Variante von Win32/Adware.ELEX.MW Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\xvptjjolxkkixyciaukmnbdztyewujro\Kitty.dll"
sh=A3AE5E37BE0DAD59E42F31472026A6871D9EE7CB ft=1 fh=071dd9fce333f4be vn="Variante von Win32/Adware.ELEX.QM Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\yogfmkxdrhswwyppybmwouozwvnbqkka\BIT.dll"
sh=07C80F1C2F9AE88CAF83CE328EFDC1EFEF9216C9 ft=1 fh=1a708cc788fe3554 vn="Variante von Win32/GenKryptik.AIFB Trojaner" ac=I fn="C:\FRST\Quarantine\C\Cosusp\Aramory.lqe"
sh=8804007DC261615E83BAD6289FC74EE6C10B9532 ft=1 fh=0b2354e572e1d442 vn="Win32/Tencent.I eventuell unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\MIO\MIO.exe"
sh=0EAF686FBE9CCAA05B5C1C82E82920E88AB7514E ft=1 fh=b223df6be118cce4 vn="Variante von Win32/Adware.ELEX.NL Anwendung" ac=I fn="C:\Insist\nne.pwb"
sh=2EA7735DDC36F065653F38DB8769455AABBA59A2 ft=1 fh=1e8bf453cc3580b2 vn="Variante von Win32/Adware.ELEX.NL Anwendung" ac=I fn="C:\Insist\qft.cr7"
sh=4396EB6B9E885A53169614811AAAB87B48C1C45E ft=1 fh=83ada8f267882d38 vn="Variante von Win32/Adware.ELEX.NL Anwendung" ac=I fn="C:\Insist\rzf.8v0"
sh=AACB577964468A80DBB7F0994FE8DFA231A18F19 ft=1 fh=9115284a093f3cac vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\edna\Downloads\Inkscape - CHIP-Installer.exe"
sh=5DC6767D8CE6295E52A0C560083E70443474BD11 ft=1 fh=6360d5dec2807270 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\edna\Downloads\OpenOffice - CHIP-Installer.exe"
|
|
29.05.2017, 00:23
| #14 |
| | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitereCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
durchgeführt von edna (Administrator) auf EDNA (29-05-2017 00:56:25)
Gestartet von C:\Users\edna\Downloads
Geladene Profile: UpdatusUser & edna (Verfügbare Profile: UpdatusUser & edna)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(AVAST Software) C:\Users\edna\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-05] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-05-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [629848 2011-06-24] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Run: [Bamboo Dock] => C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [225792 2016-08-25] ()
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B06723A-FDFE-4E97-BF74-1EA62201DBC9}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
URLSearchHook: [S-1-5-21-4228764417-1678587509-1480794071-1001] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> {6C1AAC34-CF82-42D9-98BB-927F06618ADD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4228764417-1678587509-1480794071-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: lt3omf3d.default-1495134155076
FF ProfilePath: C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\lt3omf3d.default-1495134155076 [2017-05-29]
FF Extension: (uBlock Origin) - C:\Users\edna\AppData\Roaming\Mozilla\Firefox\Profiles\lt3omf3d.default-1495134155076\Extensions\uBlock0@raymondhill.net.xpi [2017-05-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-05-15] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-05-23] (AVG Technologies CZ, s.r.o.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [Datei ist nicht signiert]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-18] (CyberLink)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\elfoService.exe [1283336 2017-04-21] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [Datei ist nicht signiert]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-17] (Realtek Semiconductor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314128 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-05-15] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [129776 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102280 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [570320 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [160008 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340824 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-28] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-10-05] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2946264 2013-10-19] (Realtek Semiconductor Corporation )
R3 Sftfs; C:\Windows\system32\DRIVERS\Sftfswin7.sys [765288 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\system32\DRIVERS\Sftplaywin7.sys [268648 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\system32\DRIVERS\Sftvolwin7.sys [22376 2011-10-01] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-06-01] (AVG Netherlands B.V.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-28 22:33 - 2017-05-28 22:33 - 02870984 _____ (ESET) C:\Users\edna\Desktop\esetsmartinstaller_deu.exe
2017-05-28 22:13 - 2017-05-28 22:13 - 11584088 _____ (SurfRight B.V.) C:\Users\edna\Downloads\HitmanPro_x64.exe
2017-05-27 18:00 - 2017-05-28 22:08 - 00031356 _____ C:\Users\edna\Downloads\Fixlog.txt
2017-05-27 14:51 - 2017-05-28 22:06 - 00000000 ____D C:\Users\edna\Downloads\FRST-OlderVersion
2017-05-26 22:43 - 2017-05-26 22:43 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForedna.job
2017-05-26 02:34 - 2017-05-27 21:31 - 00000000 ____D C:\Users\edna\Documents\e!nyani
