|
Log-Analyse und Auswertung: Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.08.2018, 20:02 | #1 |
| Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Trojaner eingefangen trotz aktuellem Avira. Auf populären News-Siten wird Chrome plötzlich umgeleitet auf https://prizemediayou.com. Zurück geht nicht mehr, man muss das Fenster schliessen. Rechner wird sehr sehr langsam, hängt teilweise für 30-40 Sekunden. Avira auf aktuellem Stand, surfe selbstverständlich auch nicht als Administrator. Ausser Updates auch nichts installiert, Herkunft ist mir unklar. Hier mein FRST Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018 Ran by popp_000 (ATTENTION: The user is not administrator) on ROLLS_PC (04-08-2018 12:12:23) Running from C:\Users\popp_000\Downloads Loaded Profiles: Rolls & popp_000 (Available Profiles: Rolls & popp_000) Platform: Windows 8.1 (Update) (X64) Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> winlogon.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> dwm.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> wlanext.exe Failed to access process -> conhost.exe Failed to access process -> spoolsv.exe Failed to access process -> sched.exe Failed to access process -> svchost.exe Failed to access process -> avguard.exe Failed to access process -> AppleMobileDeviceService.exe Failed to access process -> mDNSResponder.exe Failed to access process -> OfficeClickToRun.exe Failed to access process -> svchost.exe Failed to access process -> dasHost.exe Failed to access process -> EvtEng.exe Failed to access process -> FCUpdateService.exe Failed to access process -> HuaweiHiSuiteService64.exe Failed to access process -> HeciServer.exe Failed to access process -> ibtrksrv.exe Failed to access process -> iSCTAgent.exe Failed to access process -> PGService.exe Failed to access process -> RegSrvc.exe Failed to access process -> RichVideo64.exe Failed to access process -> svchost.exe Failed to access process -> VfConnectorService.exe Failed to access process -> ZeroConfigService.exe Failed to access process -> Avira.ServiceHost.exe Failed to access process -> unsecapp.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe Failed to access process -> SearchIndexer.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe Failed to access process -> iPodService.exe (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe Failed to access process -> devmonsrv.exe Failed to access process -> obexsrv.exe Failed to access process -> HPSupportSolutionsFrameworkService.exe Failed to access process -> GoogleCrashHandler.exe Failed to access process -> GoogleCrashHandler64.exe Failed to access process -> IAStorDataMgrSvc.exe Failed to access process -> IntelMeFWService.exe Failed to access process -> jhi_service.exe Failed to access process -> LMS.exe Failed to access process -> wmpnetwk.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Failed to access process -> WmiPrvSE.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> SearchFilterHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor) HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-01-20] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-01-20] (Lenovo(beijing) Limited) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.) HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [1775464 2011-10-24] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFCreHook] => C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [1771368 2011-10-24] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.) HKLM-x32\...\Run: [Nuance PDF Create 7-reminder] => "C:\Program Files (x86)\Nuance\PDFCreate\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Create 7\Ereg\Ereg.ini" HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-04] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [*WerKernelReporting] => C:\windows\SYSTEM32\WerFault.exe [465320 2014-10-29] (Microsoft Corporation) HKLM-x32\...\RunOnce: [{0bb4751a-1ff2-4c79-80df-5bab5da63823}] => C:\ProgramData\Package Cache\{0bb4751a-1ff2-4c79-80df-5bab5da63823}\Avira.OE.Setup.Bundle.exe [1293824 2018-07-12] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [Dropbox Update] => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654728 2018-06-26] (Skype Technologies S.A.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\RunOnce: [Application Restart #5] => C:\Users\popp_000\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-si (the data entry has 546 more characters). HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6574-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6629-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-01-20] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-08-02] ShortcutTarget: Dropbox.lnk -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-31] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-419436004-3641650613-4044294934-1004] => 144.76.1.58:80 Tcpip\Parameters: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 Tcpip\..\Interfaces\{4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}: [DhcpNameServer] 129.132.98.12 129.132.250.2 Tcpip\..\Interfaces\{A18FC3BF-B907-4373-9D7F-2A14F0C58609}: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 Tcpip\..\Interfaces\{E9525CEC-B32C-409E-B026-B233ABEF911C}: [DhcpNameServer] 129.132.98.12 129.132.250.2 Internet Explorer: ================== HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com URLSearchHook: [S-1-5-21-419436004-3641650613-4044294934-1001] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\.DEFAULT -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-01] (Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation) BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation) Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File FireFox: ======== FF DefaultProfile: o2okhndp.default FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Zotero\Zotero\Profiles\tco359nz.default [2016-06-17] FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2016-06-07] [Legacy] [not signed] FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2016-06-07] [Legacy] [not signed] FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Mozilla\Firefox\Profiles\o2okhndp.default [2018-05-16] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll [2011-02-16] (Zeon Corporation) FF Plugin HKU\S-1-5-21-419436004-3641650613-4044294934-1004: pokki.com/PokkiDownloadHelper -> C:\Users\popp_000\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://duckduckgo.com/ CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default [2018-08-04] CHR Extension: (Docs) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15] CHR Extension: (Google Drive) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03] CHR Extension: (uBlock Origin) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-18] CHR Extension: (Google-Suche) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04] CHR Extension: (Session Buddy) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-30] CHR Extension: (Zotero Connector) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2018-06-05] CHR Extension: (Google Docs Offline) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Google Mail) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02] CHR Extension: (Chrome Media Router) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-11] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [880040 2018-07-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164808 2018-07-11] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-04] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 lmhosts; C:\windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 lmhosts; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] () R2 NlaSvc; C:\windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 NlaSvc; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) R2 nsi; C:\windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 nsi; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-08] (PointGrab LTD) S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-08] (PointGrab LTD) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] () R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-01-20] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [179376 2018-07-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169864 2018-07-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-22] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-22] (Avira Operations GmbH & Co. KG) R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.) S3 ew_usbccgpfilter; C:\windows\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.) R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation) R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] () R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] () R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] () R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation) S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] () S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.) R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated) S1 vflt; C:\windows\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed] S3 vnet; C:\windows\system32\DRIVERS\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed] S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-04 12:12 - 2018-08-04 12:13 - 000028707 _____ C:\Users\popp_000\Downloads\FRST.txt 2018-08-04 12:12 - 2018-08-04 12:12 - 000000000 ____D C:\FRST 2018-08-04 12:11 - 2018-08-04 12:11 - 002412544 _____ (Farbar) C:\Users\popp_000\Downloads\FRST64.exe 2018-08-03 11:44 - 2018-08-03 11:44 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2 (1).exe 2018-08-03 11:28 - 2018-08-03 11:32 - 000000000 ____D C:\AdwCleaner 2018-08-03 11:28 - 2018-08-03 11:28 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2.exe 2018-08-03 11:01 - 2018-08-03 11:01 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-08-03 11:01 - 2018-08-03 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2018-08-03 10:35 - 2018-08-03 10:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2018-08-03 10:35 - 2018-08-03 10:35 - 000002237 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2018-08-02 12:05 - 2018-08-02 12:05 - 001318374 _____ C:\Users\popp_000\Downloads\foreignpolicy.com-Why I Didnt Sign Up to Defend the International Order.pdf 2018-08-02 11:33 - 2018-08-02 11:33 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-07-31 13:47 - 2018-03-27 01:24 - 000029352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll 2018-07-31 13:47 - 2018-03-27 01:24 - 000019088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll 2018-07-31 13:47 - 2018-03-27 01:17 - 000030888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll 2018-07-31 13:47 - 2018-03-27 01:17 - 000019088 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll 2018-07-30 13:38 - 2018-07-30 13:38 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-07-30 13:22 - 2018-07-30 13:22 - 001540104 _____ (CHIP Digital GmbH) C:\Users\popp_000\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe 2018-07-25 17:19 - 2018-07-25 17:19 - 000158109 _____ C:\Users\popp_000\Desktop\Bell_QuestioningGlobalTurn_2014.pdf 2018-07-25 17:19 - 2018-07-25 17:19 - 000065607 _____ C:\Users\popp_000\Desktop\Burton_MethodScaleWH_2007.pdf 2018-07-25 17:17 - 2018-07-25 17:17 - 000131170 _____ C:\Users\popp_000\Desktop\Tsing_EconomyAppearances_2000.pdf 2018-07-24 20:33 - 2018-07-24 20:33 - 002092858 _____ C:\Users\popp_000\Desktop\Tsing_GlobalSituation_2000.pdf 2018-07-23 19:48 - 2018-07-23 19:48 - 000055476 _____ C:\Users\popp_000\Desktop\GoodeRevonCollier_2018.pdf 2018-07-23 19:45 - 2018-07-23 19:45 - 001227292 _____ C:\Users\popp_000\Desktop\Rovner_LongWarEast_2018.pdf 2018-07-23 19:44 - 2018-07-23 19:44 - 000985481 _____ C:\Users\popp_000\Desktop\Kroenig_D&STRT_NucleNonprolif_2018.pdf 2018-07-23 19:22 - 2018-07-23 19:22 - 000282576 _____ C:\Users\popp_000\Desktop\Porter_HabitUSGrandStrategy_2018.pdf 2018-07-23 19:19 - 2018-07-23 19:19 - 000176411 _____ C:\Users\popp_000\Desktop\VielhaberBleek_ShadoiwwarsReview_2012.pdf 2018-07-23 19:06 - 2018-07-23 19:06 - 000527232 _____ C:\Users\popp_000\Desktop\MillerVolpe_SaudiNukes_2018.pdf 2018-07-23 19:06 - 2018-07-23 19:06 - 000417636 _____ C:\Users\popp_000\Desktop\Nephew_SanctionsRelief_2018.pdf 2018-07-23 19:04 - 2018-07-23 19:04 - 000501283 _____ C:\Users\popp_000\Desktop\Glaser_IllusionofAmericDecline_2018.pdf 2018-07-22 11:57 - 2018-07-22 11:57 - 000001333 _____ C:\Users\Public\Desktop\Skype.lnk 2018-07-22 11:57 - 2018-07-22 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-07-16 19:25 - 2018-07-16 19:25 - 000060349 _____ C:\Users\popp_000\Downloads\CAE17-09 Additional Information.pdf 2018-07-16 10:41 - 2018-07-16 10:41 - 000041845 _____ C:\Users\popp_000\Downloads\Buchungsdetail 20180716104127.pdf 2018-07-15 13:07 - 2018-06-29 00:07 - 000835064 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2018-07-15 13:07 - 2018-06-29 00:07 - 000179704 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-07-14 06:45 - 2018-07-14 06:52 - 000385911 _____ C:\Users\popp_000\Desktop\Passport.pdf 2018-07-12 11:17 - 2018-07-12 11:17 - 000001147 _____ C:\Users\Public\Desktop\Avira.lnk 2018-07-12 10:19 - 2018-06-20 22:01 - 007398232 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2018-07-12 10:19 - 2018-06-20 21:44 - 001676064 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2018-07-12 10:19 - 2018-06-20 21:44 - 001536120 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2018-07-12 10:19 - 2018-06-20 20:48 - 000095744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys 2018-07-12 10:19 - 2018-06-20 20:48 - 000027136 ____C (Microsoft Corporation) C:\windows\system32\Drivers\fxppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000092672 ____C (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys 2018-07-12 10:19 - 2018-06-15 05:01 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2018-07-12 10:19 - 2018-06-12 10:00 - 022374248 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2018-07-12 10:19 - 2018-06-12 09:57 - 019790760 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2018-07-12 10:19 - 2018-06-11 18:55 - 025744896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2018-07-12 10:19 - 2018-06-11 18:36 - 003119616 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll 2018-07-12 10:19 - 2018-06-11 18:14 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2018-07-12 10:19 - 2018-06-11 18:06 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2018-07-12 10:19 - 2018-06-11 18:04 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2018-07-12 10:19 - 2018-06-11 17:39 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2018-07-12 10:19 - 2018-06-11 17:36 - 015283200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2018-07-12 10:19 - 2018-06-11 17:31 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2018-07-12 10:19 - 2018-06-11 17:22 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2018-07-12 10:19 - 2018-06-11 17:11 - 001545216 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2018-07-12 10:19 - 2018-06-11 16:59 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2018-07-12 10:19 - 2018-06-09 18:40 - 020286976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2018-07-12 10:19 - 2018-06-09 18:26 - 002712064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll 2018-07-12 10:19 - 2018-06-09 18:09 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2018-07-12 10:19 - 2018-06-09 17:59 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2018-07-12 10:19 - 2018-06-09 17:37 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2018-07-12 10:19 - 2018-06-09 17:37 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2018-07-12 10:19 - 2018-06-09 17:36 - 013680128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2018-07-12 10:19 - 2018-06-09 17:32 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2018-07-12 10:19 - 2018-06-09 17:11 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2018-07-12 10:19 - 2018-06-09 17:08 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2018-07-12 10:19 - 2018-06-09 17:06 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2018-07-12 10:19 - 2018-06-09 04:47 - 002176072 _____ (Microsoft Corporation) C:\windows\system32\combase.dll 2018-07-12 10:19 - 2018-06-09 03:44 - 001565528 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll 2018-07-12 10:19 - 2018-06-08 20:26 - 000440832 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll 2018-07-12 10:19 - 2018-06-08 19:54 - 000656384 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll 2018-07-12 10:19 - 2018-06-08 19:53 - 000252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll 2018-07-12 10:19 - 2018-06-08 19:07 - 000404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll 2018-07-12 10:19 - 2018-06-08 18:44 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll 2018-07-12 10:19 - 2018-06-07 20:51 - 000074240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys 2018-07-12 10:19 - 2018-05-24 23:29 - 002449752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2018-07-12 10:19 - 2018-05-24 23:29 - 000428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS 2018-07-12 10:19 - 2018-05-15 10:42 - 000590680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2018-07-12 10:19 - 2018-05-04 01:02 - 000439640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2018-07-12 10:19 - 2018-05-04 01:02 - 000325456 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2018-07-12 10:19 - 2018-05-04 01:02 - 000187728 ____C (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS 2018-07-12 10:19 - 2018-04-26 15:43 - 000918296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000065880 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000021848 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000018776 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000015704 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000015192 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000013656 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000013152 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000998912 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000063832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000020824 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000019288 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000016216 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000015704 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000014168 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000013656 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012632 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2018-07-12 10:19 - 2018-04-25 19:38 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2018-07-12 10:02 - 2018-06-12 21:01 - 000149632 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe 2018-07-12 10:02 - 2018-06-08 15:15 - 002860032 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2018-07-12 10:02 - 2018-06-08 15:15 - 001602048 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000783872 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000612352 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000470016 _____ (Microsoft Corporation) C:\windows\system32\centel.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000443392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000301056 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000246272 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2018-07-11 13:58 - 2018-07-11 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2018-07-09 17:51 - 2018-07-09 17:51 - 000111660 _____ C:\Users\popp_000\Downloads\RAC 15-148.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-04 12:12 - 2015-06-19 15:42 - 000001254 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job 2018-08-04 12:12 - 2015-06-19 15:42 - 000001202 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job 2018-08-04 11:30 - 2017-09-16 11:44 - 000007594 _____ C:\Users\Rolls\AppData\Local\Resmon.ResmonCfg 2018-08-04 11:30 - 2014-02-24 22:06 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-04 11:30 - 2014-02-24 22:06 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-03 11:45 - 2014-03-04 14:59 - 000000000 ___DO C:\Users\popp_000\SkyDrive 2018-08-03 11:38 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2018-08-03 11:35 - 2014-01-20 08:43 - 000027136 _____ C:\windows\system32\VfService.trf 2018-08-03 11:23 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness 2018-08-03 11:05 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-08-03 11:01 - 2017-05-02 11:20 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-08-03 10:59 - 2014-01-20 08:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-08-03 10:54 - 2013-08-22 17:36 - 000000000 ____D C:\windows\tracing 2018-08-03 10:34 - 2014-02-24 22:06 - 000000000 ____D C:\Program Files (x86)\Google 2018-08-02 11:46 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf 2018-08-02 11:34 - 2014-03-04 15:59 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Dropbox 2018-08-01 11:33 - 2014-01-20 08:31 - 000157476 _____ C:\windows\system32\perfc00C.dat 2018-08-01 11:33 - 2014-01-20 08:31 - 000081754 _____ C:\windows\system32\perfh00C.dat 2018-08-01 11:33 - 2014-01-20 08:26 - 000761160 _____ C:\windows\system32\perfh007.dat 2018-08-01 11:33 - 2014-01-20 08:26 - 000157652 _____ C:\windows\system32\perfc007.dat 2018-08-01 11:33 - 2013-10-07 20:27 - 002015868 _____ C:\windows\system32\PerfStringBackup.INI 2018-07-31 13:59 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp 2018-07-30 17:51 - 2014-03-04 16:03 - 000000000 ___RD C:\Users\popp_000\Dropbox 2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\ProgramData\Garmin 2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\Program Files (x86)\Garmin 2018-07-28 21:45 - 2014-01-20 08:13 - 000000000 ____D C:\ProgramData\Package Cache 2018-07-25 17:59 - 2014-03-04 22:53 - 000000000 ____D C:\Users\popp_000\AppData\Local\CrashDumps 2018-07-24 21:31 - 2017-11-17 11:34 - 000000000 ____D C:\Users\popp_000\Desktop\LATER 2018-07-24 16:36 - 2018-05-07 11:13 - 001091675 _____ C:\Users\popp_000\Desktop\Kennedy_WoodrowWWI_2018.pdf 2018-07-22 11:57 - 2016-01-24 17:30 - 000000000 ___RD C:\Program Files (x86)\Skype 2018-07-22 11:57 - 2014-03-25 21:31 - 000000000 ____D C:\ProgramData\Skype 2018-07-22 11:55 - 2014-03-25 21:31 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Skype 2018-07-18 22:51 - 2017-05-02 11:26 - 000002377 _____ C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2018-07-16 20:48 - 2013-08-22 17:36 - 000000000 ____D C:\windows\LiveKernelReports 2018-07-16 15:07 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache 2018-07-15 13:33 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-07-15 13:23 - 2014-01-20 08:44 - 000000000 ____D C:\ProgramData\Energy Manager 2018-07-15 13:04 - 2013-08-22 16:44 - 000500816 _____ C:\windows\system32\FNTCACHE.DAT 2018-07-15 12:58 - 2015-04-18 18:10 - 000000000 ____D C:\windows\system32\appraiser 2018-07-15 12:58 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData 2018-07-15 12:57 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\NDF 2018-07-12 15:38 - 2014-03-04 15:58 - 000000000 ____D C:\windows\system32\MRT 2018-07-12 15:31 - 2014-03-04 15:58 - 134675576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe 2018-07-12 09:52 - 2018-05-09 10:30 - 000685568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2018-07-11 13:55 - 2014-02-24 22:16 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2018-07-11 13:55 - 2014-02-24 22:16 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2018-07-10 17:05 - 2014-03-04 14:56 - 000000000 ____D C:\Users\popp_000\AppData\Local\VirtualStore 2018-07-09 16:52 - 2015-11-09 17:52 - 000000424 _____ C:\windows\Tasks\DriverEasy Scheduled Scan.job Some files in TEMP: ==================== 2014-03-04 14:58 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\popp_000\AppData\Local\Temp\avgnt.exe 2016-12-31 18:38 - 2014-07-01 11:20 - 011719232 _____ (Foxit Corporation) C:\Users\popp_000\AppData\Local\Temp\Foxit Reader Updater.exe 2014-12-21 09:41 - 2014-12-21 09:41 - 095168336 _____ (SweetLabs,Inc.) C:\Users\popp_000\AppData\Local\Temp\oct50EC.tmp.exe 2017-07-12 13:05 - 2017-07-12 13:06 - 064794200 _____ (SweetLabs,Inc.) C:\Users\popp_000\AppData\Local\Temp\oct5FE4.tmp.exe 2017-10-02 13:09 - 2018-07-22 11:56 - 057812744 _____ (Skype Technologies S.A.) C:\Users\popp_000\AppData\Local\Temp\SkypeSetup.exe 2014-02-24 22:16 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\Rolls\AppData\Local\Temp\avgnt.exe 2015-11-09 17:47 - 2015-11-09 17:47 - 064809432 _____ (SweetLabs,Inc.) C:\Users\Rolls\AppData\Local\Temp\oct5CEE.tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================ --- --- --- Additions.txt: [CODE]Additional FRST Logfile: FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by popp_000 (04-08-2018 12:15:35) Running from C:\Users\popp_000\Downloads Windows 8.1 (Update) (X64) (2014-02-24 19:54:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-419436004-3641650613-4044294934-500 - Administrator - Disabled) Guest (S-1-5-21-419436004-3641650613-4044294934-501 - Limited - Disabled) popp_000 (S-1-5-21-419436004-3641650613-4044294934-1004 - Limited - Enabled) => C:\Users\popp_000 Rolls (S-1-5-21-419436004-3641650613-4044294934-1001 - Administrator - Enabled) => C:\Users\Rolls ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM-x32\...