2017-05-26 02:19 - 2017-05-26 02:19 - 00001939 _____ C:\Users\edna\Desktop\mbam.txt
2017-05-26 02:04 - 2017-05-28 22:09 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-26 02:04 - 2017-05-26 02:04 - 00001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-26 02:04 - 2017-05-26 02:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-26 02:04 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-26 02:01 - 2017-05-26 02:03 - 63364552 _____ (Malwarebytes ) C:\Users\edna\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
2017-05-26 01:56 - 2017-05-26 01:56 - 00566128 _____ (Malwarebytes) C:\Users\edna\Downloads\mbam-clean-2.3.0.1001.exe
2017-05-24 18:39 - 2017-05-24 19:12 - 00245194 _____ C:\TDSSKiller.3.1.0.15_24.05.2017_18.39.09_log.txt
2017-05-24 18:37 - 2017-05-24 18:38 - 00007636 _____ C:\TDSSKiller.3.1.0.15_24.05.2017_18.37.14_log.txt
2017-05-24 18:35 - 2017-05-24 18:35 - 04922400 _____ (AO Kaspersky Lab) C:\Users\edna\Downloads\tdsskiller.exe
2017-05-24 18:33 - 2017-05-24 18:33 - 00047096 _____ C:\Users\edna\Desktop\FRST.txt
2017-05-24 18:33 - 2017-05-24 18:33 - 00037702 _____ C:\Users\edna\Desktop\Addition.txt
2017-05-24 18:31 - 2017-05-27 18:13 - 00031930 _____ C:\Users\edna\Downloads\Addition.txt
2017-05-24 18:30 - 2017-05-29 00:56 - 00020180 _____ C:\Users\edna\Downloads\FRST.txt
2017-05-24 18:30 - 2017-05-29 00:56 - 00000000 ____D C:\FRST
2017-05-21 13:35 - 2017-05-21 13:35 - 00000000 ____D C:\Users\edna\AppData\Roaming\Synaptics
2017-05-21 13:34 - 2017-05-28 22:09 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-21 13:31 - 2017-05-21 13:31 - 00011681 _____ C:\Users\edna\AppData\Local\recently-used.xbel
2017-05-20 15:11 - 2017-05-28 22:11 - 00000000 ____D C:\Users\edna\AppData\LocalLow\Mozilla
2017-05-20 15:11 - 2017-05-20 15:16 - 00000000 ____D C:\Users\edna\AppData\Local\Mozilla
2017-05-20 15:11 - 2017-05-20 15:11 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-20 15:11 - 2017-05-20 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-20 15:11 - 2017-05-20 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-20 13:08 - 2017-05-20 13:08 - 00000000 ____D C:\Users\edna\AppData\Local\Macromedia
2017-05-20 11:38 - 2017-05-20 13:19 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-05-19 21:32 - 2017-05-19 21:32 - 00000000 ____D C:\Users\edna\AppData\Local\CEF
2017-05-19 21:07 - 2017-05-19 21:07 - 04110280 _____ C:\Users\edna\Downloads\adwcleaner_6.047.exe
2017-05-16 17:38 - 2017-05-28 22:06 - 02429952 _____ (Farbar) C:\Users\edna\Downloads\FRST64.exe
2017-05-16 15:36 - 2017-05-21 13:40 - 00000542 _____ C:\Users\edna\Desktop\JRT.txt
2017-05-16 15:34 - 2017-05-16 15:34 - 01663672 _____ (Malwarebytes) C:\Users\edna\Downloads\JRT.exe
2017-05-15 21:05 - 2017-05-15 21:05 - 00001160 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Users\edna\AppData\Roaming\elsterformular
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Program Files (x86)\ElsterFormular Update Service
2017-05-15 21:04 - 2017-05-15 21:04 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2017-05-15 20:02 - 2017-05-15 20:24 - 235253760 _____ C:\Users\edna\Downloads\ElsterFormularUnternehmerSelbstaendige.msi
2017-05-15 10:14 - 2017-05-15 10:14 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-05-11 13:32 - 2017-04-29 00:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-11 13:32 - 2017-04-29 00:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 16:52 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-05-10 16:52 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-05-10 16:09 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-10 16:08 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 16:08 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 16:08 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-10 16:08 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 16:08 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 16:08 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 16:08 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-10 16:08 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 16:08 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 16:08 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 16:08 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 16:08 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 16:08 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 16:08 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 16:08 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 16:08 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 16:08 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 16:08 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 16:08 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-10 16:08 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 16:08 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 16:08 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 16:08 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 16:08 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-10 16:08 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 16:08 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 16:08 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 16:08 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 16:08 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 16:08 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 16:08 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 16:08 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 16:08 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 16:08 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-10 16:08 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 16:08 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 16:08 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-10 16:08 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 16:08 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 16:08 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 16:08 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 16:08 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 16:08 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-10 16:08 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 16:08 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 16:08 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 16:08 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 16:08 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 16:08 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 16:08 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 16:08 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 16:08 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 16:08 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 16:08 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 16:08 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 16:08 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 16:08 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 16:08 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-10 16:08 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-10 16:08 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-10 16:08 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-10 16:08 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-10 16:08 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-10 16:08 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 16:08 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 16:08 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 16:08 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 16:08 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 16:08 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 16:08 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-10 16:08 - 2017-03-11 01:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-10 16:08 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-10 16:08 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-10 16:08 - 2017-03-08 04:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-08 00:14 - 2017-05-08 00:14 - 03120875 _____ C:\Users\edna\Downloads\MLG_Plakat_Sommer2017_print.pdf
2017-05-03 23:28 - 2017-05-03 23:28 - 00000000 ____D C:\Program Files (x86)\IIS
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-29 00:56 - 2014-10-05 11:24 - 02076672 ___SH C:\Users\edna\Downloads\Thumbs.db
2017-05-28 22:11 - 2015-02-02 20:33 - 00237056 ___SH C:\Users\edna\Desktop\Thumbs.db
2017-05-28 22:11 - 2014-10-02 12:10 - 00000000 ___DO C:\Users\edna\SkyDrive
2017-05-28 22:11 - 2014-10-02 12:08 - 00000000 ____D C:\Users\edna\Documents\Youcam
2017-05-28 22:08 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-28 20:40 - 2016-09-21 20:52 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-27 23:37 - 2015-01-21 14:20 - 00910848 ___SH C:\Users\edna\Documents\Thumbs.db
2017-05-27 15:29 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-26 22:39 - 2014-10-02 12:10 - 00000000 ____D C:\Users\edna\AppData\Roaming\Hewlett-Packard
2017-05-26 02:55 - 2014-10-02 12:12 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4228764417-1678587509-1480794071-1002
2017-05-26 01:57 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-26 01:44 - 2017-04-28 03:08 - 00000000 ____D C:\AdwCleaner
2017-05-24 01:08 - 2014-10-05 18:06 - 00000000 ____D C:\Windows\system32\MRT
2017-05-24 01:07 - 2014-10-05 18:06 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-21 13:35 - 2014-10-02 12:07 - 00000000 ____D C:\Users\edna\AppData\Roaming\Adobe
2017-05-21 13:32 - 2015-02-02 19:56 - 00000000 ____D C:\Users\edna\.gimp-2.8
2017-05-21 13:31 - 2015-02-02 20:09 - 00000000 ____D C:\Users\edna\AppData\Local\gtk-2.0
2017-05-20 15:11 - 2014-10-02 12:26 - 00000000 ____D C:\Users\edna\AppData\Roaming\Mozilla
2017-05-20 11:38 - 2016-01-05 00:42 - 00000000 ____D C:\Users\edna\Dropbox
2017-05-16 13:35 - 2014-04-05 11:10 - 00000000 ____D C:\Users\Public\CyberLink
2017-05-15 10:15 - 2017-04-25 23:25 - 00160008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys
2017-05-15 10:15 - 2017-04-25 23:25 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-05-15 10:14 - 2017-04-25 23:25 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00159496 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.149483610904601