\{b883705a-0784-4d1e-9766-601e8d66945a}) (Version: 1.2.115.14232 - Avira Operations GmbH & Co. KG) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Dropbox (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.) Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Hidden Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation) Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions) GentiumPlus 1.510 (HKLM-x32\...\GentiumPlus) (Version: - ) GitHub (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.) Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard) HP Support Solutions Framework (HKLM-x32\...\{AAE126B3-95C5-49E1-A590-7B5F6EDC7D60}) (Version: 12.5.32.203 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{CF713F23-4866-4A5D-91CC-A5F42111C82A}) (Version: 12.7.5.9 - Apple Inc.) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) jpgtopdf_setup (HKLM-x32\...\{6C1A8DBD-C0AA-4FD0-93C8-33934FD3F396}) (Version: 1.0.0.1 - jpgtopdf_setup_caudio) Hidden Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.) Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo) Lenovo Motion Control (HKLM-x32\...\{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Hidden Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo) MailStore Home 10.1.2.12457 (HKLM-x32\...\MailStore Home_universal1) (Version: 10.1.2.12457 - MailStore Software GmbH) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 57.0.4 (x64 de) (HKLM\...\Mozilla Firefox 57.0.4 (x64 de)) (Version: 57.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla) Nuance PDF Create 7 (HKLM\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Create 7 (HKLM-x32\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.) ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version: - ) Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Skype Version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated) UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.) vpnui.exe custom database (HKLM\...\{f0fbb653-f915-4899-a129-43562c94b062}.sdb) (Version: - ) Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll -> No File ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers4-x32: [FolderColorize] -> {3443FE61-F294-403D-A4A6-53E034FC9B3F} => C:\Program Files\Folder Colorizer\FolderColorShlExt.dll [2014-01-13] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers1_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DriverEasy Scheduled Scan.job => Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2018-06-27 08:53 - 2018-06-22 21:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll 2018-06-27 08:53 - 2018-06-22 21:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2015-11-22 17:35 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\popp_000\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 62.2.17.60 - 62.2.24.162 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "PDFCreHook" HKLM\...\StartupApproved\Run32: => "PDFProHook" HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "World of Tanks" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "Skype for Desktop" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C3EC1C83-ED75-4491-B69D-9C40FAD13721}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{6FCD0814-38FE-47D2-816C-72C1415D1D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{E620D2F9-0BA9-4DFE-8D6B-9C59F1F71526}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{1077B56E-1938-4248-A619-9B854EE3AFD9}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{AFFD236C-2F03-4514-9493-28D4A9C50B77}] => (Allow) C:\Users\Rolls\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{F288F15D-002F-40A2-A40C-97E28F56AA80}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{AD2DB122-CC56-424D-8E16-AA4AAECF4344}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{3EF055D5-32DE-4CA6-BE7C-F5665694844B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{D21787BE-28FE-4C10-A07A-1CCFE3E7B79D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{FB099CB8-CA09-4117-99D4-B42CDBB28D90}] => (Allow) C:\Users\Rolls\AppData\Local\Viber\Viber.exe FirewallRules: [{965D02E2-997F-4A1B-9984-1738A0E2A113}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{CE0097F9-DC40-4522-87F1-1051989D5C39}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D889966A-1277-4A5D-9DA8-ED3C03A0E9C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BDDE8199-B36C-41F3-AA66-04834F80B129}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CC8120C7-33BE-4EE0-A5D3-2FC1CDB57184}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{FFDB7024-EDC1-4129-AAE2-F6C96C8E383E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{C6053D39-4308-4B42-8A8A-6E2A35310460}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{95CBABA5-8E3D-4A5B-A1B8-03D82509368F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{6266A37E-5C70-40AA-899F-C3525EED13D9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{3AFE67D9-1ACF-4E60-AE30-AEF8B0F6AEEC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{3907E02F-601D-4C7F-B2FA-D854CBCE60F4}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{0B084486-00AB-497C-885E-F03C9EA3A10F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{04F273D0-6AE9-4E96-B78C-3ACFB71DE717}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{C62B610C-F3DB-4EFA-92DC-01B1BDB6CE37}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{E8091B04-83D8-4214-92CC-9E6103FBD59F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{33047F60-F67D-430B-B231-902153223054}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2B912316-B9F7-4E28-9106-2F194B2C3068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8A7C5277-E975-4A7B-A51E-0F21B6A95CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22D86146-2671-4E3D-92CB-8F6C06857C3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8ACE25C7-A358-4542-9ABA-01AD445562AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{2BAD3012-6736-4535-87B5-A0A267A5B46F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{471A0AF8-318E-4228-97DE-AEE58A161E68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{9F29F59E-3EB9-415A-9AAA-8F8ED2C6BB02}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{B23CA18C-2F92-44C0-B9C1-B1EBA20109DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/04/2018 11:17:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 74821703 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 74821703 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/03/2018 11:44:34 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d5c Startzeit: 01d42b0dcbb3b9b0 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: c2926c2b-9701-11e8-8336-fcf8ae81aa91 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (08/03/2018 11:42:02 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (08/03/2018 10:40:27 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/03/2018 10:36:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6a18 Startzeit: 01d42b03eebce287 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 3f7d4b87-96f8-11e8-8334-fcf8ae81aa91 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (08/04/2018 11:08:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY) Description: Für den Miniport "Realtek PCIe GBE Family Controller, {4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}" ist das Ereignis "74" aufgetreten. Error: (08/03/2018 11:43:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "HP Support Solutions Framework Service" wurde nicht richtig gestartet. Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:34:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:34:41 AM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Windows Defender: =================================== Date: 2017-05-04 16:39:21.013 Description: Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Betroffene Signaturen: Aktuell Fehlercode: 0x80073aba Fehlerbeschreibung: The resource is too old to be compatible. Signaturversion: 1.155.266.0;1.155.266.0 Modulversion: 1.1.9700.0 CodeIntegrity: =================================== Date: 2018-08-03 11:42:33.517 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:31.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:26.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:37:39.892 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-03 11:22:59.575 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:54.841 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:47.622 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:42.906 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 59% Total physical RAM: 8104.27 MB Available physical RAM: 3286.13 MB Total Virtual: 13480.27 MB Available Virtual: 7809.13 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:283.73 GB) (Free:151.47 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:164.36 GB) (Free:98.53 GB) NTFS \\?\Volume{544d8d37-33b0-411c-bcb9-194636f9170a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS \\?\Volume{f521da69-fec1-4e43-a83f-ac8ca729b84c}\ (PBR_DRV) (Fixed) (Total:15.34 GB) (Free:5.69 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================ --- --- --- Additions.TXT [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by popp_000 (04-08-2018 12:15:35) Running from C:\Users\popp_000\Downloads Windows 8.1 (Update) (X64) (2014-02-24 19:54:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-419436004-3641650613-4044294934-500 - Administrator - Disabled) Guest (S-1-5-21-419436004-3641650613-4044294934-501 - Limited - Disabled) popp_000 (S-1-5-21-419436004-3641650613-4044294934-1004 - Limited - Enabled) => C:\Users\popp_000 Rolls (S-1-5-21-419436004-3641650613-4044294934-1001 - Administrator - Enabled) => C:\Users\Rolls ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM-x32\...\{b883705a-0784-4d1e-9766-601e8d66945a}) (Version: 1.2.115.14232 - Avira Operations GmbH & Co. KG) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Dropbox (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.) Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Hidden Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation) Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions) GentiumPlus 1.510 (HKLM-x32\...\GentiumPlus) (Version: - ) GitHub (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.) Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard) HP Support Solutions Framework (HKLM-x32\...\{AAE126B3-95C5-49E1-A590-7B5F6EDC7D60}) (Version: 12.5.32.203 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{CF713F23-4866-4A5D-91CC-A5F42111C82A}) (Version: 12.7.5.9 - Apple Inc.) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) jpgtopdf_setup (HKLM-x32\...\{6C1A8DBD-C0AA-4FD0-93C8-33934FD3F396}) (Version: 1.0.0.1 - jpgtopdf_setup_caudio) Hidden Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.) Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo) Lenovo Motion Control (HKLM-x32\...\{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Hidden Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo) MailStore Home 10.1.2.12457 (HKLM-x32\...\MailStore Home_universal1) (Version: 10.1.2.12457 - MailStore Software GmbH) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 57.0.4 (x64 de) (HKLM\...\Mozilla Firefox 57.0.4 (x64 de)) (Version: 57.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla) Nuance PDF Create 7 (HKLM\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Create 7 (HKLM-x32\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.) ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version: - ) Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Skype Version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated) UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.) vpnui.exe custom database (HKLM\...\{f0fbb653-f915-4899-a129-43562c94b062}.sdb) (Version: - ) Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll -> No File ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers4-x32: [FolderColorize] -> {3443FE61-F294-403D-A4A6-53E034FC9B3F} => C:\Program Files\Folder Colorizer\FolderColorShlExt.dll [2014-01-13] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers1_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DriverEasy Scheduled Scan.job => Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2018-06-27 08:53 - 2018-06-22 21:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll 2018-06-27 08:53 - 2018-06-22 21:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2015-11-22 17:35 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\popp_000\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 62.2.17.60 - 62.2.24.162 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "PDFCreHook" HKLM\...\StartupApproved\Run32: => "PDFProHook" HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "World of Tanks" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "Skype for Desktop" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C3EC1C83-ED75-4491-B69D-9C40FAD13721}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{6FCD0814-38FE-47D2-816C-72C1415D1D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{E620D2F9-0BA9-4DFE-8D6B-9C59F1F71526}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{1077B56E-1938-4248-A619-9B854EE3AFD9}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{AFFD236C-2F03-4514-9493-28D4A9C50B77}] => (Allow) C:\Users\Rolls\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{F288F15D-002F-40A2-A40C-97E28F56AA80}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{AD2DB122-CC56-424D-8E16-AA4AAECF4344}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{3EF055D5-32DE-4CA6-BE7C-F5665694844B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{D21787BE-28FE-4C10-A07A-1CCFE3E7B79D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{FB099CB8-CA09-4117-99D4-B42CDBB28D90}] => (Allow) C:\Users\Rolls\AppData\Local\Viber\Viber.exe FirewallRules: [{965D02E2-997F-4A1B-9984-1738A0E2A113}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{CE0097F9-DC40-4522-87F1-1051989D5C39}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D889966A-1277-4A5D-9DA8-ED3C03A0E9C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BDDE8199-B36C-41F3-AA66-04834F80B129}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CC8120C7-33BE-4EE0-A5D3-2FC1CDB57184}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{FFDB7024-EDC1-4129-AAE2-F6C96C8E383E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{C6053D39-4308-4B42-8A8A-6E2A35310460}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{95CBABA5-8E3D-4A5B-A1B8-03D82509368F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{6266A37E-5C70-40AA-899F-C3525EED13D9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{3AFE67D9-1ACF-4E60-AE30-AEF8B0F6AEEC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{3907E02F-601D-4C7F-B2FA-D854CBCE60F4}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{0B084486-00AB-497C-885E-F03C9EA3A10F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{04F273D0-6AE9-4E96-B78C-3ACFB71DE717}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{C62B610C-F3DB-4EFA-92DC-01B1BDB6CE37}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{E8091B04-83D8-4214-92CC-9E6103FBD59F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{33047F60-F67D-430B-B231-902153223054}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2B912316-B9F7-4E28-9106-2F194B2C3068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8A7C5277-E975-4A7B-A51E-0F21B6A95CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22D86146-2671-4E3D-92CB-8F6C06857C3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8ACE25C7-A358-4542-9ABA-01AD445562AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{2BAD3012-6736-4535-87B5-A0A267A5B46F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{471A0AF8-318E-4228-97DE-AEE58A161E68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{9F29F59E-3EB9-415A-9AAA-8F8ED2C6BB02}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{B23CA18C-2F92-44C0-B9C1-B1EBA20109DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/04/2018 11:17:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 74821703 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 74821703 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/03/2018 11:44:34 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d5c Startzeit: 01d42b0dcbb3b9b0 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: c2926c2b-9701-11e8-8336-fcf8ae81aa91 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (08/03/2018 11:42:02 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (08/03/2018 10:40:27 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/03/2018 10:36:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6a18 Startzeit: 01d42b03eebce287 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 3f7d4b87-96f8-11e8-8334-fcf8ae81aa91 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (08/04/2018 11:08:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY) Description: Für den Miniport "Realtek PCIe GBE Family Controller, {4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}" ist das Ereignis "74" aufgetreten. Error: (08/03/2018 11:43:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "HP Support Solutions Framework Service" wurde nicht richtig gestartet. Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:34:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:34:41 AM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Windows Defender: =================================== Date: 2017-05-04 16:39:21.013 Description: Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Betroffene Signaturen: Aktuell Fehlercode: 0x80073aba Fehlerbeschreibung: The resource is too old to be compatible. Signaturversion: 1.155.266.0;1.155.266.0 Modulversion: 1.1.9700.0 CodeIntegrity: =================================== Date: 2018-08-03 11:42:33.517 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:31.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:26.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:37:39.892 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-03 11:22:59.575 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:54.841 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:47.622 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:42.906 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 59% Total physical RAM: 8104.27 MB Available physical RAM: 3286.13 MB Total Virtual: 13480.27 MB Available Virtual: 7809.13 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:283.73 GB) (Free:151.47 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:164.36 GB) (Free:98.53 GB) NTFS \\?\Volume{544d8d37-33b0-411c-bcb9-194636f9170a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS \\?\Volume{f521da69-fec1-4e43-a83f-ac8ca729b84c}\ (PBR_DRV) (Fixed) (Total:15.34 GB) (Free:5.69 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================ |
04.08.2018, 20:03 | #2 |
| Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Und der letzte AviraScan:
__________________Code:
ATTFilter Free Antivirus Erstellungsdatum der Reportdatei: Samstag, 4. August 2018 12:20 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Free Seriennummer : 0000149996-AVHOE-0000001 Plattform : Windows 8.1 Windowsversion : (plain) [6.3.9600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : ROLLS_PC Versionsinformationen: build.dat : 15.0.36.211 121920 Bytes 28.06.2018 15:34:00 AVSCAN.EXE : 15.0.36.208 1306056 Bytes 11.07.2018 11:55:02 AVSCANRC.DLL : 15.0.36.115 73768 Bytes 02.05.2018 14:30:37 LUKE.DLL : 15.0.36.207 81120 Bytes 11.07.2018 11:55:13 AVSCPLR.DLL : 15.0.36.207 153648 Bytes 11.07.2018 11:55:02 REPAIR.DLL : 15.0.36.208 778752 Bytes 11.07.2018 11:55:01 repair.rdf : 1.0.43.48 1409885 Bytes 03.08.2018 08:39:29 AVREG.DLL : 15.0.36.207 442576 Bytes 11.07.2018 11:55:01 avlode.dll : 15.0.36.208 1017072 Bytes 11.07.2018 11:55:00 avlode.rdf : 14.0.5.154 218943 Bytes 27.07.2018 09:53:31 XBV00004.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00005.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00006.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00007.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00008.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00009.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00010.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00011.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00012.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00013.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00014.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00015.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00016.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00017.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00018.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00019.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00020.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00021.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00022.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00023.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00024.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00025.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00026.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00027.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00028.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:46 XBV00029.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00030.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00031.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00032.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00033.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00034.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00035.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00036.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00037.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00038.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00039.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00040.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00041.VDF : 8.15.0.146 2408 Bytes 10.07.2018 11:55:47 XBV00077.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00078.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00079.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00080.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00081.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00082.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00083.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00084.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00085.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00086.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00087.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00088.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:55 XBV00089.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00090.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00091.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00092.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00093.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00094.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00095.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00096.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00097.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00098.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00099.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00100.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00101.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00102.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00103.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00104.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00105.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00106.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00107.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00108.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00109.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00110.