2017-05-15 10:14 - 2017-04-25 23:25 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00102280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-05-15 10:14 - 2017-04-25 23:25 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-05-12 13:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-05-11 16:55 - 2013-08-22 16:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-05-11 16:54 - 2014-10-03 13:14 - 00216740 ____H C:\Users\edna\AppData\Local\IconCache.db.backup
2017-05-11 13:30 - 2013-08-22 16:44 - 02982488 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 13:27 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\inetsrv
2017-05-11 13:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 00:38 - 2014-10-03 00:12 - 00004342 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 00:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-05 13:12 - 2013-08-22 21:12 - 00000000 ____D C:\Windows\SKB
2017-05-05 12:26 - 2017-04-26 11:54 - 00000000 ____D C:\Insist
2017-05-04 14:24 - 2017-04-25 23:23 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-01 00:36 - 2014-01-18 02:40 - 00802436 _____ C:\Windows\system32\perfh007.dat
2017-05-01 00:36 - 2014-01-18 02:40 - 00175180 _____ C:\Windows\system32\perfc007.dat
2017-05-01 00:36 - 2013-08-26 08:09 - 01926152 _____ C:\Windows\system32\PerfStringBackup.INI
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-05-21 13:31 - 2017-05-21 13:31 - 0011681 _____ () C:\Users\edna\AppData\Local\recently-used.xbel
2014-10-21 22:20 - 2014-10-21 22:20 - 0000017 _____ () C:\Users\edna\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-05-28 03:31
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 28-05-2017
durchgeführt von edna (29-05-2017 00:57:19)
Gestartet von C:\Users\edna\Downloads
Windows 8.1 (Update) (X64) (2014-10-02 10:06:35)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4228764417-1678587509-1480794071-500 - Administrator - Disabled)
edna (S-1-5-21-4228764417-1678587509-1480794071-1002 - Administrator - Enabled) => C:\Users\edna
Gast (S-1-5-21-4228764417-1678587509-1480794071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4228764417-1678587509-1480794071-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-4228764417-1678587509-1480794071-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Production Premium (HKLM-x32\...\Adobe_36ac9dc8c9a94feb9e5886810012e78) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Avast Browser Cleanup (HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\Avast Browser Cleanup) (Version: 12.1.2272.125 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.181.3.3057 - AVG Technologies)
AVG (Version: 1.181.4 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 3.9 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 3.9.0 - Wacom Europe GmbH) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-250C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3418 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
FMW 1 (Version: 1.202.1 - AVG Technologies) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.7140.5002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 de)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
NVIDIA Grafiktreiber 332.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.33 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {06F7C41D-D5E2-4E69-A379-7EC71450C2FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {2E57DDF3-3D32-4ABF-81B4-9BC22484B5DC} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {2E5B046F-67B8-45E2-9878-CA617433EA49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {36A2D39C-0682-41F3-8797-82C9366F6F50} - System32\Tasks\avast! BCU UpdateS-1-5-21-4228764417-1678587509-1480794071-1002 => C:\Users\edna\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {3859DD2C-8FD1-429B-A754-F51C17DE31E4} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
Task: {511D66B1-9D09-4FF3-BDFF-0CE04EFC72BC} - System32\Tasks\avastBCLS-1-5-21-4228764417-1678587509-1480794071-1002 => C:\Users\edna\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2017-04-27] (AVAST Software)
Task: {7E52FDB0-39AD-4A72-B5C4-688AC37D7421} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {8758E008-35CF-4C51-8674-888EABAEB3A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {916A7AC6-79BC-40B4-8819-72A55498492F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {9228279F-8E69-4288-B365-F3BC31022C2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {9BF9C791-CB81-4A0C-AC03-03CDFD59A4AB} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {9C388871-C240-49A4-A015-C1548F093291} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {AC3698EB-C09F-4D0B-9B1F-837A93A2B62E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {B3DCE44B-E303-4EE4-876A-2880FD7514E5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-05-24] (Microsoft Corporation)
Task: {B9BC956D-5370-4FD2-8E3F-8FAF7082860C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {E1AE9BC6-65CB-4234-B847-D356B6A1E94D} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-05-15] (AVG Technologies CZ, s.r.o.)