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00111.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00112.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:56 XBV00113.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00114.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00115.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00116.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00117.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00118.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00119.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00120.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00121.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00122.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00123.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00124.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00125.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00126.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00127.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00128.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00129.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00130.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00131.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00132.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00133.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00134.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00135.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00136.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00137.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:57 XBV00138.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00139.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00140.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00141.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00142.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00143.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00144.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00145.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00146.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00147.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00148.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00149.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00150.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00151.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00152.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00153.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00154.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00155.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00156.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00157.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00158.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00159.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00160.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00161.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:58 XBV00162.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00163.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00164.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00165.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00166.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00167.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00168.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00169.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00170.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00171.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00172.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00173.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00174.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00175.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00176.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00177.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00178.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00179.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00180.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00181.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00182.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00183.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00184.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00185.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:01:59 XBV00186.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:00 XBV00187.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:00 XBV00188.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:00 XBV00189.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00190.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00191.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00192.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00193.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00194.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00195.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00196.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00197.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00198.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00199.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00200.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00201.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00202.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00203.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00204.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00205.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00206.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00207.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00208.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00209.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00210.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00211.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00212.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:01 XBV00213.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00214.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00215.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00216.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00217.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00218.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00219.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00220.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00221.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00222.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00223.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00224.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00225.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00226.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00227.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00228.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00229.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00230.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00231.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00232.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00233.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00234.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:02 XBV00235.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00236.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00237.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00238.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00239.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00240.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00241.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00242.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00243.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00244.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00245.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00246.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00247.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00248.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00249.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00250.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00251.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00252.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00253.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00254.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00255.VDF : 8.15.2.90 2408 Bytes 30.07.2018 08:02:03 XBV00000.VDF : 7.15.0.32 43855208 Bytes 10.07.2018 11:55:37 XBV00001.VDF : 8.15.0.146 10104680 Bytes 10.07.2018 11:55:45 XBV00002.VDF : 8.15.1.94 927592 Bytes 19.07.2018 09:13:02 XBV00003.VDF : 8.15.2.90 647528 Bytes 30.07.2018 08:01:53 XBV00042.VDF : 8.15.2.92 51048 Bytes 31.07.2018 08:01:53 XBV00043.VDF : 8.15.2.94 15208 Bytes 31.07.2018 12:02:15 XBV00044.VDF : 8.15.2.96 49512 Bytes 31.07.2018 16:40:18 XBV00045.VDF : 8.15.2.98 20328 Bytes 31.07.2018 18:40:26 XBV00046.VDF : 8.15.2.100 14696 Bytes 31.07.2018 18:40:26 XBV00047.VDF : 8.15.2.102 31080 Bytes 31.07.2018 09:38:26 XBV00048.VDF : 8.15.2.104 60776 Bytes 31.07.2018 09:38:26 XBV00049.VDF : 8.15.2.106 53096 Bytes 01.08.2018 09:38:26 XBV00050.VDF : 8.15.2.108 283496 Bytes 01.08.2018 09:38:27 XBV00051.VDF : 8.15.2.110 8040 Bytes 01.08.2018 11:38:46 XBV00052.VDF : 8.15.2.112 5992 Bytes 01.08.2018 13:38:38 XBV00053.VDF : 8.15.2.114 14696 Bytes 01.08.2018 15:38:33 XBV00054.VDF : 8.15.2.116 8040 Bytes 01.08.2018 15:38:33 XBV00055.VDF : 8.15.2.120 5992 Bytes 01.08.2018 17:38:42 XBV00056.VDF : 8.15.2.122 5480 Bytes 01.08.2018 09:41:57 XBV00057.VDF : 8.15.2.124 2920 Bytes 01.08.2018 09:41:57 XBV00058.VDF : 8.15.2.126 79720 Bytes 01.08.2018 09:41:57 XBV00059.VDF : 8.15.2.128 15720 Bytes 02.08.2018 09:41:57 XBV00060.VDF : 8.15.2.130 6504 Bytes 02.08.2018 09:41:57 XBV00061.VDF : 8.15.2.132 3944 Bytes 02.08.2018 11:41:49 XBV00062.VDF : 8.15.2.134 8040 Bytes 02.08.2018 08:39:30 XBV00063.VDF : 8.15.2.136 10600 Bytes 02.08.2018 08:39:30 XBV00064.VDF : 8.15.2.138 25448 Bytes 02.08.2018 08:39:30 XBV00065.VDF : 8.15.2.140 23400 Bytes 02.08.2018 08:39:30 XBV00066.VDF : 8.15.2.142 5480 Bytes 02.08.2018 08:39:30 XBV00067.VDF : 8.15.2.144 5992 Bytes 02.08.2018 08:39:30 XBV00068.VDF : 8.15.2.146 45416 Bytes 02.08.2018 08:39:30 XBV00069.VDF : 8.15.2.148 54120 Bytes 03.08.2018 08:39:30 XBV00070.VDF : 8.15.2.150 31080 Bytes 03.08.2018 10:38:53 XBV00071.VDF : 8.15.2.152 5480 Bytes 03.08.2018 09:17:56 XBV00072.VDF : 8.15.2.154 7016 Bytes 03.08.2018 09:17:56 XBV00073.VDF : 8.15.2.156 66408 Bytes 03.08.2018 09:17:56 XBV00074.VDF : 8.15.2.158 18280 Bytes 03.08.2018 09:17:56 XBV00075.VDF : 8.15.2.160 23400 Bytes 03.08.2018 09:17:56 XBV00076.VDF : 8.15.2.162 42856 Bytes 04.08.2018 09:17:56 LOCAL001.VDF : 8.15.2.162 58366464 Bytes 04.08.2018 09:18:20 Engineversion : 8.3.52.38 AEBB.DLL : 8.1.3.2 71144 Bytes 27.10.2017 10:46:54 AECORE.DLL : 8.3.16.4 278952 Bytes 15.07.2018 12:54:10 AECRYPTO.DLL : 8.2.1.2 141800 Bytes 05.12.2017 15:31:45 AEDROID.DLL : 8.4.4.12 2805800 Bytes 07.05.2018 14:58:43 AEEMU.DLL : 8.1.3.10 420248 Bytes 27.10.2017 10:46:54 AEEXP.DLL : 8.4.5.4 399464 Bytes 05.04.2018 09:15:39 AEGEN.DLL : 8.1.8.334 707928 Bytes 03.08.2018 08:39:28 AEHELP.DLL : 8.3.3.4 299728 Bytes 07.05.2018 14:58:27 AEHEUR.DLL : 8.1.6.358 11878384 Bytes 26.07.2018 10:37:57 AELIBINF.DLL : 8.2.1.6 79464 Bytes 14.11.2017 16:40:27 AEMOBILE.DLL : 8.1.20.2 362072 Bytes 14.02.2018 13:48:41 AEOFFICE.DLL : 8.4.6.4 707016 Bytes 15.07.2018 12:54:10 AEPACK.DLL : 8.4.3.4 856632 Bytes 04.07.2018 09:14:56 AERDL.DLL : 8.2.2.50 1263912 Bytes 07.12.2017 14:51:42 AESBX.DLL : 8.2.22.16 1667056 Bytes 05.03.2018 13:44:09 AESCN.DLL : 8.3.8.4 158416 Bytes 20.06.2018 09:26:50 AESCRIPT.DLL : 8.3.7.28 1065344 Bytes 03.08.2018 08:39:28 AEVDF.DLL : 8.3.3.6 154264 Bytes 27.10.2017 10:46:56 AVWINLL.DLL : 15.0.36.164 37448 Bytes 13.05.2018 12:32:37 AVPREF.DLL : 15.0.36.164 63920 Bytes 13.05.2018 12:32:40 AVREP.DLL : 15.0.36.164 234888 Bytes 13.05.2018 12:32:40 AVARKT.DLL : 15.0.36.194 241096 Bytes 17.06.2018 12:05:18 SQLITE3.DLL : 15.0.36.164 473256 Bytes 13.05.2018 12:32:50 AVSMTP.DLL : 15.0.36.164 90392 Bytes 13.05.2018 12:32:41 NETNT.DLL : 15.0.36.164 26568 Bytes 13.05.2018 12:32:48 CommonImageRc.dll: 15.0.36.115 4265072 Bytes 02.05.2018 14:30:33 CommonTextRc.dll: 15.0.36.185 83104 Bytes 17.06.2018 12:05:17 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Prüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: Interaktiv Sekundäre Aktion......................: Ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Prüfe alle Dateien....................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Auszulassende Dateien.................: Beginn des Suchlaufs: Samstag, 4. August 2018 12:20 Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'HDD0(C:, D:)' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Bootsektor wurde aufgrund des inkompatiblen Formats nicht gescannt. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'dwm.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '187' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'WLANExt.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '128' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'OfficeClickToRun.exe' - '121' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'dashost.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'EvtEng.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'FCUpdateService.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'HuaweiHiSuiteService64.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'ibtrksrv.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'iSCTAgent.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'PGService.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'RegSrvc.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo64.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'VfConnectorService.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'ZeroConfigService.exe' - '72' Modul(e) wurden durchsucht Durchsuche Prozess 'Avira.ServiceHost.exe' - '99' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhostex.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '263' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'SettingSyncHost.exe' - '122' Modul(e) wurden durchsucht Durchsuche Prozess 'skydrive.exe' - '94' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxtray.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVCpl64.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'OUTLOOK.EXE' - '182' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVBg64.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'RTFTrack.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'Energy Manager.exe' - '72' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '84' Modul(e) wurden durchsucht Durchsuche Prozess 'utility.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'ScanToPCActivationApp.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'iSCTsysTray8.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '192' Modul(e) wurden durchsucht Durchsuche Prozess 'PdfPro7Hook.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'PdfCreate7Hook.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'ONENOTEM.EXE' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'hpwuschd2.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'Avira.Systray.exe' - '117' Modul(e) wurden durchsucht Durchsuche Prozess 'devmonsrv.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'obexsrv.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'HPSupportSolutionsFrameworkService.exe' - '84' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleCrashHandler.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleCrashHandler64.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'IntelMeFWService.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'jhi_service.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'SYNTPHELPER.EXE' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '145' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'FRST64.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'notepad.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '120' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'TrustedInstaller.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'TiWorker.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '15' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '2378' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <Windows8_OS> Cloud SDK Initialisierung und Lizenz überprüfen erfolgreich. Die Datei 'C:\Program Files (x86)\Uninstall Information\103\4143\uninstall.exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = B2183128E1CC3E056202020FED52C607CE16A902103A4F709E189ED65A75A993 Die Datei 'C:\Users\popp_000\AppData\Local\Temp\HW_UTPS_SP_Autorun\HiSuiteDownLoader.exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = CE0E394983B97F542B9E87115714130CD8C5FE7C601E2EA63C9EC2ED480D888E Die Datei 'C:\Users\popp_000\Downloads\Firefox Setup Stub 46.0.1.exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = DA9E3AECD23E2A7C5DD41DD105AD8E980AD70BF239A0910C17DB126E7D353061 Die Datei 'C:\Users\popp_000\Downloads\irfanview_plugins_440_setup (1).exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = 34A30548F0D1EED4EF75D524A1E8D0BC480C9C21D074179C98898BBAEA527ADA Die Datei wurde im Zwischenspeicher in 'C:\Users\popp_000\Downloads\irfanview_plugins_440_setup.exe' gefunden; der Scan Cloud-Sicherheit wurde übersprungen. SHA256 = 34A30548F0D1EED4EF75D524A1E8D0BC480C9C21D074179C98898BBAEA527ADA FP-Server meldet Status "KEIN Fehlalarm" für Datei 'C:\Users\popp_000\Downloads\ViberSetup (1).exe' Die Datei 'C:\Users\popp_000\Downloads\ViberSetup (1).exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = 23709AA5CA9A1A3B9461061AD60F5762856B09F6ECC6A3AFD70F93E94297CF14 C:\Users\popp_000\Downloads\ViberSetup (1).exe [FUND] Enthält Muster der Software PUA/iLivid FP-Server meldet Status "KEIN Fehlalarm" für Datei 'C:\Users\popp_000\Downloads\ViberSetup.exe' Die Datei 'C:\Users\popp_000\Downloads\ViberSetup.exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = 23709AA5CA9A1A3B9461061AD60F5762856B09F6ECC6A3AFD70F93E94297CF14 C:\Users\popp_000\Downloads\ViberSetup.exe [FUND] Enthält Muster der Software PUA/iLivid FP-Server meldet Status "KEIN Fehlalarm" für Datei 'C:\Users\Rolls\AppData\Local\Viber\Uninstall.exe' Die Datei 'C:\Users\Rolls\AppData\Local\Viber\Uninstall.exe' wurde durch Cloud-Sicherheit geprüft. SHA256 = 0CF4CDE078B88D4315CF943FCF296CAA983A0E5415AE86A28A65E4B569D9B792 C:\Users\Rolls\AppData\Local\Viber\Uninstall.exe [FUND] Enthält Muster der Software PUA/SeaSuite FP-Server meldet Status "KEIN Fehlalarm" für Datei 'C:\Windows\Temp\WAX290B.tmp' Die Datei 'C:\Windows\Temp\WAX290B.tmp' wurde zur Cloud-Sicherheit hochgeladen und analysiert. SHA256 = 357B9AAE25FAD2758451BEEB6728DC81993C8F40FF491156158933C02E419314 C:\Windows\Temp\WAX290B.tmp (SHA-256: 0000000000000000000000000000000000000000000000000000000000000000) [FUND] Enthält verdächtigen Code HEUR/APC [INFO] Die Datei 'C:\Windows\Temp\WAX290B.tmp' wurde zur Cloud-Sicherheit hochgeladen und analysiert. Beginne mit der Suche in 'D:\' <LENOVO> Beginne mit der Desinfektion: C:\Windows\Temp\WAX290B.tmp (SHA-256: 0000000000000000000000000000000000000000000000000000000000000000) [FUND] Enthält verdächtigen Code HEUR/APC [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d5972cf.qua' verschoben! C:\Users\Rolls\AppData\Local\Viber\Uninstall.exe [FUND] Enthält Muster der Software PUA/SeaSuite [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '45bd5ea8.qua' verschoben! C:\Users\popp_000\Downloads\ViberSetup.exe [FUND] Enthält Muster der Software PUA/iLivid [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '17eb3b80.qua' verschoben! C:\Users\popp_000\Downloads\ViberSetup (1).exe [FUND] Enthält Muster der Software PUA/iLivid [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '71dc74fe.qua' verschoben! Ende des Suchlaufs: Samstag, 4. August 2018 19:19 Benötigte Zeit: 6:05:37 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 91341 Verzeichnisse wurden überprüft 1627983 Dateien wurden geprüft 4 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 4 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 1627979 Dateien ohne Befall 44658 Archive wurden durchsucht 0 Warnungen 4 Hinweise 2268 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden |
05.08.2018, 19:39 | #3 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.Zitat:
Lesestoff: Google Chrome Offensichtlich nutzt du den Browser Chrome von Google. Von der Verwendung dieses Browsers muss man aus Datenschutzgründen dringend abraten. Siehe auch Google: Chrome-Browser scannt lokale Dateien auf Windows-PCs Installiere Mozilla Firefox, damit lassen sich auch Profildaten aus Chrome importieren, anschließend Google Chrome deinstallieren.
__________________ |
05.08.2018, 19:51 | #4 |
| Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Danke für Deine Antwort und sorry für die nutzlosen logs. Die Chrome-Geschichte kannte ich nicht, überrascht mich aber dann doch, reichlich invasiv. Ich werde das mal recherchieren. Wa waäre eine sichere(re) Alternative? Auf ein Neues: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018 Ran by popp_000 (ATTENTION: The user is not administrator) on ROLLS_PC (05-08-2018 20:43:47) Running from C:\Users\popp_000\Downloads Loaded Profiles: Rolls & popp_000 (Available Profiles: Rolls & popp_000) Platform: Windows 8.1 (Update) (X64) Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> winlogon.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> dwm.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> wlanext.exe Failed to access process -> conhost.exe Failed to access process -> spoolsv.exe Failed to access process -> sched.exe Failed to access process -> svchost.exe Failed to access process -> avguard.exe Failed to access process -> AppleMobileDeviceService.exe Failed to access process -> mDNSResponder.exe Failed to access process -> OfficeClickToRun.exe Failed to access process -> svchost.exe Failed to access process -> dasHost.exe Failed to access process -> EvtEng.exe Failed to access process -> FCUpdateService.exe Failed to access process -> HuaweiHiSuiteService64.exe Failed to access process -> HeciServer.exe Failed to access process -> ibtrksrv.exe Failed to access process -> iSCTAgent.exe Failed to access process -> PGService.exe Failed to access process -> RegSrvc.exe Failed to access process -> RichVideo64.exe Failed to access process -> svchost.exe Failed to access process -> VfConnectorService.exe Failed to access process -> ZeroConfigService.exe Failed to access process -> Avira.ServiceHost.exe Failed to access process -> unsecapp.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> avshadow.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Failed to access process -> SearchIndexer.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe Failed to access process -> devmonsrv.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe Failed to access process -> obexsrv.exe (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe Failed to access process -> IAStorDataMgrSvc.exe Failed to access process -> GoogleCrashHandler.exe Failed to access process -> GoogleCrashHandler64.exe Failed to access process -> IntelMeFWService.exe Failed to access process -> jhi_service.exe Failed to access process -> LMS.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe Failed to access process -> wmpnetwk.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Failed to access process -> dllhost.exe Failed to access process -> SearchProtocolHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor) HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-01-20] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-01-20] (Lenovo(beijing) Limited) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.) HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [1775464 2011-10-24] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFCreHook] => C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [1771368 2011-10-24] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.) HKLM-x32\...\Run: [Nuance PDF Create 7-reminder] => "C:\Program Files (x86)\Nuance\PDFCreate\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Create 7\Ereg\Ereg.ini" HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6574-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6629-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-01-20] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-08-02] ShortcutTarget: Dropbox.lnk -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-31] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 Tcpip\..