Task: {EB0EEC96-3CC2-4749-AE30-1609F938E6A2} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\HPCeeScheduleForedna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-05 10:55 - 2014-01-06 10:13 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-14 12:23 - 2013-10-14 12:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 12:24 - 2013-10-14 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 12:25 - 2013-10-14 12:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-09-06 22:20 - 2014-08-19 12:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-10-14 12:30 - 2013-10-14 12:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-10-21 19:26 - 2012-09-25 11:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2016-11-28 22:18 - 2016-11-28 22:17 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00999024 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 67717632 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00178120 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00224352 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-05-15 10:14 - 2017-05-15 10:14 - 00685784 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2014-10-21 19:25 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-04-05 11:11 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-04-05 10:49 - 2013-09-04 03:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\edna\Desktop\callsheet.pdf:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\edna\Downloads\339086_skazochnaya_-vedmochka_-feya_1920x1081_(www.GdeFon.ru).jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "BambooCore"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKU\S-1-5-21-4228764417-1678587509-1480794071-1002\...\StartupApproved\Run: => "Bamboo Dock"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
18-05-2017 01:25:07 JRT Pre-Junkware Removal
18-05-2017 16:50:29 JRT Pre-Junkware Removal
18-05-2017 21:13:19 JRT Pre-Junkware Removal
20-05-2017 13:06:14 JRT Pre-Junkware Removal
21-05-2017 13:38:07 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/29/2017 12:45:17 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (05/29/2017 12:44:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (05/29/2017 12:44:03 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Adobe Flash CS4\AIK1.1\runtimes\air\win\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Adobe\Adobe Flash CS4\AIK1.1\runtimes\air\win\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/29/2017 12:43:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (05/28/2017 10:37:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (05/28/2017 10:36:45 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Adobe Flash CS4\AIK1.1\runtimes\air\win\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Adobe\Adobe Flash CS4\AIK1.1\runtimes\air\win\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/28/2017 10:36:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (05/28/2017 10:35:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\edna\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (05/28/2017 10:35:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\edna\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (05/28/2017 10:35:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\edna\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Systemfehler:
=============
Error: (05/28/2017 11:42:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (05/28/2017 11:29:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (05/28/2017 10:38:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (05/28/2017 10:38:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (05/28/2017 10:38:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (05/28/2017 10:28:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/28/2017 10:08:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst konnte wegen einer fehlerhaften Anmeldung nicht gestartet werden.
Error: (05/28/2017 10:08:42 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
Die Anforderung wird nicht unterstützt.
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (05/28/2017 10:08:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Windows Search" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Dienst konnte wegen einer fehlerhaften Anmeldung nicht gestartet werden.
Error: (05/28/2017 10:08:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst konnte wegen einer fehlerhaften Anmeldung nicht gestartet werden.
CodeIntegrity:
===================================
Date: 2017-04-25 23:23:21.080
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:20.590
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:19.477
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:18.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:18.051
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:17.484
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:23:17.010
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:10.564
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:10.102
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-25 23:03:01.014
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 40%
Installierter physikalischer RAM: 8122.15 MB
Verfügbarer physikalischer RAM: 4806.13 MB
Summe virtueller Speicher: 9402.15 MB
Verfügbarer virtueller Speicher: 6187.48 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:682.07 GB) (Free:608.05 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.79 GB) (Free:1.59 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 7AE21138)
Partition: GPT.
==================== Ende von Addition.txt ============================
Vielen Dank für die Hilfe bis hierhin.  |
|
29.05.2017, 15:57
| #15 |
| /// TB-Ausbilder | Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitere Servus, ok, so geht es weiter (Achtung, Schritt 3 habe ich verändert!): Schritt 1
Schritt 2 Bitte setze deine Brower wie folgt zurück: IE ::: Setze folgendermassen den Internet Explorer zurück:
EDGE ::: Edge zurücksetzen FF ::: Firefox zurücksetzen CHR::: Chrome zurücksetzen OPR:: Opera zurücksetzen Schritt 3
Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
| Themen zu Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitere |
| adware, avast, browser, desktop, diverse, dll, einstellungen, entfernen, explorer, gerrupy, google, icons, internet, internet explorer, log, logfile, maleware, microsoft, neustart, ordner, problem, server, software, svchost, trojaner, virus, werbung, windows, wmi |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