\Interfaces\{4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}: [DhcpNameServer] 129.132.98.12 129.132.250.2 Tcpip\..\Interfaces\{A18FC3BF-B907-4373-9D7F-2A14F0C58609}: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 Tcpip\..\Interfaces\{E9525CEC-B32C-409E-B026-B233ABEF911C}: [DhcpNameServer] 129.132.98.12 129.132.250.2 Internet Explorer: ================== HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com URLSearchHook: [S-1-5-21-419436004-3641650613-4044294934-1001] ATTENTION => Default URLSearchHook is missing SearchScopes: HKU\.DEFAULT -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\.DEFAULT -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-01] (Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation) BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation) Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File FireFox: ======== FF DefaultProfile: o2okhndp.default FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Zotero\Zotero\Profiles\tco359nz.default [2016-06-17] FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2016-06-07] [Legacy] [not signed] FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2016-06-07] [Legacy] [not signed] FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Mozilla\Firefox\Profiles\o2okhndp.default [2018-05-16] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll [2011-02-16] (Zeon Corporation) FF Plugin HKU\S-1-5-21-419436004-3641650613-4044294934-1004: pokki.com/PokkiDownloadHelper -> C:\Users\popp_000\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://duckduckgo.com/ CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default [2018-08-05] CHR Extension: (Docs) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15] CHR Extension: (Google Drive) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03] CHR Extension: (uBlock Origin) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-18] CHR Extension: (Google-Suche) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04] CHR Extension: (Session Buddy) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-30] CHR Extension: (Zotero Connector) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2018-06-05] CHR Extension: (Google Docs Offline) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Google Mail) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02] CHR Extension: (Chrome Media Router) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-05] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [880040 2018-07-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164808 2018-07-11] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-04] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 lmhosts; C:\windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 lmhosts; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] () R2 NlaSvc; C:\windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 NlaSvc; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) R2 nsi; C:\windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 nsi; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-08] (PointGrab LTD) S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-08] (PointGrab LTD) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] () R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-01-20] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [179376 2018-07-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169864 2018-07-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-22] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-22] (Avira Operations GmbH & Co. KG) R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.) S3 ew_usbccgpfilter; C:\windows\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.) R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation) R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] () R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] () R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] () R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation) S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] () S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.) R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated) S1 vflt; C:\windows\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed] S3 vnet; C:\windows\system32\DRIVERS\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed] S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-05 18:36 - 2018-08-05 18:36 - 001138176 _____ C:\Users\popp_000\Desktop\Arbeitsbemühungen Juli.msg 2018-08-05 18:18 - 2018-08-05 18:18 - 000845448 _____ C:\Users\popp_000\Downloads\SCLiteFix_299026.exe 2018-08-05 18:18 - 2018-08-05 18:18 - 000000000 ____D C:\Users\Rolls\Documents\HpReg_Backup 2018-08-05 18:01 - 2018-08-05 18:01 - 000002231 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk 2018-08-05 18:01 - 2018-08-05 18:01 - 000001183 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk 2018-08-05 18:01 - 2018-08-05 18:01 - 000000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk 2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\ProgramData\HP 2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\Program Files (x86)\HP 2018-08-05 18:01 - 2012-10-17 04:31 - 000741480 ____N (Hewlett-Packard Co.) C:\windows\system32\HPDiscoPM5912.dll 2018-08-05 18:00 - 2018-08-05 18:00 - 000000000 ____D C:\Users\Rolls\AppData\Local\HP 2018-08-05 17:55 - 2018-08-05 17:57 - 140667048 _____ C:\Users\Rolls\Downloads\OJ8600_Full_WebPack_28.0.1315_2.exe 2018-08-04 12:15 - 2018-08-04 12:17 - 000033981 _____ C:\Users\popp_000\Downloads\Addition.txt 2018-08-04 12:12 - 2018-08-05 20:44 - 000026482 _____ C:\Users\popp_000\Downloads\FRST.txt 2018-08-04 12:12 - 2018-08-05 20:43 - 000000000 ____D C:\FRST 2018-08-04 12:11 - 2018-08-04 12:11 - 002412544 _____ (Farbar) C:\Users\popp_000\Downloads\FRST64.exe 2018-08-03 11:44 - 2018-08-03 11:44 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2 (1).exe 2018-08-03 11:28 - 2018-08-03 11:32 - 000000000 ____D C:\AdwCleaner 2018-08-03 11:28 - 2018-08-03 11:28 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2.exe 2018-08-03 11:01 - 2018-08-03 11:01 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-08-03 11:01 - 2018-08-03 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2018-08-03 10:35 - 2018-08-03 10:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2018-08-03 10:35 - 2018-08-03 10:35 - 000002237 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2018-08-02 12:05 - 2018-08-02 12:05 - 001318374 _____ C:\Users\popp_000\Downloads\foreignpolicy.com-Why I Didnt Sign Up to Defend the International Order.pdf 2018-08-02 11:33 - 2018-08-02 11:33 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-07-31 13:47 - 2018-03-27 01:24 - 000029352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll 2018-07-31 13:47 - 2018-03-27 01:24 - 000019088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll 2018-07-31 13:47 - 2018-03-27 01:17 - 000030888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll 2018-07-31 13:47 - 2018-03-27 01:17 - 000019088 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll 2018-07-30 13:38 - 2018-07-30 13:38 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-07-30 13:22 - 2018-07-30 13:22 - 001540104 _____ (CHIP Digital GmbH) C:\Users\popp_000\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe 2018-07-25 17:19 - 2018-07-25 17:19 - 000158109 _____ C:\Users\popp_000\Desktop\Bell_QuestioningGlobalTurn_2014.pdf 2018-07-25 17:19 - 2018-07-25 17:19 - 000065607 _____ C:\Users\popp_000\Desktop\Burton_MethodScaleWH_2007.pdf 2018-07-25 17:17 - 2018-07-25 17:17 - 000131170 _____ C:\Users\popp_000\Desktop\Tsing_EconomyAppearances_2000.pdf 2018-07-24 20:33 - 2018-07-24 20:33 - 002092858 _____ C:\Users\popp_000\Desktop\Tsing_GlobalSituation_2000.pdf 2018-07-23 19:48 - 2018-07-23 19:48 - 000055476 _____ C:\Users\popp_000\Desktop\GoodeRevonCollier_2018.pdf 2018-07-23 19:45 - 2018-07-23 19:45 - 001227292 _____ C:\Users\popp_000\Desktop\Rovner_LongWarEast_2018.pdf 2018-07-23 19:44 - 2018-07-23 19:44 - 000985481 _____ C:\Users\popp_000\Desktop\Kroenig_D&STRT_NucleNonprolif_2018.pdf 2018-07-23 19:22 - 2018-07-23 19:22 - 000282576 _____ C:\Users\popp_000\Desktop\Porter_HabitUSGrandStrategy_2018.pdf 2018-07-23 19:19 - 2018-07-23 19:19 - 000176411 _____ C:\Users\popp_000\Desktop\VielhaberBleek_ShadoiwwarsReview_2012.pdf 2018-07-23 19:06 - 2018-07-23 19:06 - 000527232 _____ C:\Users\popp_000\Desktop\MillerVolpe_SaudiNukes_2018.pdf 2018-07-23 19:06 - 2018-07-23 19:06 - 000417636 _____ C:\Users\popp_000\Desktop\Nephew_SanctionsRelief_2018.pdf 2018-07-23 19:04 - 2018-07-23 19:04 - 000501283 _____ C:\Users\popp_000\Desktop\Glaser_IllusionofAmericDecline_2018.pdf 2018-07-22 11:57 - 2018-07-22 11:57 - 000001333 _____ C:\Users\Public\Desktop\Skype.lnk 2018-07-22 11:57 - 2018-07-22 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-07-16 19:25 - 2018-07-16 19:25 - 000060349 _____ C:\Users\popp_000\Downloads\CAE17-09 Additional Information.pdf 2018-07-16 10:41 - 2018-07-16 10:41 - 000041845 _____ C:\Users\popp_000\Downloads\Buchungsdetail 20180716104127.pdf 2018-07-15 13:07 - 2018-06-29 00:07 - 000835064 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2018-07-15 13:07 - 2018-06-29 00:07 - 000179704 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-07-14 06:45 - 2018-07-14 06:52 - 000385911 _____ C:\Users\popp_000\Desktop\Passport.pdf 2018-07-12 11:17 - 2018-07-12 11:17 - 000001147 _____ C:\Users\Public\Desktop\Avira.lnk 2018-07-12 10:19 - 2018-06-20 22:01 - 007398232 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2018-07-12 10:19 - 2018-06-20 21:44 - 001676064 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2018-07-12 10:19 - 2018-06-20 21:44 - 001536120 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2018-07-12 10:19 - 2018-06-20 20:48 - 000095744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys 2018-07-12 10:19 - 2018-06-20 20:48 - 000027136 ____C (Microsoft Corporation) C:\windows\system32\Drivers\fxppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000092672 ____C (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys 2018-07-12 10:19 - 2018-06-15 05:01 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2018-07-12 10:19 - 2018-06-12 10:00 - 022374248 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2018-07-12 10:19 - 2018-06-12 09:57 - 019790760 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2018-07-12 10:19 - 2018-06-11 18:55 - 025744896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2018-07-12 10:19 - 2018-06-11 18:36 - 003119616 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll 2018-07-12 10:19 - 2018-06-11 18:14 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2018-07-12 10:19 - 2018-06-11 18:06 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2018-07-12 10:19 - 2018-06-11 18:04 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2018-07-12 10:19 - 2018-06-11 17:39 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2018-07-12 10:19 - 2018-06-11 17:36 - 015283200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2018-07-12 10:19 - 2018-06-11 17:31 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2018-07-12 10:19 - 2018-06-11 17:22 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2018-07-12 10:19 - 2018-06-11 17:11 - 001545216 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2018-07-12 10:19 - 2018-06-11 16:59 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2018-07-12 10:19 - 2018-06-09 18:40 - 020286976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2018-07-12 10:19 - 2018-06-09 18:26 - 002712064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll 2018-07-12 10:19 - 2018-06-09 18:09 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2018-07-12 10:19 - 2018-06-09 17:59 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2018-07-12 10:19 - 2018-06-09 17:37 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2018-07-12 10:19 - 2018-06-09 17:37 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2018-07-12 10:19 - 2018-06-09 17:36 - 013680128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2018-07-12 10:19 - 2018-06-09 17:32 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2018-07-12 10:19 - 2018-06-09 17:11 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2018-07-12 10:19 - 2018-06-09 17:08 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2018-07-12 10:19 - 2018-06-09 17:06 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2018-07-12 10:19 - 2018-06-09 04:47 - 002176072 _____ (Microsoft Corporation) C:\windows\system32\combase.dll 2018-07-12 10:19 - 2018-06-09 03:44 - 001565528 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll 2018-07-12 10:19 - 2018-06-08 20:26 - 000440832 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll 2018-07-12 10:19 - 2018-06-08 19:54 - 000656384 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll 2018-07-12 10:19 - 2018-06-08 19:53 - 000252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll 2018-07-12 10:19 - 2018-06-08 19:07 - 000404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll 2018-07-12 10:19 - 2018-06-08 18:44 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll 2018-07-12 10:19 - 2018-06-07 20:51 - 000074240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys 2018-07-12 10:19 - 2018-05-24 23:29 - 002449752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2018-07-12 10:19 - 2018-05-24 23:29 - 000428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS 2018-07-12 10:19 - 2018-05-15 10:42 - 000590680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2018-07-12 10:19 - 2018-05-04 01:02 - 000439640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2018-07-12 10:19 - 2018-05-04 01:02 - 000325456 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2018-07-12 10:19 - 2018-05-04 01:02 - 000187728 ____C (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS 2018-07-12 10:19 - 2018-04-26 15:43 - 000918296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000065880 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000021848 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000018776 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000015704 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000015192 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000013656 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000013152 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000998912 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000063832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000020824 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000019288 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000016216 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000015704 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000014168 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000013656 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012632 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2018-07-12 10:19 - 2018-04-25 19:38 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2018-07-12 10:02 - 2018-06-12 21:01 - 000149632 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe 2018-07-12 10:02 - 2018-06-08 15:15 - 002860032 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2018-07-12 10:02 - 2018-06-08 15:15 - 001602048 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000783872 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000612352 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000470016 _____ (Microsoft Corporation) C:\windows\system32\centel.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000443392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000301056 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000246272 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2018-07-11 13:58 - 2018-07-11 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2018-07-09 17:51 - 2018-07-09 17:51 - 000111660 _____ C:\Users\popp_000\Downloads\RAC 15-148.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-05 20:12 - 2015-06-19 15:42 - 000001254 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job 2018-08-05 18:22 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness 2018-08-05 18:17 - 2014-03-04 14:56 - 000000000 ____D C:\Users\popp_000\AppData\Local\Packages 2018-08-05 18:10 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-08-05 18:08 - 2014-03-04 14:59 - 000000000 ___DO C:\Users\popp_000\SkyDrive 2018-08-05 18:04 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2018-08-05 18:04 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf 2018-08-05 18:03 - 2014-01-20 08:43 - 000027136 _____ C:\windows\system32\VfService.trf 2018-08-05 18:00 - 2014-02-24 22:06 - 000000000 ____D C:\Users\Rolls\AppData\Local\Google 2018-08-05 17:53 - 2014-01-20 08:43 - 000000000 ____D C:\Program Files\Lenovo 2018-08-05 17:53 - 2014-01-20 08:13 - 000000000 ____D C:\ProgramData\Package Cache 2018-08-04 19:17 - 2014-03-26 05:20 - 000000000 ____D C:\Users\Rolls\AppData\Local\Viber 2018-08-04 18:28 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache 2018-08-04 12:12 - 2015-06-19 15:42 - 000001202 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job 2018-08-04 11:30 - 2017-09-16 11:44 - 000007594 _____ C:\Users\Rolls\AppData\Local\Resmon.ResmonCfg 2018-08-04 11:30 - 2014-02-24 22:06 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-04 11:30 - 2014-02-24 22:06 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-03 11:05 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-08-03 11:01 - 2017-05-02 11:20 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-08-03 10:59 - 2014-01-20 08:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-08-03 10:54 - 2013-08-22 17:36 - 000000000 ____D C:\windows\tracing 2018-08-03 10:34 - 2014-02-24 22:06 - 000000000 ____D C:\Program Files (x86)\Google 2018-08-02 11:34 - 2014-03-04 15:59 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Dropbox 2018-08-01 11:33 - 2014-01-20 08:31 - 000157476 _____ C:\windows\system32\perfc00C.dat 2018-08-01 11:33 - 2014-01-20 08:31 - 000081754 _____ C:\windows\system32\perfh00C.dat 2018-08-01 11:33 - 2014-01-20 08:26 - 000761160 _____ C:\windows\system32\perfh007.dat 2018-08-01 11:33 - 2014-01-20 08:26 - 000157652 _____ C:\windows\system32\perfc007.dat 2018-08-01 11:33 - 2013-10-07 20:27 - 002015868 _____ C:\windows\system32\PerfStringBackup.INI 2018-07-31 13:59 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp 2018-07-30 17:51 - 2014-03-04 16:03 - 000000000 ___RD C:\Users\popp_000\Dropbox 2018-07-30 11:39 - 2013-08-22 17:36 - 000000000 ____D C:\windows\LiveKernelReports 2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\ProgramData\Garmin 2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\Program Files (x86)\Garmin 2018-07-25 17:59 - 2014-03-04 22:53 - 000000000 ____D C:\Users\popp_000\AppData\Local\CrashDumps 2018-07-24 21:31 - 2017-11-17 11:34 - 000000000 ____D C:\Users\popp_000\Desktop\LATER 2018-07-24 16:36 - 2018-05-07 11:13 - 001091675 _____ C:\Users\popp_000\Desktop\Kennedy_WoodrowWWI_2018.pdf 2018-07-22 11:57 - 2016-01-24 17:30 - 000000000 ___RD C:\Program Files (x86)\Skype 2018-07-22 11:57 - 2014-03-25 21:31 - 000000000 ____D C:\ProgramData\Skype 2018-07-22 11:55 - 2014-03-25 21:31 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Skype 2018-07-18 22:51 - 2017-05-02 11:26 - 000002377 _____ C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2018-07-15 13:23 - 2014-01-20 08:44 - 000000000 ____D C:\ProgramData\Energy Manager 2018-07-15 13:04 - 2013-08-22 16:44 - 000500816 _____ C:\windows\system32\FNTCACHE.DAT 2018-07-15 12:58 - 2015-04-18 18:10 - 000000000 ____D C:\windows\system32\appraiser 2018-07-15 12:58 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData 2018-07-15 12:57 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\NDF 2018-07-12 15:38 - 2014-03-04 15:58 - 000000000 ____D C:\windows\system32\MRT 2018-07-12 15:31 - 2014-03-04 15:58 - 134675576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe 2018-07-12 09:52 - 2018-05-09 10:30 - 000685568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2018-07-11 13:55 - 2014-02-24 22:16 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2018-07-11 13:55 - 2014-02-24 22:16 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2018-07-10 17:05 - 2014-03-04 14:56 - 000000000 ____D C:\Users\popp_000\AppData\Local\VirtualStore 2018-07-09 16:52 - 2015-11-09 17:52 - 000000424 _____ C:\windows\Tasks\DriverEasy Scheduled Scan.job Some files in TEMP: ==================== 2018-08-05 17:38 - 2016-12-06 21:39 - 000050720 _____ (HP Inc.) C:\Users\popp_000\AppData\Local\Temp\ACLMInstaller.exe 2014-03-04 14:58 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\popp_000\AppData\Local\Temp\avgnt.exe 2014-02-24 22:16 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\Rolls\AppData\Local\Temp\avgnt.exe 2015-11-09 17:47 - 2015-11-09 17:47 - 064809432 _____ (SweetLabs,Inc.) C:\Users\Rolls\AppData\Local\Temp\oct5CEE.tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================ |
05.08.2018, 19:52 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Lesestoff bitte richtig lesen. Und die anderen Instruktionen auch mal richtig umsetzen! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
05.08.2018, 19:53 | #6 |
| Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Und Addition.txt. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by popp_000 (05-08-2018 20:46:09) Running from C:\Users\popp_000\Downloads Windows 8.1 (Update) (X64) (2014-02-24 19:54:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-419436004-3641650613-4044294934-500 - Administrator - Disabled) Guest (S-1-5-21-419436004-3641650613-4044294934-501 - Limited - Disabled) popp_000 (S-1-5-21-419436004-3641650613-4044294934-1004 - Administrator - Enabled) => C:\Users\popp_000 Rolls (S-1-5-21-419436004-3641650613-4044294934-1001 - Administrator - Enabled) => C:\Users\Rolls ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Dropbox (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.) Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Hidden Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation) Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions) GentiumPlus 1.510 (HKLM-x32\...\GentiumPlus) (Version: - ) GitHub (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.) Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) HP Officejet Pro 8600 Basic Device Software (HKLM\...\{77d93eea-f5c2-4db5-9c2d-25bc5a2e0ec9}) (Version: 28.0.1316.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{CF713F23-4866-4A5D-91CC-A5F42111C82A}) (Version: 12.7.5.9 - Apple Inc.) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) jpgtopdf_setup (HKLM-x32\...\{6C1A8DBD-C0AA-4FD0-93C8-33934FD3F396}) (Version: 1.0.0.1 - jpgtopdf_setup_caudio) Hidden Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.) Lenovo Motion Control (HKLM-x32\...\{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Hidden Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo) MailStore Home 10.1.2.12457 (HKLM-x32\...\MailStore Home_universal1) (Version: 10.1.2.12457 - MailStore Software GmbH) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 57.0.4 (x64 de) (HKLM\...\Mozilla Firefox 57.0.4 (x64 de)) (Version: 57.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla) Nuance PDF Create 7 (HKLM\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Create 7 (HKLM-x32\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.) ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version: - ) Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Skype Version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated) UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.) vpnui.exe custom database (HKLM\...\{f0fbb653-f915-4899-a129-43562c94b062}.sdb) (Version: - ) Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll -> No File ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers4-x32: [FolderColorize] -> {3443FE61-F294-403D-A4A6-53E034FC9B3F} => C:\Program Files\Folder Colorizer\FolderColorShlExt.dll [2014-01-13] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers1_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DriverEasy Scheduled Scan.job => Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-08-04 11:30 - 2018-07-31 01:32 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libglesv2.dll 2018-08-04 11:30 - 2018-07-31 01:32 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libegl.dll 2014-03-04 22:09 - 2014-06-25 17:57 - 037318720 _____ () C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2015-11-22 17:35 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\popp_000\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 62.2.17.60 - 62.2.24.162 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "PDFCreHook" HKLM\...\StartupApproved\Run32: => "PDFProHook" HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "World of Tanks" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "Skype for Desktop" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C3EC1C83-ED75-4491-B69D-9C40FAD13721}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{6FCD0814-38FE-47D2-816C-72C1415D1D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{E620D2F9-0BA9-4DFE-8D6B-9C59F1F71526}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{1077B56E-1938-4248-A619-9B854EE3AFD9}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{AFFD236C-2F03-4514-9493-28D4A9C50B77}] => (Allow) C:\Users\Rolls\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{F288F15D-002F-40A2-A40C-97E28F56AA80}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{AD2DB122-CC56-424D-8E16-AA4AAECF4344}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{3EF055D5-32DE-4CA6-BE7C-F5665694844B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{D21787BE-28FE-4C10-A07A-1CCFE3E7B79D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{FB099CB8-CA09-4117-99D4-B42CDBB28D90}] => (Allow) C:\Users\Rolls\AppData\Local\Viber\Viber.exe FirewallRules: [{965D02E2-997F-4A1B-9984-1738A0E2A113}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{CE0097F9-DC40-4522-87F1-1051989D5C39}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D889966A-1277-4A5D-9DA8-ED3C03A0E9C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BDDE8199-B36C-41F3-AA66-04834F80B129}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3907E02F-601D-4C7F-B2FA-D854CBCE60F4}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{0B084486-00AB-497C-885E-F03C9EA3A10F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{04F273D0-6AE9-4E96-B78C-3ACFB71DE717}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{C62B610C-F3DB-4EFA-92DC-01B1BDB6CE37}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{E8091B04-83D8-4214-92CC-9E6103FBD59F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{33047F60-F67D-430B-B231-902153223054}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2B912316-B9F7-4E28-9106-2F194B2C3068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8A7C5277-E975-4A7B-A51E-0F21B6A95CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22D86146-2671-4E3D-92CB-8F6C06857C3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8ACE25C7-A358-4542-9ABA-01AD445562AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{2BAD3012-6736-4535-87B5-A0A267A5B46F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{471A0AF8-318E-4228-97DE-AEE58A161E68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{9F29F59E-3EB9-415A-9AAA-8F8ED2C6BB02}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{B23CA18C-2F92-44C0-B9C1-B1EBA20109DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{58B67CA2-55C1-4E7C-A94C-E5EE6356A156}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{482ACE75-C913-4551-9331-C71867CD1F66}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{51BDC310-D994-4A47-8101-79384BB345A0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{C86843FA-327B-4DE6-90BE-74CCD769C022}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{38384A8F-9AE9-4016-BC0A-47E96E1FDBC9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{C1248B25-D45A-4C8E-916C-9BA0E641D10A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/05/2018 05:36:21 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ROLLS_PC) Description: Die Anwendung oder der Dienst "ScanToPCActivationApp" konnte nicht heruntergefahren werden. Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15222516 Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15222516 Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/05/2018 10:43:39 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/04/2018 11:17:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 74821703 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 74821703 System errors: ============= Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/04/2018 11:08:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY) Description: Für den Miniport "Realtek PCIe GBE Family Controller, {4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}" ist das Ereignis "74" aufgetreten. Error: (08/03/2018 11:43:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "HP Support Solutions Framework Service" wurde nicht richtig gestartet. Windows Defender: =================================== Date: 2017-05-04 16:39:21.013 Description: Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Betroffene Signaturen: Aktuell Fehlercode: 0x80073aba Fehlerbeschreibung: The resource is too old to be compatible. Signaturversion: 1.155.266.0;1.155.266.0 Modulversion: 1.1.9700.0 CodeIntegrity: =================================== Date: 2018-08-05 18:04:32.203 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-05 17:49:44.141 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-05 17:10:27.313 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-03 11:42:33.517 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:31.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:26.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:37:39.892 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-03 11:22:59.575 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 52% Total physical RAM: 8104.27 MB Available physical RAM: 3873.05 MB Total Virtual: 13480.27 MB Available Virtual: 8181.57 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:283.73 GB) (Free:148.32 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:164.36 GB) (Free:98.53 GB) NTFS \\?\Volume{544d8d37-33b0-411c-bcb9-194636f9170a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS \\?\Volume{f521da69-fec1-4e43-a83f-ac8ca729b84c}\ (PBR_DRV) (Fixed) (Total:15.34 GB) (Free:5.69 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================ |
05.08.2018, 20:06 | #7 |
| Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Sorry. Merkwürdig, hatte ich ja umgestellt, dachte ich? Also weiterer Versuch. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018 Ran by popp_000 (administrator) on ROLLS_PC (05-08-2018 21:01:02) Running from C:\Users\popp_000\Downloads Loaded Profiles: popp_000 (Available Profiles: Rolls & popp_000) Platform: Windows 8.1 (Update) (X64) Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor) HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-01-20] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-01-20] (Lenovo(beijing) Limited) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.) HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [1775464 2011-10-24] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFCreHook] => C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [1771368 2011-10-24] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.) HKLM-x32\...\Run: [Nuance PDF Create 7-reminder] => "C:\Program Files (x86)\Nuance\PDFCreate\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Create 7\Ereg\Ereg.ini" HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6574-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6629-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-01-20] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-08-02] ShortcutTarget: Dropbox.lnk -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-31] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 Tcpip\..\Interfaces\{4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}: [DhcpNameServer] 129.132.98.12 129.132.250.2 Tcpip\..\Interfaces\{A18FC3BF-B907-4373-9D7F-2A14F0C58609}: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 Tcpip\..\Interfaces\{E9525CEC-B32C-409E-B026-B233ABEF911C}: [DhcpNameServer] 129.132.98.12 129.132.250.2 Internet Explorer: ================== HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\.DEFAULT -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-01] (Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation) BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation) Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File FireFox: ======== FF DefaultProfile: o2okhndp.default FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Zotero\Zotero\Profiles\tco359nz.default [2016-06-17] FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2016-06-07] [Legacy] [not signed] FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2016-06-07] [Legacy] [not signed] FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Mozilla\Firefox\Profiles\o2okhndp.default [2018-05-16] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll [2011-02-16] (Zeon Corporation) FF Plugin HKU\S-1-5-21-419436004-3641650613-4044294934-1004: pokki.com/PokkiDownloadHelper -> C:\Users\popp_000\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://duckduckgo.com/ CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default [2018-08-05] CHR Extension: (Docs) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15] CHR Extension: (Google Drive) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03] CHR Extension: (uBlock Origin) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-18] CHR Extension: (Google-Suche) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04] CHR Extension: (Session Buddy) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-30] CHR Extension: (Zotero Connector) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2018-06-05] CHR Extension: (Google Docs Offline) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Google Mail) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02] CHR Extension: (Chrome Media Router) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-05] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [880040 2018-07-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164808 2018-07-11] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-04] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] () R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-08] (PointGrab LTD) S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-08] (PointGrab LTD) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] () R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-01-20] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [179376 2018-07-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169864 2018-07-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-22] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-22] (Avira Operations GmbH & Co. KG) R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.) S3 ew_usbccgpfilter; C:\windows\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.) R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation) R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] () R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] () R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] () R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation) S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] () S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.) R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated) S1 vflt; C:\windows\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed] S3 vnet; C:\windows\system32\DRIVERS\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed] S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-05 18:18 - 2018-08-05 18:18 - 000845448 _____ C:\Users\popp_000\Downloads\SCLiteFix_299026.exe 2018-08-05 18:18 - 2018-08-05 18:18 - 000000000 ____D C:\Users\Rolls\Documents\HpReg_Backup 2018-08-05 18:02 - 2018-08-05 18:02 - 000002900 _____ C:\windows\System32\Tasks\Toolbox.exe_{7CE34131-9F3C-48E6-A2A7-95C2FD7A9928} 2018-08-05 18:01 - 2018-08-05 18:01 - 000002231 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk 2018-08-05 18:01 - 2018-08-05 18:01 - 000001183 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk 2018-08-05 18:01 - 2018-08-05 18:01 - 000000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk 2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\ProgramData\HP 2018-08-05 18:01 - 2018-08-05 18:01 - 000000000 ____D C:\Program Files (x86)\HP 2018-08-05 18:01 - 2012-10-17 04:31 - 000741480 ____N (Hewlett-Packard Co.) C:\windows\system32\HPDiscoPM5912.dll 2018-08-05 18:00 - 2018-08-05 18:00 - 000000000 ____D C:\Users\Rolls\AppData\Local\HP 2018-08-05 17:55 - 2018-08-05 17:57 - 140667048 _____ C:\Users\Rolls\Downloads\OJ8600_Full_WebPack_28.0.1315_2.exe 2018-08-04 12:15 - 2018-08-05 20:47 - 000032726 _____ C:\Users\popp_000\Downloads\Addition.txt 2018-08-04 12:12 - 2018-08-05 21:01 - 000025443 _____ C:\Users\popp_000\Downloads\FRST.txt 2018-08-04 12:12 - 2018-08-05 21:01 - 000000000 ____D C:\FRST 2018-08-04 12:11 - 2018-08-04 12:11 - 002412544 _____ (Farbar) C:\Users\popp_000\Downloads\FRST64.exe 2018-08-03 11:44 - 2018-08-03 11:44 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2 (1).exe 2018-08-03 11:28 - 2018-08-03 11:32 - 000000000 ____D C:\AdwCleaner 2018-08-03 11:28 - 2018-08-03 11:28 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2.exe 2018-08-03 11:01 - 2018-08-03 11:01 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-08-03 11:01 - 2018-08-03 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2018-08-03 10:35 - 2018-08-03 10:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2018-08-03 10:35 - 2018-08-03 10:35 - 000002237 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2018-08-02 12:05 - 2018-08-02 12:05 - 001318374 _____ C:\Users\popp_000\Downloads\foreignpolicy.com-Why I Didnt Sign Up to Defend the International Order.pdf 2018-08-02 11:33 - 2018-08-02 11:33 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-07-31 13:47 - 2018-03-27 01:24 - 000029352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll 2018-07-31 13:47 - 2018-03-27 01:24 - 000019088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll 2018-07-31 13:47 - 2018-03-27 01:17 - 000030888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll 2018-07-31 13:47 - 2018-03-27 01:17 - 000019088 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll 2018-07-30 13:38 - 2018-07-30 13:38 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-07-30 13:22 - 2018-07-30 13:22 - 001540104 _____ (CHIP Digital GmbH) C:\Users\popp_000\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe 2018-07-25 17:19 - 2018-07-25 17:19 - 000158109 _____ C:\Users\popp_000\Desktop\Bell_QuestioningGlobalTurn_2014.pdf 2018-07-25 17:19 - 2018-07-25 17:19 - 000065607 _____ C:\Users\popp_000\Desktop\Burton_MethodScaleWH_2007.pdf 2018-07-25 17:17 - 2018-07-25 17:17 - 000131170 _____ C:\Users\popp_000\Desktop\Tsing_EconomyAppearances_2000.pdf 2018-07-24 20:33 - 2018-07-24 20:33 - 002092858 _____ C:\Users\popp_000\Desktop\Tsing_GlobalSituation_2000.pdf 2018-07-23 19:48 - 2018-07-23 19:48 - 000055476 _____ C:\Users\popp_000\Desktop\GoodeRevonCollier_2018.pdf 2018-07-23 19:45 - 2018-07-23 19:45 - 001227292 _____ C:\Users\popp_000\Desktop\Rovner_LongWarEast_2018.pdf 2018-07-23 19:44 - 2018-07-23 19:44 - 000985481 _____ C:\Users\popp_000\Desktop\Kroenig_D&STRT_NucleNonprolif_2018.pdf 2018-07-23 19:22 - 2018-07-23 19:22 - 000282576 _____ C:\Users\popp_000\Desktop\Porter_HabitUSGrandStrategy_2018.pdf 2018-07-23 19:19 - 2018-07-23 19:19 - 000176411 _____ C:\Users\popp_000\Desktop\VielhaberBleek_ShadoiwwarsReview_2012.pdf 2018-07-23 19:06 - 2018-07-23 19:06 - 000527232 _____ C:\Users\popp_000\Desktop\MillerVolpe_SaudiNukes_2018.pdf 2018-07-23 19:06 - 2018-07-23 19:06 - 000417636 _____ C:\Users\popp_000\Desktop\Nephew_SanctionsRelief_2018.pdf 2018-07-23 19:04 - 2018-07-23 19:04 - 000501283 _____ C:\Users\popp_000\Desktop\Glaser_IllusionofAmericDecline_2018.pdf 2018-07-22 11:57 - 2018-07-22 11:57 - 000001333 _____ C:\Users\Public\Desktop\Skype.lnk 2018-07-22 11:57 - 2018-07-22 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-07-16 19:25 - 2018-07-16 19:25 - 000060349 _____ C:\Users\popp_000\Downloads\CAE17-09 Additional Information.pdf 2018-07-16 10:41 - 2018-07-16 10:41 - 000041845 _____ C:\Users\popp_000\Downloads\Buchungsdetail 20180716104127.pdf 2018-07-15 13:07 - 2018-06-29 00:07 - 000835064 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2018-07-15 13:07 - 2018-06-29 00:07 - 000179704 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-07-14 06:45 - 2018-07-14 06:52 - 000385911 _____ C:\Users\popp_000\Desktop\Passport.pdf 2018-07-12 11:17 - 2018-07-12 11:17 - 000001147 _____ C:\Users\Public\Desktop\Avira.lnk 2018-07-12 10:19 - 2018-06-20 22:01 - 007398232 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2018-07-12 10:19 - 2018-06-20 21:44 - 001676064 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2018-07-12 10:19 - 2018-06-20 21:44 - 001536120 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2018-07-12 10:19 - 2018-06-20 20:48 - 000095744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys 2018-07-12 10:19 - 2018-06-20 20:48 - 000027136 ____C (Microsoft Corporation) C:\windows\system32\Drivers\fxppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000092672 ____C (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys 2018-07-12 10:19 - 2018-06-15 05:01 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2018-07-12 10:19 - 2018-06-12 10:00 - 022374248 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2018-07-12 10:19 - 2018-06-12 09:57 - 019790760 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2018-07-12 10:19 - 2018-06-11 18:55 - 025744896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2018-07-12 10:19 - 2018-06-11 18:36 - 003119616 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll 2018-07-12 10:19 - 2018-06-11 18:14 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2018-07-12 10:19 - 2018-06-11 18:06 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2018-07-12 10:19 - 2018-06-11 18:04 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2018-07-12 10:19 - 2018-06-11 17:39 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2018-07-12 10:19 - 2018-06-11 17:36 - 015283200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2018-07-12 10:19 - 2018-06-11 17:31 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2018-07-12 10:19 - 2018-06-11 17:22 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2018-07-12 10:19 - 2018-06-11 17:11 - 001545216 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2018-07-12 10:19 - 2018-06-11 16:59 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2018-07-12 10:19 - 2018-06-09 18:40 - 020286976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2018-07-12 10:19 - 2018-06-09 18:26 - 002712064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll 2018-07-12 10:19 - 2018-06-09 18:09 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2018-07-12 10:19 - 2018-06-09 17:59 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2018-07-12 10:19 - 2018-06-09 17:37 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2018-07-12 10:19 - 2018-06-09 17:37 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2018-07-12 10:19 - 2018-06-09 17:36 - 013680128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2018-07-12 10:19 - 2018-06-09 17:32 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2018-07-12 10:19 - 2018-06-09 17:11 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2018-07-12 10:19 - 2018-06-09 17:08 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2018-07-12 10:19 - 2018-06-09 17:06 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2018-07-12 10:19 - 2018-06-09 04:47 - 002176072 _____ (Microsoft Corporation) C:\windows\system32\combase.dll 2018-07-12 10:19 - 2018-06-09 03:44 - 001565528 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll 2018-07-12 10:19 - 2018-06-08 20:26 - 000440832 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll 2018-07-12 10:19 - 2018-06-08 19:54 - 000656384 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll 2018-07-12 10:19 - 2018-06-08 19:53 - 000252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll 2018-07-12 10:19 - 2018-06-08 19:07 - 000404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll 2018-07-12 10:19 - 2018-06-08 18:44 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll 2018-07-12 10:19 - 2018-06-07 20:51 - 000074240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys 2018-07-12 10:19 - 2018-05-24 23:29 - 002449752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2018-07-12 10:19 - 2018-05-24 23:29 - 000428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS 2018-07-12 10:19 - 2018-05-15 10:42 - 000590680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2018-07-12 10:19 - 2018-05-04 01:02 - 000439640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2018-07-12 10:19 - 2018-05-04 01:02 - 000325456 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2018-07-12 10:19 - 2018-05-04 01:02 - 000187728 ____C (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS 2018-07-12 10:19 - 2018-04-26 15:43 - 000918296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000065880 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000021848 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000018776 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000015704 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000015192 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000013656 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000013152 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000998912 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000063832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000020824 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000019288 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000016216 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000015704 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000014168 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000013656 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012632 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2018-07-12 10:19 - 2018-04-25 19:38 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2018-07-12 10:02 - 2018-06-12 21:01 - 000149632 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe 2018-07-12 10:02 - 2018-06-08 15:15 - 002860032 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2018-07-12 10:02 - 2018-06-08 15:15 - 001602048 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000783872 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000612352 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000470016 _____ (Microsoft Corporation) C:\windows\system32\centel.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000443392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000301056 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000246272 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2018-07-11 13:58 - 2018-07-11 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2018-07-09 17:51 - 2018-07-09 17:51 - 000111660 _____ C:\Users\popp_000\Downloads\RAC 15-148.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-05 20:58 - 2014-03-04 14:59 - 000000000 ___DO C:\Users\popp_000\SkyDrive 2018-08-05 20:56 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2018-08-05 20:55 - 2014-01-20 08:43 - 000027136 _____ C:\windows\system32\VfService.trf 2018-08-05 20:12 - 2015-06-19 15:42 - 000001254 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job 2018-08-05 18:42 - 2014-03-04 15:03 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-419436004-3641650613-4044294934-1004 2018-08-05 18:22 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness 2018-08-05 18:17 - 2014-03-04 14:56 - 000000000 ____D C:\Users\popp_000\AppData\Local\Packages 2018-08-05 18:10 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-08-05 18:04 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf 2018-08-05 18:03 - 2013-08-22 15:25 - 000524288 ___SH C:\windows\system32\config\BBI 2018-08-05 18:00 - 2014-02-24 22:06 - 000000000 ____D C:\Users\Rolls\AppData\Local\Google 2018-08-05 17:57 - 2014-02-24 22:01 - 000003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-419436004-3641650613-4044294934-1001 2018-08-05 17:53 - 2014-02-24 22:05 - 000003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A46B4F47-A843-440D-8F40-7D4F461E4A56} 2018-08-05 17:53 - 2014-01-20 08:44 - 000000000 ____D C:\windows\System32\Tasks\Lenovo 2018-08-05 17:53 - 2014-01-20 08:43 - 000000000 ____D C:\Program Files\Lenovo 2018-08-05 17:53 - 2014-01-20 08:13 - 000000000 ____D C:\ProgramData\Package Cache 2018-08-05 16:51 - 2014-04-19 16:02 - 000003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{54A7945E-525E-4DB2-8A31-5A7A5A8E8137} 2018-08-04 19:17 - 2014-03-26 05:20 - 000000000 ____D C:\Users\Rolls\AppData\Local\Viber 2018-08-04 18:28 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache 2018-08-04 12:12 - 2015-06-19 15:42 - 000001202 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job 2018-08-04 11:30 - 2017-09-16 11:44 - 000007594 _____ C:\Users\Rolls\AppData\Local\Resmon.ResmonCfg 2018-08-04 11:30 - 2014-02-24 22:06 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-04 11:30 - 2014-02-24 22:06 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-03 11:05 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-08-03 11:01 - 2017-05-02 11:20 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-08-03 10:59 - 2014-01-20 08:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-08-03 10:54 - 2013-08-22 17:36 - 000000000 ____D C:\windows\tracing 2018-08-03 10:34 - 2014-02-24 22:06 - 000000000 ____D C:\Program Files (x86)\Google 2018-08-02 11:34 - 2014-03-04 15:59 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Dropbox 2018-08-01 11:33 - 2014-01-20 08:31 - 000157476 _____ C:\windows\system32\perfc00C.dat 2018-08-01 11:33 - 2014-01-20 08:31 - 000081754 _____ C:\windows\system32\perfh00C.dat 2018-08-01 11:33 - 2014-01-20 08:26 - 000761160 _____ C:\windows\system32\perfh007.dat 2018-08-01 11:33 - 2014-01-20 08:26 - 000157652 _____ C:\windows\system32\perfc007.dat 2018-08-01 11:33 - 2013-10-07 20:27 - 002015868 _____ C:\windows\system32\PerfStringBackup.INI 2018-07-31 13:59 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp 2018-07-30 17:51 - 2014-03-04 16:03 - 000000000 ___RD C:\Users\popp_000\Dropbox 2018-07-30 11:39 - 2013-08-22 17:36 - 000000000 ____D C:\windows\LiveKernelReports 2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\ProgramData\Garmin 2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\Program Files (x86)\Garmin 2018-07-25 17:59 - 2014-03-04 22:53 - 000000000 ____D C:\Users\popp_000\AppData\Local\CrashDumps 2018-07-24 21:31 - 2017-11-17 11:34 - 000000000 ____D C:\Users\popp_000\Desktop\LATER 2018-07-24 16:36 - 2018-05-07 11:13 - 001091675 _____ C:\Users\popp_000\Desktop\Kennedy_WoodrowWWI_2018.pdf 2018-07-22 11:57 - 2016-01-24 17:30 - 000000000 ___RD C:\Program Files (x86)\Skype 2018-07-22 11:57 - 2014-03-25 21:31 - 000000000 ____D C:\ProgramData\Skype 2018-07-22 11:55 - 2014-03-25 21:31 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Skype 2018-07-18 22:51 - 2017-07-29 11:49 - 000003178 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-419436004-3641650613-4044294934-1004 2018-07-18 22:51 - 2017-05-02 11:26 - 000002377 _____ C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2018-07-15 13:23 - 2014-01-20 08:44 - 000000000 ____D C:\ProgramData\Energy Manager 2018-07-15 13:04 - 2013-08-22 16:44 - 000500816 _____ C:\windows\system32\FNTCACHE.DAT 2018-07-15 12:58 - 2015-04-18 18:10 - 000000000 ____D C:\windows\system32\appraiser 2018-07-15 12:58 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData 2018-07-15 12:57 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\NDF 2018-07-12 15:38 - 2014-03-04 15:58 - 000000000 ____D C:\windows\system32\MRT 2018-07-12 15:31 - 2014-03-04 15:58 - 134675576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe 2018-07-12 09:52 - 2018-05-09 10:30 - 000685568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2018-07-11 13:55 - 2014-02-24 22:16 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2018-07-11 13:55 - 2014-02-24 22:16 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2018-07-10 17:05 - 2014-03-04 14:56 - 000000000 ____D C:\Users\popp_000\AppData\Local\VirtualStore 2018-07-09 16:52 - 2015-11-09 17:52 - 000000424 _____ C:\windows\Tasks\DriverEasy Scheduled Scan.job Some files in TEMP: ==================== 2018-08-05 17:38 - 2016-12-06 21:39 - 000050720 _____ (HP Inc.) C:\Users\popp_000\AppData\Local\Temp\ACLMInstaller.exe 2014-03-04 14:58 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\popp_000\AppData\Local\Temp\avgnt.exe 2014-02-24 22:16 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\Rolls\AppData\Local\Temp\avgnt.exe 2015-11-09 17:47 - 2015-11-09 17:47 - 064809432 _____ (SweetLabs,Inc.) C:\Users\Rolls\AppData\Local\Temp\oct5CEE.tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-07-31 13:45 ==================== End of FRST.txt ============================ Und Addition: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by popp_000 (05-08-2018 21:03:29) Running from C:\Users\popp_000\Downloads Windows 8.1 (Update) (X64) (2014-02-24 19:54:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-419436004-3641650613-4044294934-500 - Administrator - Disabled) Guest (S-1-5-21-419436004-3641650613-4044294934-501 - Limited - Disabled) popp_000 (S-1-5-21-419436004-3641650613-4044294934-1004 - Administrator - Enabled) => C:\Users\popp_000 Rolls (S-1-5-21-419436004-3641650613-4044294934-1001 - Administrator - Enabled) => C:\Users\Rolls ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Dropbox (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.) Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Hidden Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation) Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions) GentiumPlus 1.510 (HKLM-x32\...\GentiumPlus) (Version: - ) GitHub (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.) Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) HP Officejet Pro 8600 Basic Device Software (HKLM\...\{77d93eea-f5c2-4db5-9c2d-25bc5a2e0ec9}) (Version: 28.0.1316.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{CF713F23-4866-4A5D-91CC-A5F42111C82A}) (Version: 12.7.5.9 - Apple Inc.) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) jpgtopdf_setup (HKLM-x32\...\{6C1A8DBD-C0AA-4FD0-93C8-33934FD3F396}) (Version: 1.0.0.1 - jpgtopdf_setup_caudio) Hidden Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.) Lenovo Motion Control (HKLM-x32\...\{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Hidden Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo) MailStore Home 10.1.2.12457 (HKLM-x32\...\MailStore Home_universal1) (Version: 10.1.2.12457 - MailStore Software GmbH) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 57.0.4 (x64 de) (HKLM\...\Mozilla Firefox 57.0.4 (x64 de)) (Version: 57.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla) Nuance PDF Create 7 (HKLM\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Create 7 (HKLM-x32\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.) ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version: - ) Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Skype Version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated) UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.) vpnui.exe custom database (HKLM\...\{f0fbb653-f915-4899-a129-43562c94b062}.sdb) (Version: - ) Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\popp_000\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-419436004-3641650613-4044294934-1004_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll -> No File ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers4-x32: [FolderColorize] -> {3443FE61-F294-403D-A4A6-53E034FC9B3F} => C:\Program Files\Folder Colorizer\FolderColorShlExt.dll [2014-01-13] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers1_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02F4CE79-06CA-4303-A37C-26CA69BE3F22} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-01] (Microsoft Corporation) Task: {068104A3-5675-4238-9026-045B63E0D3D3} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2015-10-27] (Easeware) Task: {10897403-78B3-453F-8453-EAAE728CA5E1} - System32\Tasks\hpUtility.exe_{1FD8EFFC-18DD-488E-9CDF-EC604B6F653F} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.) Task: {1E4AC7AD-ADB7-4DCA-A270-CFA07CD9A84B} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-08-01] (Microsoft Corporation) Task: {2B08E8BB-4DE4-4513-8075-F9B3C496CFAA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-15] (Synaptics Incorporated) Task: {41671B78-33B2-4C59-8810-8634BD91284F} - System32\Tasks\Toolbox.exe_{7CE34131-9F3C-48E6-A2A7-95C2FD7A9928} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\Toolbox.exe [2012-10-17] (Hewlett-Packard Co.) Task: {4628405A-5EC5-4F87-957D-EF91998BCCD7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {5A3BC59F-04FF-4C84-B674-6425C0E1B186} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation) Task: {5DDEF067-DF8C-400C-A61B-62987371BC65} - System32\Tasks\{4C60E858-8717-427F-A063-A9F37A05AE0C} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/de/go/help.faq.installer?LastError=1618 Task: {61D5C79C-9035-49A2-8EE3-17C071B74E61} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-08-01] (Microsoft Corporation) Task: {908145CB-C602-4BA9-B3EE-9E2F18FF97B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation) Task: {A818AF8D-5DF5-46CD-B00B-93683AE6326F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {BF48C6F6-1196-4BFE-9C08-5941B148C9C1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-01] (Microsoft Corporation) Task: {C702572B-4429-46B6-8280-73D782C1AF5E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {E6A819D5-CD25-4DFB-BEC9-00A7FC3B875E} - System32\Tasks\hpUtility.exe_{2ACCD369-2718-4BF0-A782-E60BACC6BC4E} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.) Task: {EDFD66DD-A2E0-4AFC-A93A-0307666E24AD} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2018-07-11] (Avira Operations GmbH & Co. KG) Task: {FCB9F069-DED1-4964-A9F9-CB798A52F837} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {FE80D603-E2B5-408F-8636-46A3C4992485} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-04-11 04:17 - 2017-04-11 04:17 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe 2013-08-02 03:31 - 2013-08-02 03:31 - 000198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-08-02 03:31 - 2013-08-02 03:31 - 000054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-08-02 03:31 - 2013-08-02 03:31 - 000034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2014-01-20 08:41 - 2012-04-25 04:43 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2014-01-20 08:43 - 2014-01-20 08:43 - 000068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe 2014-01-20 08:43 - 2014-01-20 08:43 - 000669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll 2018-08-04 11:30 - 2018-07-31 01:32 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libglesv2.dll 2018-08-04 11:30 - 2018-07-31 01:32 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libegl.dll 2018-08-02 11:33 - 2018-07-31 03:25 - 001108672 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll 2018-08-02 11:33 - 2018-07-31 03:25 - 002247872 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll 2018-08-02 11:33 - 2018-07-31 03:28 - 000021704 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\tornado.speedups.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:26 - 000022752 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000135840 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\_cffi_backend.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:26 - 001881816 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:26 - 000023768 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000111760 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\pywintypes35.dll 2018-08-02 11:33 - 2018-07-31 03:25 - 000103576 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32api.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 000069320 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:26 - 000080064 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\fastpath.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000400016 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\pythoncom35.dll 2018-08-02 11:33 - 2018-07-31 03:25 - 000024728 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32event.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000043680 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32process.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000021656 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\mmapfile.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000125080 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32file.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000114848 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32security.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000392392 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000030432 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000024736 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32clipboard.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000175768 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32gui.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000024728 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32pipe.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000026264 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000048800 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32service.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000058016 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32evtlog.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000024784 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:26 - 000022728 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000026336 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000070360 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:26 - 000025296 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000029904 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winreindex.compiled._winreindex.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 003866304 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000089272 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\sip.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 001800896 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 001960640 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000028824 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32ts.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 000155856 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 000521920 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 000051400 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 000043720 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 000131264 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 000220872 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 000205512 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000061080 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32print.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000056536 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000024224 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\win32profile.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000025304 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000023776 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000022752 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000023768 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:26 - 000028392 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000348312 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winxpgui.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 000102088 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:28 - 000024800 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:26 - 000026840 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:25 - 000036496 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\librsync.dll 2018-08-02 11:33 - 2018-07-31 03:28 - 000023776 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:26 - 000181432 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2018-08-02 11:33 - 2018-07-31 03:28 - 000031952 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:26 - 000024752 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\libEGL.DLL 2018-08-02 11:33 - 2018-07-31 03:26 - 001638576 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2018-08-02 11:33 - 2018-07-31 03:28 - 000027352 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 000547008 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp35-win32.pyd 2018-08-02 11:33 - 2018-07-31 03:27 - 000360128 _____ () C:\Users\popp_000\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp35-win32.pyd 2014-01-20 08:11 - 2013-09-04 17:53 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-08-18 09:15 - 2018-06-01 09:47 - 000302256 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\IEAWSDC.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2015-11-22 17:35 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\popp_000\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 62.2.17.60 - 62.2.24.162 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "PDFCreHook" HKLM\...\StartupApproved\Run32: => "PDFProHook" HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "World of Tanks" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "Skype for Desktop" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C3EC1C83-ED75-4491-B69D-9C40FAD13721}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{6FCD0814-38FE-47D2-816C-72C1415D1D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{E620D2F9-0BA9-4DFE-8D6B-9C59F1F71526}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{1077B56E-1938-4248-A619-9B854EE3AFD9}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{AFFD236C-2F03-4514-9493-28D4A9C50B77}] => (Allow) C:\Users\Rolls\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{F288F15D-002F-40A2-A40C-97E28F56AA80}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{AD2DB122-CC56-424D-8E16-AA4AAECF4344}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{3EF055D5-32DE-4CA6-BE7C-F5665694844B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{D21787BE-28FE-4C10-A07A-1CCFE3E7B79D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{FB099CB8-CA09-4117-99D4-B42CDBB28D90}] => (Allow) C:\Users\Rolls\AppData\Local\Viber\Viber.exe FirewallRules: [{965D02E2-997F-4A1B-9984-1738A0E2A113}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{CE0097F9-DC40-4522-87F1-1051989D5C39}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D889966A-1277-4A5D-9DA8-ED3C03A0E9C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BDDE8199-B36C-41F3-AA66-04834F80B129}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3907E02F-601D-4C7F-B2FA-D854CBCE60F4}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{0B084486-00AB-497C-885E-F03C9EA3A10F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{04F273D0-6AE9-4E96-B78C-3ACFB71DE717}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{C62B610C-F3DB-4EFA-92DC-01B1BDB6CE37}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{E8091B04-83D8-4214-92CC-9E6103FBD59F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{33047F60-F67D-430B-B231-902153223054}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2B912316-B9F7-4E28-9106-2F194B2C3068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8A7C5277-E975-4A7B-A51E-0F21B6A95CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22D86146-2671-4E3D-92CB-8F6C06857C3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8ACE25C7-A358-4542-9ABA-01AD445562AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{2BAD3012-6736-4535-87B5-A0A267A5B46F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{471A0AF8-318E-4228-97DE-AEE58A161E68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{9F29F59E-3EB9-415A-9AAA-8F8ED2C6BB02}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{B23CA18C-2F92-44C0-B9C1-B1EBA20109DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{58B67CA2-55C1-4E7C-A94C-E5EE6356A156}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{482ACE75-C913-4551-9331-C71867CD1F66}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{51BDC310-D994-4A47-8101-79384BB345A0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{C86843FA-327B-4DE6-90BE-74CCD769C022}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{38384A8F-9AE9-4016-BC0A-47E96E1FDBC9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{C1248B25-D45A-4C8E-916C-9BA0E641D10A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe ==================== Restore Points ========================= 19-07-2018 16:27:24 Scheduled Checkpoint 28-07-2018 20:19:37 Scheduled Checkpoint 05-08-2018 17:15:42 Removed Free JPG to PDF Converter ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/05/2018 05:36:21 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ROLLS_PC) Description: Die Anwendung oder der Dienst "ScanToPCActivationApp" konnte nicht heruntergefahren werden. Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15222516 Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15222516 Error: (08/05/2018 03:04:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/05/2018 10:43:39 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/04/2018 11:17:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 74821703 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 74821703 System errors: ============= Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/05/2018 05:52:10 PM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{D63B10C5-BB46-4990-A94F-E40B9D520160}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/04/2018 11:08:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY) Description: Für den Miniport "Realtek PCIe GBE Family Controller, {4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}" ist das Ereignis "74" aufgetreten. Error: (08/03/2018 11:43:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "HP Support Solutions Framework Service" wurde nicht richtig gestartet. Windows Defender: =================================== Date: 2017-05-04 16:39:21.013 Description: Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Betroffene Signaturen: Aktuell Fehlercode: 0x80073aba Fehlerbeschreibung: The resource is too old to be compatible. Signaturversion: 1.155.266.0;1.155.266.0 Modulversion: 1.1.9700.0 CodeIntegrity: =================================== Date: 2018-08-05 20:56:36.953 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-05 18:04:32.203 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-05 17:49:44.141 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-05 17:10:27.313 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-03 11:42:33.517 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:31.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:26.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:37:39.892 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 44% Total physical RAM: 8104.27 MB Available physical RAM: 4487.81 MB Total Virtual: 13480.27 MB Available Virtual: 9092.87 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:283.73 GB) (Free:148.17 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:164.36 GB) (Free:98.53 GB) NTFS \\?\Volume{544d8d37-33b0-411c-bcb9-194636f9170a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS \\?\Volume{f521da69-fec1-4e43-a83f-ac8ca729b84c}\ (PBR_DRV) (Fixed) (Total:15.34 GB) (Free:5.69 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 22404104) Partition: GPT. ==================== End of Addition.txt ============================ |
05.08.2018, 20:15 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Avira bitte komplett deinstallieren Von Avira wird hier schon lange abgeraten, außerdem will ich für eine Analyse und Bereinigung so wenig Störquellen wie nur möglich. Zum Abschluss gibt es Hinweise zur Absicherung deines Windows-Systems. Wir deinstallieren dann am besten auch gleich weiteren unnötigen oder veralteten Krempel. Google Chrome ist auch immer noch drauf. Weg damit. Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Gib Bescheid wenn das weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________ Logfiles bitte immer in CODE-Tags posten |
06.08.2018, 10:54 | #9 |
| Erledigt Alles weg. Chrome mit Herzblut wegen Gewöhnung. Eigene Daten scannen über Browser aber aus Datenschutzperspektive inakzeptabel, da hast Du schon recht. Ich denke allerdings, dass Google da doch vorsichtig ist, sonst droht eine Jahrhundertstrafe aus Brüssel. Trotzdem ist es richtig, deren Produkte zu boykottieren, das sehe ich schon ein. Firefox hatte ich damals aufgegeben, da völlig überfettet und langsam. Sehe aber, dass es sich verbessert hat. Allerdings funzt erfahrungsmässig meine Literaturverwaltung über Zotero überhaupt nicht mehr. Werde aber da schon eine Lösung finden. Danke soweit. Ich bin bereit für die nächsten Schritte. |
06.08.2018, 11:29 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Überfettet und langsam, solche Aussagen verstehe ich einfach nicht. Hab das auch öfter im heise-forum gelesen, dass sich ein paar über einen angeblich verfetteten und langsamen Firefox beschwert hatten, konnte das nie nachvollziehen. Der Firefox läuft bei mir immer schnell. Und von der Größe her tun sich Chrome und Firefox überhaupt nichts. Wieso bist du noch bei Windows 8.1??
__________________ Logfiles bitte immer in CODE-Tags posten |
06.08.2018, 11:34 | #11 |
| Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Verglichen mit jetziger Version war das wirklich vor ein paar Jahren so. Chrome war damals drei mal so schnell, warum auch immer. Interessant ist ja, wie so zwischenzeitliche Unterschiede lange wirksame Pfadabhängigkeiten erzeugen. Insofern gut, dass Du mich ermuntert hast, endlich Google Adieu zu sagen. Politisch ist das sicherlich richtig, die Sicherheitsaspekte kann ich ehrlich gesagt nur bedingt einschätzen. 8.1? Bin ich überfragt, Updates immer automatisch eingestellt. Ist das ein Problem? |
06.08.2018, 11:36 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Nein aber du hättest schon längst auf Windows 10 upgraden können. Kostenlos. Das kannst du aber immer noch. Schädlinge suchen mit Kaspersky TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
06.08.2018, 11:44 | #13 |
| Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Gut, sollte ich wohl mal langsam auf 10 upgraden. Hier der Report vom TDSSKiller, No Threats found: Code:
ATTFilter 12:38:13.0307 0x2094 TDSS rootkit removing tool 3.1.0.17 Apr 20 2018 12:12:17 12:38:13.0307 0x2094 UEFI system 12:38:19.0716 0x2094 ============================================================ 12:38:19.0716 0x2094 Current date / time: 2018/08/06 12:38:19.0716 12:38:19.0716 0x2094 SystemInfo: 12:38:19.0716 0x2094 12:38:19.0716 0x2094 OS Version: 6.3.9600 ServicePack: 0.0 12:38:19.0716 0x2094 Product type: Workstation 12:38:19.0716 0x2094 ComputerName: ROLLS_PC 12:38:19.0716 0x2094 UserName: popp_000 12:38:19.0716 0x2094 Windows directory: C:\windows 12:38:19.0716 0x2094 System windows directory: C:\windows 12:38:19.0716 0x2094 Running under WOW64 12:38:19.0716 0x2094 Processor architecture: Intel x64 12:38:19.0716 0x2094 Number of processors: 4 12:38:19.0716 0x2094 Page size: 0x1000 12:38:19.0716 0x2094 Boot type: Normal boot 12:38:19.0716 0x2094 CodeIntegrityOptions = 0x00000001 12:38:19.0716 0x2094 ============================================================ 12:38:20.0045 0x2094 KLMD registered as C:\windows\system32\drivers\41979790.sys 12:38:20.0045 0x2094 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.19067, osProperties = 0x19 12:38:20.0499 0x2094 System UUID: {AECEE970-ED09-C2E7-A0FF-4E7BA1693CFA} 12:38:22.0545 0x2094 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:38:22.0577 0x2094 ============================================================ 12:38:22.0577 0x2094 \Device\Harddisk0\DR0: 12:38:22.0577 0x2094 GPT partitions: 12:38:22.0577 0x2094 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {544D8D37-33B0-411C-BCB9-194636F9170A}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000 12:38:22.0577 0x2094 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {822AD2B7-227A-4836-8702-7A0CBC2BF660}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000 12:38:22.0577 0x2094 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {022779F5-46B7-4B93-B629-DFD552C8742C}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000 12:38:22.0577 0x2094 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {05F3EBB1-D218-467F-BB0F-F89120926B00}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000 12:38:22.0577 0x2094 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7FBFF22A-5792-4AB6-8655-A52A21474E34}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x23775800 12:38:22.0577 0x2094 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {40EAACD2-9E1E-48F0-9F3F-87481D9BADC2}, Name: Basic data partition, StartLBA 0x23C20000, BlocksNum 0x148B9000 12:38:22.0577 0x2094 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F521DA69-FEC1-4E43-A83F-AC8CA729B84C}, Name: Basic data partition, StartLBA 0x384D9000, BlocksNum 0x1EAD000 12:38:22.0577 0x2094 MBR partitions: 12:38:22.0577 0x2094 ============================================================ 12:38:22.0577 0x2094 C: <-> \Device\Harddisk0\DR0\Partition5 12:38:22.0624 0x2094 D: <-> \Device\Harddisk0\DR0\Partition6 12:38:22.0624 0x2094 ============================================================ 12:38:22.0624 0x2094 Initialize success 12:38:22.0624 0x2094 ============================================================ 12:40:55.0909 0x1d08 ============================================================ 12:40:55.0909 0x1d08 Scan started 12:40:55.0909 0x1d08 Mode: Manual; SigCheck; TDLFS; 12:40:55.0909 0x1d08 ============================================================ 12:40:55.0909 0x1d08 KSN ping started 12:40:56.0050 0x1d08 KSN ping finished: true 12:41:07.0303 0x1d08 ================ Scan system memory ======================== 12:41:07.0303 0x1d08 System memory - ok 12:41:07.0303 0x1d08 ================ Scan services ============================= 12:41:07.0522 0x1d08 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\windows\System32\drivers\1394ohci.sys 12:41:07.0709 0x1d08 1394ohci - ok 12:41:07.0756 0x1d08 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\windows\system32\drivers\3ware.sys 12:41:07.0787 0x1d08 3ware - ok 12:41:07.0850 0x1d08 [ 508526EB2308D259DB8542FF50E9112C, DBF657F5D8890E2F58D3EE47B5F5A98DFB838CDD2871CE580B3FC1BDDC2A590E ] ACPI C:\windows\system32\drivers\ACPI.sys 12:41:07.0928 0x1d08 ACPI - ok 12:41:07.0975 0x1d08 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\windows\system32\Drivers\acpiex.sys 12:41:08.0006 0x1d08 acpiex - ok 12:41:08.0037 0x1d08 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\windows\System32\drivers\acpipagr.sys 12:41:08.0131 0x1d08 acpipagr - ok 12:41:08.0147 0x1d08 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\windows\System32\drivers\acpipmi.sys 12:41:08.0272 0x1d08 AcpiPmi - ok 12:41:08.0287 0x1d08 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\windows\System32\drivers\acpitime.sys 12:41:08.0365 0x1d08 acpitime - ok 12:41:08.0397 0x1d08 [ AF7A18603B0B82DFA5B420456FAF2201, 64AD831433778BB0B0B1615EEA7682960ED5815A091A9EFEE95A862EFBDE6D69 ] ACPIVPC C:\windows\System32\drivers\AcpiVpc.sys 12:41:08.0834 0x1d08 ACPIVPC - ok 12:41:08.0912 0x1d08 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\windows\system32\drivers\ADP80XX.SYS 12:41:09.0006 0x1d08 ADP80XX - ok 12:41:09.0053 0x1d08 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 12:41:09.0115 0x1d08 AeLookupSvc - ok 12:41:09.0194 0x1d08 [ B246BEE99740A2A357E21D863A18774D, CE000059C157101D6C429594E76A69C4E863A9E752015D542E4F308E8D515386 ] AFD C:\windows\system32\drivers\afd.sys 12:41:09.0320 0x1d08 AFD - ok 12:41:09.0366 0x1d08 [ 20FFFCA6E9870E358DBE402F7DBD3E6C, 8F964219C777C86ECC572E8B340C814CA09A0B88E4F1CF3DE4D5F1FD115D73ED ] agp440 C:\windows\system32\drivers\agp440.sys 12:41:09.0398 0x1d08 agp440 - ok 12:41:09.0429 0x1d08 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\windows\system32\DRIVERS\ahcache.sys 12:41:09.0554 0x1d08 ahcache - ok 12:41:09.0585 0x1d08 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\windows\System32\alg.exe 12:41:09.0648 0x1d08 ALG - ok 12:41:09.0695 0x1d08 [ 4A3FAD94DC163A7C145EB7609D38925C, 81F4745EDC3267412016EE5FF954D9AAD60122421B5D3D9AA814DB2E464397A0 ] AmdK8 C:\windows\System32\drivers\amdk8.sys 12:41:09.0804 0x1d08 AmdK8 - ok 12:41:09.0835 0x1d08 [ 466133F035543C450C6AC00B8860FDA4, 417F259B97E5AFD405ED9235551E31860A66D84868306AF90E94A46BAA0F6D75 ] AmdPPM C:\windows\System32\drivers\amdppm.sys 12:41:09.0945 0x1d08 AmdPPM - ok 12:41:09.0976 0x1d08 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\windows\system32\drivers\amdsata.sys 12:41:10.0023 0x1d08 amdsata - ok 12:41:10.0054 0x1d08 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys 12:41:10.0132 0x1d08 amdsbs - ok 12:41:10.0148 0x1d08 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\windows\system32\drivers\amdxata.sys 12:41:10.0195 0x1d08 amdxata - ok 12:41:10.0241 0x1d08 [ 29A3E5D36112A738B354E4DF2691CE41, 135028B4ECB9C31B57CEA68B898B265EC379FF738FF924B6F412D7E5EB61C2A6 ] AppID C:\windows\system32\drivers\appid.sys 12:41:10.0398 0x1d08 AppID - ok 12:41:10.0413 0x1d08 [ 942C8297400FCFB13CEE3F3CD89C5CE5, AFD9EC35F6C44D86DD5943A2AB0B99B0C1B1783D70FD966F6467F97F0831403F ] AppIDSvc C:\windows\System32\appidsvc.dll 12:41:10.0460 0x1d08 AppIDSvc - ok 12:41:10.0507 0x1d08 [ 54ACF58A59A5FD3AD29EABBECA5B5BA4, B3B7572E93ACFF3CCB08968F33B796A6FC6DDCF75F48038A0626E46997AAD2D1 ] Appinfo C:\windows\System32\appinfo.dll 12:41:10.0554 0x1d08 Appinfo - ok 12:41:10.0616 0x1d08 [ D3B143E07D282D3FB88BCAB0C91D0BDB, 4B7E4C3AF44ED9B3807076FC63C4596AF4FF8647E8E84A681BBA94B6BC7246F6 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:41:10.0648 0x1d08 Apple Mobile Device Service - ok 12:41:10.0741 0x1d08 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\windows\system32\AppReadiness.dll 12:41:10.0913 0x1d08 AppReadiness - ok 12:41:11.0070 0x1d08 [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc C:\windows\system32\appxdeploymentserver.dll 12:41:11.0276 0x1d08 AppXSvc - ok 12:41:11.0291 0x1d08 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\windows\system32\drivers\arcsas.sys 12:41:11.0338 0x1d08 arcsas - ok 12:41:11.0369 0x1d08 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 12:41:11.0588 0x1d08 AsyncMac - ok 12:41:11.0604 0x1d08 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\windows\system32\drivers\atapi.sys 12:41:11.0651 0x1d08 atapi - ok 12:41:11.0713 0x1d08 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll 12:41:11.0791 0x1d08 AudioEndpointBuilder - ok 12:41:11.0885 0x1d08 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\windows\System32\Audiosrv.dll 12:41:11.0994 0x1d08 Audiosrv - ok 12:41:12.0026 0x1d08 avkmgr - ok 12:41:12.0073 0x1d08 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\windows\System32\AxInstSV.dll 12:41:12.0166 0x1d08 AxInstSV - ok 12:41:12.0229 0x1d08 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 12:41:12.0291 0x1d08 b06bdrv - ok 12:41:12.0338 0x1d08 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\windows\System32\drivers\BasicDisplay.sys 12:41:12.0432 0x1d08 BasicDisplay - ok 12:41:12.0448 0x1d08 [ BF002CF6CA41491665F7D3DCA51B7EFB, 4925B7689B47C583901CD75E7AB9160100838D5E33B829EB3CA4F71F7514958B ] BasicRender C:\windows\System32\drivers\BasicRender.sys 12:41:12.0557 0x1d08 BasicRender - ok 12:41:12.0573 0x1d08 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\windows\System32\drivers\bcmfn2.sys 12:41:12.0604 0x1d08 bcmfn2 - ok 12:41:12.0651 0x1d08 [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC C:\windows\System32\bdesvc.dll 12:41:12.0823 0x1d08 BDESVC - ok 12:41:12.0869 0x1d08 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\windows\system32\drivers\Beep.sys 12:41:13.0041 0x1d08 Beep - ok 12:41:13.0119 0x1d08 [ 4BA5C192E77375B62D603B38B9D99128, E1BF8646DA927EF81A9B940D0FAE7E49116A713F335625C5E18224BBB79F165E ] BFE C:\windows\System32\bfe.dll 12:41:13.0261 0x1d08 BFE - ok 12:41:13.0339 0x1d08 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\windows\System32\qmgr.dll 12:41:13.0448 0x1d08 BITS - ok 12:41:13.0573 0x1d08 [ 4D87518BA68C308299441337C55F5427, AE46F847EE605213A3AE9BEFE5EB0B7B8D877340EA1A6CF9EF5683A02ECFE399 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 12:41:13.0683 0x1d08 Bluetooth Device Monitor - ok 12:41:13.0792 0x1d08 [ 19786E2114E2FCB4EAA30808E9D4FB9A, FCBD15EA7CB0B22DA9ABFACF95DE877042201C85EBC219F5204E12F76E8DBC09 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 12:41:13.0870 0x1d08 Bluetooth OBEX Service - ok 12:41:13.0964 0x1d08 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 12:41:14.0011 0x1d08 Bonjour Service - ok 12:41:14.0042 0x1d08 [ 4938A9236300A356F97E378491EE4844, 60D892960D48EEF48F8EC4DE4F174EBD0BC0E7B28B6D8723D554CD1979EB55B4 ] bowser C:\windows\system32\DRIVERS\bowser.sys 12:41:14.0167 0x1d08 bowser - ok 12:41:14.0214 0x1d08 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\windows\System32\bisrv.dll 12:41:14.0276 0x1d08 BrokerInfrastructure - ok 12:41:14.0308 0x1d08 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\windows\System32\browser.dll 12:41:14.0370 0x1d08 Browser - ok 12:41:14.0401 0x1d08 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\windows\System32\drivers\BthAvrcpTg.sys 12:41:14.0495 0x1d08 BthAvrcpTg - ok 12:41:14.0542 0x1d08 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\windows\System32\drivers\BthEnum.sys 12:41:14.0667 0x1d08 BthEnum - ok 12:41:14.0698 0x1d08 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\windows\System32\drivers\bthhfenum.sys 12:41:14.0808 0x1d08 BthHFEnum - ok 12:41:14.0839 0x1d08 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\windows\System32\drivers\BthHFHid.sys 12:41:14.0933 0x1d08 bthhfhid - ok 12:41:14.0995 0x1d08 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\windows\System32\BthHFSrv.dll 12:41:15.0120 0x1d08 BthHFSrv - ok 12:41:15.0151 0x1d08 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\windows\System32\drivers\BthLEEnum.sys 12:41:15.0309 0x1d08 BthLEEnum - ok 12:41:15.0340 0x1d08 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\windows\System32\drivers\bthmodem.sys 12:41:15.0418 0x1d08 BTHMODEM - ok 12:41:15.0465 0x1d08 [ D0AF91AF656E25AD8617EFA5B52EF457, FD723D99A0B8466BD991648DEED1831D32FD3A5995DD0E0837390746B8A7B439 ] BthPan C:\windows\System32\drivers\bthpan.sys 12:41:15.0574 0x1d08 BthPan - ok 12:41:15.0684 0x1d08 [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 12:41:15.0918 0x1d08 BTHPORT - ok 12:41:15.0949 0x1d08 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\windows\system32\bthserv.dll 12:41:15.0996 0x1d08 bthserv - ok 12:41:16.0027 0x1d08 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 12:41:16.0105 0x1d08 BTHUSB - ok 12:41:16.0137 0x1d08 [ 4428C299BE7B9841ECFA82044B69FA6A, F8AB607D6CACBF2DDE3C392F9756B9F32CB99664A75F3140365CB916450660EC ] btmaux C:\windows\system32\DRIVERS\btmaux.sys 12:41:16.0152 0x1d08 btmaux - ok 12:41:16.0277 0x1d08 [ 7B31A8A9DC95B3634D896FD0F2814F19, 8FD5FBC61968F4BB8C2BAD0D432D5B86DCFED38CCF6F559F9EFB71AADD25474F ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys 12:41:16.0387 0x1d08 btmhsf - ok 12:41:16.0449 0x1d08 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 12:41:16.0574 0x1d08 cdfs - ok 12:41:16.0621 0x1d08 [ D61EDE3D49B04E703AEC3B111C763F42, A07780B7AAA982B1971C1FE3B597840541BF9FCE9D8322807C9C12300F9D2987 ] cdrom C:\windows\System32\drivers\cdrom.sys 12:41:16.0746 0x1d08 cdrom - ok 12:41:16.0793 0x1d08 [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] CertPropSvc C:\windows\System32\certprop.dll 12:41:16.0918 0x1d08 CertPropSvc - ok 12:41:16.0949 0x1d08 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\windows\System32\drivers\circlass.sys 12:41:17.0043 0x1d08 circlass - ok 12:41:17.0105 0x1d08 [ 83798256E1662C64991267FB95E1149F, F94E103CF66988B8235FCA0293C5F44C1A30D6D910ADBB05A9D638E0B0F64EE8 ] CLFS C:\windows\system32\drivers\CLFS.sys 12:41:17.0152 0x1d08 CLFS - ok 12:41:17.0778 0x1d08 [ 321AB8521860BBB0C3D19D2F13A26828, 9024D57F7847D64DA585337D29229B75955FC836095735E3E98AB11A30933C5A ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 12:41:18.0497 0x1d08 ClickToRunSvc - ok 12:41:18.0575 0x1d08 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\windows\System32\drivers\CmBatt.sys 12:41:18.0700 0x1d08 CmBatt - ok 12:41:18.0747 0x1d08 [ 6B3BFBC8A93CA85851CAF9C5ACF89824, 6921D52AFCCDF3B712E5192C7278B5CE141CF37D90BA9932A12F218209CE2829 ] CNG C:\windows\system32\Drivers\cng.sys 12:41:18.0825 0x1d08 CNG - ok 12:41:18.0841 0x1d08 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\windows\System32\drivers\CompositeBus.sys 12:41:18.0935 0x1d08 CompositeBus - ok 12:41:18.0950 0x1d08 COMSysApp - ok 12:41:18.0966 0x1d08 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\windows\system32\drivers\condrv.sys 12:41:19.0075 0x1d08 condrv - ok 12:41:19.0169 0x1d08 [ B29ECF69A102B2793EF290EFDBFE3FB5, 01F752B9F45733CF36FB2918D264B4E3DB945279C800CA690B4A81E3A39BAB26 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe 12:41:19.0216 0x1d08 cphs - ok 12:41:19.0263 0x1d08 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\windows\system32\cryptsvc.dll 12:41:19.0294 0x1d08 CryptSvc - ok 12:41:19.0310 0x1d08 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\windows\system32\drivers\dam.sys 12:41:19.0341 0x1d08 dam - ok 12:41:19.0419 0x1d08 [ 2928249E4DD39C2ADD3E74F02427AB8B, E331028A55FFFD753BC09163F25765AA67B1FE55BD0EB2803CC50D841E14BDA6 ] DcomLaunch C:\windows\system32\rpcss.dll 12:41:19.0560 0x1d08 DcomLaunch - ok 12:41:19.0653 0x1d08 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\windows\System32\defragsvc.dll 12:41:19.0763 0x1d08 defragsvc - ok 12:41:19.0810 0x1d08 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\windows\system32\das.dll 12:41:19.0888 0x1d08 DeviceAssociationService - ok 12:41:19.0935 0x1d08 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\windows\system32\umpnpmgr.dll 12:41:20.0013 0x1d08 DeviceInstall - ok 12:41:20.0044 0x1d08 [ D1049D4D1311D43F6FCF180CAA5BF78B, E32D3B0FB3CFE2E9C243E7540B9A534B6B5B53759A3883A231EB69F4A8C823C1 ] Dfsc C:\windows\system32\Drivers\dfsc.sys 12:41:20.0122 0x1d08 Dfsc - ok 12:41:20.0185 0x1d08 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\windows\system32\dhcpcore.dll 12:41:20.0247 0x1d08 Dhcp - ok 12:41:20.0372 0x1d08 [ 0AC9F83A5508935DE89C447473085EEA, 223782B17BACEFB0A663EB13514B68B919C95EF641CDDA7AC30CB239BC4307EC ] DiagTrack C:\windows\system32\diagtrack.dll 12:41:20.0575 0x1d08 DiagTrack - ok 12:41:20.0607 0x1d08 [ BF6D8575DDF30384939B2D5251F27C1F, 1605530BC61FB726F1095C5B5C8E27B18C06BCE01948550988E9EDCEBBCC0B3D ] disk C:\windows\system32\drivers\disk.sys 12:41:20.0654 0x1d08 disk - ok 12:41:20.0669 0x1d08 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\windows\System32\drivers\dmvsc.sys 12:41:20.0810 0x1d08 dmvsc - ok 12:41:20.0857 0x1d08 [ 2777CAC4B6E23C95A7C6E11701F4ED62, 0B6E2D46FD66BFB1AACF80A4E42B31470A6335FE484F469E478BFCDBA9B84F66 ] Dnscache C:\windows\System32\dnsrslvr.dll 12:41:20.0904 0x1d08 Dnscache - ok 12:41:20.0935 0x1d08 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\windows\System32\dot3svc.dll 12:41:20.0982 0x1d08 dot3svc - ok 12:41:21.0013 0x1d08 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\windows\system32\dps.dll 12:41:21.0075 0x1d08 DPS - ok 12:41:21.0107 0x1d08 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 12:41:21.0138 0x1d08 drmkaud - ok 12:41:21.0169 0x1d08 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\windows\System32\DeviceSetupManager.dll 12:41:21.0247 0x1d08 DsmSvc - ok 12:41:21.0404 0x1d08 [ C8104980940704E2F86A6448C601FD06, 0EBA7901DB97AE6D09A12B7A82FF56587E7BA2772B59BE711CF1F216EAC4D3AE ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 12:41:21.0591 0x1d08 DXGKrnl - ok 12:41:21.0654 0x1d08 [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress C:\windows\system32\DRIVERS\e1i63x64.sys 12:41:21.0763 0x1d08 e1iexpress - ok 12:41:21.0779 0x1d08 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\windows\System32\eapsvc.dll 12:41:21.0872 0x1d08 Eaphost - ok 12:41:22.0295 0x1d08 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\windows\system32\drivers\evbda.sys 12:41:22.0702 0x1d08 ebdrv - ok 12:41:22.0842 0x1d08 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\windows\System32\lsass.exe 12:41:22.0889 0x1d08 EFS - ok 12:41:22.0920 0x1d08 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\windows\system32\drivers\EhStorClass.sys 12:41:22.0967 0x1d08 EhStorClass - ok 12:41:23.0014 0x1d08 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\windows\system32\drivers\EhStorTcgDrv.sys 12:41:23.0061 0x1d08 EhStorTcgDrv - ok 12:41:23.0092 0x1d08 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\windows\System32\drivers\errdev.sys 12:41:23.0155 0x1d08 ErrDev - ok 12:41:23.0293 0x1d08 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\windows\system32\es.dll 12:41:23.0387 0x1d08 EventSystem - ok 12:41:23.0527 0x1d08 [ 55588867D59BADA2F62E58618CE32B03, F7FAF420103272151194A475D6C8EF4449AFCED787AA3DF7C461370D828E522F ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 12:41:23.0606 0x1d08 EvtEng - ok 12:41:23.0652 0x1d08 [ 0BF32186C3EC11315C33CC29EA8DD86C, 82B43762A5BC9C0AB7B5D1F96DC47B34700924B598070A7CCB30C92EB5EE1599 ] ew_usbccgpfilter C:\windows\System32\drivers\ew_usbccgpfilter.sys 12:41:23.0793 0x1d08 ew_usbccgpfilter - ok 12:41:23.0809 0x1d08 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\windows\system32\drivers\exfat.sys 12:41:23.0949 0x1d08 exfat - ok 12:41:23.0981 0x1d08 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\windows\system32\drivers\fastfat.sys 12:41:24.0027 0x1d08 fastfat - ok 12:41:24.0106 0x1d08 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\windows\system32\fxssvc.exe 12:41:24.0231 0x1d08 Fax - ok 12:41:24.0262 0x1d08 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\windows\System32\drivers\fdc.sys 12:41:24.0434 0x1d08 fdc - ok 12:41:24.0481 0x1d08 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\windows\system32\fdPHost.dll 12:41:24.0543 0x1d08 fdPHost - ok 12:41:24.0590 0x1d08 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\windows\system32\fdrespub.dll 12:41:24.0652 0x1d08 FDResPub - ok 12:41:24.0699 0x1d08 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\windows\system32\fhsvc.dll 12:41:24.0809 0x1d08 fhsvc - ok 12:41:24.0840 0x1d08 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 12:41:24.0871 0x1d08 FileInfo - ok 12:41:24.0918 0x1d08 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\windows\system32\drivers\filetrace.sys 12:41:25.0027 0x1d08 Filetrace - ok 12:41:25.0074 0x1d08 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\windows\System32\drivers\flpydisk.sys 12:41:25.0152 0x1d08 flpydisk - ok 12:41:25.0231 0x1d08 [ E8F02B7A595B9E7F0A38BDB1C40C60A5, 64E64BA029B798739C38E524E24530EE570897E327B72854A8CBCE4FAD7AD1E5 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 12:41:25.0340 0x1d08 FltMgr - ok 12:41:25.0512 0x1d08 [ 223CD19D2F84B7B42081F4FB530B658F, 4A9D1A6688C3C8F0B866B0FE2715C9FBA62BE66D4ADCC327A8CABF9EA876A664 ] FontCache C:\windows\system32\FntCache.dll 12:41:25.0715 0x1d08 FontCache - ok 12:41:25.0778 0x1d08 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:41:25.0809 0x1d08 FontCache3.0.0.0 - ok 12:41:25.0903 0x1d08 [ 26EABEEA7F30DCF21DA0577C4EE26FAA, 20C3CD2579ED6853249B1EAEF23DF2904779BA2E806D00C30F81EA9A1612AE0F ] FoxitCloudUpdateService C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe 12:41:26.0389 0x1d08 FoxitCloudUpdateService - ok 12:41:26.0421 0x1d08 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\windows\system32\drivers\FsDepends.sys 12:41:26.0452 0x1d08 FsDepends - ok 12:41:26.0467 0x1d08 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 12:41:26.0530 0x1d08 Fs_Rec - ok 12:41:26.0608 0x1d08 [ 2C8D12C3C6E6FA87795B3328BDA85EB0, 042885D56D56BF43BE9C67721F2095FF896A91BE8C958058765D5191B6375A5F ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 12:41:26.0702 0x1d08 fvevol - ok 12:41:26.0733 0x1d08 [ 49E44F7804BD7575639A833ADC89A1B4, D89605DF3284A92623A42C906EABFAED4A206B089C76869D232F6AD711FEF6DB ] FxPPM C:\windows\System32\drivers\fxppm.sys 12:41:26.0843 0x1d08 FxPPM - ok 12:41:26.0874 0x1d08 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 12:41:26.0921 0x1d08 gagp30kx - ok 12:41:26.0936 0x1d08 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\windows\System32\drivers\vmgencounter.sys 12:41:26.0999 0x1d08 gencounter - ok 12:41:27.0046 0x1d08 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\windows\system32\Drivers\msgpioclx.sys 12:41:27.0093 0x1d08 GPIOClx0101 - ok 12:41:27.0202 0x1d08 [ 2DAFF4F76A90E3C523C2FE50338537E9, 625745E538208B50E8F5A9A2C09C6CD03D51E424BB16BC6C5B156CBC25373B6D ] gpsvc C:\windows\System32\gpsvc.dll 12:41:27.0343 0x1d08 gpsvc - ok 12:41:27.0374 0x1d08 [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb C:\windows\system32\drivers\grmnusb.sys 12:41:27.0389 0x1d08 grmnusb - ok 12:41:27.0436 0x1d08 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:41:27.0468 0x1d08 gupdate - ok 12:41:27.0483 0x1d08 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:41:27.0514 0x1d08 gupdatem - ok 12:41:27.0577 0x1d08 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 12:41:27.0702 0x1d08 HdAudAddService - ok 12:41:27.0733 0x1d08 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\windows\System32\drivers\HDAudBus.sys 12:41:27.0843 0x1d08 HDAudBus - ok 12:41:27.0858 0x1d08 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\windows\System32\drivers\HidBatt.sys 12:41:27.0968 0x1d08 HidBatt - ok 12:41:27.0983 0x1d08 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\windows\System32\drivers\hidbth.sys 12:41:28.0061 0x1d08 HidBth - ok 12:41:28.0093 0x1d08 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\windows\System32\drivers\hidi2c.sys 12:41:28.0186 0x1d08 hidi2c - ok 12:41:28.0233 0x1d08 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\windows\System32\drivers\hidir.sys 12:41:28.0280 0x1d08 HidIr - ok 12:41:28.0312 0x1d08 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\windows\system32\hidserv.dll 12:41:28.0343 0x1d08 hidserv - ok 12:41:28.0374 0x1d08 [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb C:\windows\System32\drivers\hidusb.sys 12:41:28.0483 0x1d08 HidUsb - ok 12:41:28.0515 0x1d08 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\windows\system32\kmsvc.dll 12:41:28.0546 0x1d08 hkmsvc - ok 12:41:28.0593 0x1d08 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\windows\system32\ListSvc.dll 12:41:28.0671 0x1d08 HomeGroupListener - ok 12:41:28.0765 0x1d08 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\windows\system32\provsvc.dll 12:41:28.0874 0x1d08 HomeGroupProvider - ok 12:41:28.0905 0x1d08 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 12:41:28.0937 0x1d08 HpSAMD - ok 12:41:29.0015 0x1d08 [ E45EB7AE6C890F2C8DE8F160AC641C8A, 3637D1FCE42A5600BD7FCC1F602C926968B327097CB36EE5FAC9140DD99EEC2D ] HTTP C:\windows\system32\drivers\HTTP.sys 12:41:29.0124 0x1d08 HTTP - ok 12:41:29.0171 0x1d08 [ E548929868BDFD3FC13B46D99605B764, 737C8A1210442533735F10BD80AFBB3E890D0CC9068F2406CA5C577C7C58B97C ] HuaweiHiSuiteService64.exe C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe 12:41:30.0470 0x1d08 HuaweiHiSuiteService64.exe - detected UnsignedFile.Multi.Generic ( 1 ) 12:41:30.0579 0x1d08 Detect skipped due to KSN trusted 12:41:30.0579 0x1d08 HuaweiHiSuiteService64.exe - ok 12:41:30.0610 0x1d08 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 12:41:30.0642 0x1d08 hwpolicy - ok 12:41:30.0673 0x1d08 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\windows\System32\drivers\hyperkbd.sys 12:41:30.0751 0x1d08 hyperkbd - ok 12:41:30.0767 0x1d08 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\windows\system32\DRIVERS\HyperVideo.sys 12:41:30.0845 0x1d08 HyperVideo - ok 12:41:30.0876 0x1d08 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\windows\System32\drivers\i8042prt.sys 12:41:31.0017 0x1d08 i8042prt - ok 12:41:31.0048 0x1d08 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\windows\System32\drivers\iaLPSSi_GPIO.sys 12:41:31.0063 0x1d08 iaLPSSi_GPIO - ok 12:41:31.0095 0x1d08 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\windows\System32\drivers\iaLPSSi_I2C.sys 12:41:31.0126 0x1d08 iaLPSSi_I2C - ok 12:41:31.0173 0x1d08 [ 60F6526DB3297C7324957EF3143F88FF, F0D4AF7E66CD42793C5137B4F5E66AFCE13253C3FF8D397921EA23CD04D49763 ] iaStorA C:\windows\system32\drivers\iaStorA.sys 12:41:31.0235 0x1d08 iaStorA - ok 12:41:31.0313 0x1d08 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\windows\system32\drivers\iaStorAV.sys 12:41:31.0376 0x1d08 iaStorAV - ok 12:41:31.0407 0x1d08 [ 9D7AFC77C928460336642D6EFDB5BDEA, 9CF555B94A21D7A518B9228B6BE86679200FEC4219156D7D2183CDC906BA4548 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 12:41:31.0423 0x1d08 IAStorDataMgrSvc - ok 12:41:31.0470 0x1d08 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 12:41:31.0532 0x1d08 iaStorV - ok 12:41:31.0579 0x1d08 [ CAAC69A001E1A5878D2F050F57F93DA4, 0A4263501F2C1C9E4B3764A2EF27607DF07810A10A2F23F3E389EA3E1E1ACA8A ] ibtusb C:\windows\system32\DRIVERS\ibtusb.sys 12:41:31.0610 0x1d08 ibtusb - ok 12:41:31.0642 0x1d08 [ C1010ADD3DDAE1196ED21057AF7B2AAE, 68196851855AD395008D7F29FCEB28BA4BEB1F062B1844A60813E7DD102ACB1C ] ICCWDT C:\windows\System32\drivers\ICCWDT.sys 12:41:31.0657 0x1d08 ICCWDT - ok 12:41:31.0657 0x1d08 IEEtwCollectorService - ok 12:41:31.0985 0x1d08 [ FFDCE455DA8BD9344494993897237AAF, 0CAB5926FE0F16F717858484DCD81F184108F1C6D8530280BC982E4C0CC24D0B ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 12:41:32.0472 0x1d08 igfx - ok 12:41:32.0519 0x1d08 [ 39F3C7E218CE9118106D166F09AE1352, B78ADFC87AACF868D62A7FB0971B8786C1315A9B4D34D3E3159AD3F24D78AD62 ] ikbevent C:\windows\system32\DRIVERS\ikbevent.sys 12:41:32.0535 0x1d08 ikbevent - ok 12:41:32.0628 0x1d08 [ 3B6E74B3BE0CA74525A37B5C8E510084, BEA54067BAA524A13A2F67EB76C6B206546BA06567446725CF8BA0D7F6A30311 ] IKEEXT C:\windows\System32\ikeext.dll 12:41:32.0753 0x1d08 IKEEXT - ok 12:41:32.0785 0x1d08 [ 404906005D768E48BF16218B420249C7, 78409A077F244FCAC806180384C240F3BB1FF7ECF02EDB5E5D3188F458AB23D1 ] imsevent C:\windows\system32\DRIVERS\imsevent.sys 12:41:32.0800 0x1d08 imsevent - ok 12:41:32.0816 0x1d08 [ 3F2BB021CB280880F8C1B7A6FEF9B447, CEC0BF9D6C9CF6E6A9F9B4E656BD47208AC977EDDC11C1C3BCD07EB50BABC017 ] INETMON C:\windows\System32\Drivers\INETMON.sys 12:41:32.0847 0x1d08 INETMON - ok 12:41:32.0847 0x1d08 [ DB65573521AB51941F4FA799D0968136, 418F5E3FE725B7B114F3DAEBDCEBCE7F4AD8ECAAFF572C02BA9ACCE86D55BFD8 ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys 12:41:32.0878 0x1d08 intaud_WaveExtensible - ok 12:41:33.0113 0x1d08 [ E39307AB89491751020D5FBD9E080926, A78A0ECF3DA005A76B0895FA0EEE3EC66AA9518307E1FFC59162D2E5308189E2 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 12:41:33.0425 0x1d08 IntcAzAudAddService - ok 12:41:33.0488 0x1d08 [ 56BF61A0F2CB461DFC78AC5260739D5C, DE6C0B6B614BE4BFEB7A2D992C4881BD720278247A0053B9154B453311B7E510 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 12:41:33.0550 0x1d08 IntcDAud - ok 12:41:33.0644 0x1d08 [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 12:41:33.0707 0x1d08 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 ) 12:41:33.0879 0x1d08 Detect skipped due to KSN trusted 12:41:33.0894 0x1d08 Intel(R) Capability Licensing Service Interface - ok 12:41:34.0019 0x1d08 [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe 12:41:34.0113 0x1d08 Intel(R) Capability Licensing Service TCP IP Interface - ok 12:41:34.0160 0x1d08 [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 12:41:34.0191 0x1d08 Intel(R) ME Service - ok 12:41:34.0222 0x1d08 [ 441D5FAF24CC2EC115B654A55C52F0AF, 5BF5299DAD9A7076C43D68C70E02AEC8DBFD89C1AFDF7CD6AB95550EE25EEB36 ] Intel(R) Wireless Bluetooth(R) 4.0 Radio Management C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe 12:41:34.0255 0x1d08 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - ok 12:41:34.0270 0x1d08 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\windows\system32\drivers\intelide.sys 12:41:34.0301 0x1d08 intelide - ok 12:41:34.0317 0x1d08 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\windows\system32\drivers\intelpep.sys 12:41:34.0348 0x1d08 intelpep - ok 12:41:34.0380 0x1d08 [ 24FF99B76037E1449E4E2E6DDF03F417, D001CFF6CF40B47E8D235378A563DAE22D32B4AE1D50755436567B6B2BB188A3 ] intelppm C:\windows\System32\drivers\intelppm.sys 12:41:34.0473 0x1d08 intelppm - ok 12:41:34.0536 0x1d08 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 12:41:34.0755 0x1d08 IpFilterDriver - ok 12:41:34.0864 0x1d08 [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 12:41:35.0005 0x1d08 iphlpsvc - ok 12:41:35.0036 0x1d08 [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV C:\windows\System32\drivers\IPMIDrv.sys 12:41:35.0223 0x1d08 IPMIDRV - ok 12:41:35.0301 0x1d08 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\windows\system32\drivers\ipnat.sys 12:41:35.0458 0x1d08 IPNAT - ok 12:41:35.0567 0x1d08 [ 1D91D4B53167405C0595A66662D21E04, 79BBCC69088A3D2573A7AE2F68E29BC5D6A070C30AC825E442611FD3AFBFC52B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 12:41:35.0645 0x1d08 iPod Service - ok 12:41:35.0676 0x1d08 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\windows\system32\drivers\irenum.sys 12:41:35.0755 0x1d08 IRENUM - ok 12:41:35.0786 0x1d08 [ 00AD710037F4A4F00CDDD94CBA7BABEA, 234FD60D659D9338C9FA0A54D176840BFDDEEB358DAF67A8B13F7699D442CAC0 ] isapnp C:\windows\system32\drivers\isapnp.sys 12:41:35.0817 0x1d08 isapnp - ok 12:41:35.0880 0x1d08 [ 6205F494094FC3DB755CB1139917D058, EFD5CBE86D4523F9693E26F78292A52B211B25451B47B26B8C3CBC00B3C86C25 ] iScsiPrt C:\windows\System32\drivers\msiscsi.sys 12:41:35.0942 0x1d08 iScsiPrt - ok 12:41:35.0973 0x1d08 [ 4EE2423C38F43D37F8497A672FD10BDC, 031C5272DD28809255CF4FA8E6DE45DBFBD9A363BBD5156D0AEE0787C4297980 ] ISCT C:\windows\System32\drivers\ISCTD64.sys 12:41:35.0989 0x1d08 ISCT - ok 12:41:36.0020 0x1d08 [ 5215D12B13FC2BC7717AA4884846D34F, B97B8FFC6FB212398BF772C08B318411EA70B683B816906F30EF35DEB5B1C130 ] ISCTAgent C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 12:41:36.0067 0x1d08 ISCTAgent - ok 12:41:36.0083 0x1d08 [ 2C04ACF9070282AC9AA837C52CA3C128, 2C68FE2E876E5089F27021038E868E21288F694F3ED0390AED5B4712CC7567EC ] iwdbus C:\windows\System32\drivers\iwdbus.sys 12:41:36.0114 0x1d08 iwdbus - ok 12:41:36.0161 0x1d08 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 12:41:36.0192 0x1d08 jhi_service - ok 12:41:36.0208 0x1d08 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\windows\System32\drivers\kbdclass.sys 12:41:36.0240 0x1d08 kbdclass - ok 12:41:36.0271 0x1d08 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\windows\System32\drivers\kbdhid.sys 12:41:36.0381 0x1d08 kbdhid - ok 12:41:36.0396 0x1d08 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\windows\system32\DRIVERS\kdnic.sys 12:41:36.0506 0x1d08 kdnic - ok 12:41:36.0537 0x1d08 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\windows\system32\lsass.exe 12:41:36.0568 0x1d08 KeyIso - ok 12:41:36.0599 0x1d08 [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 12:41:36.0631 0x1d08 KSecDD - ok 12:41:36.0662 0x1d08 [ A9C617281ECE2711C02F3B7C951A1882, AD871D3C2A9EA9F4D1809C93093EC314DFFFF8CBCD176E96941F26AF9DB7AF4E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 12:41:36.0693 0x1d08 KSecPkg - ok 12:41:36.0709 0x1d08 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 12:41:36.0787 0x1d08 ksthunk - ok 12:41:36.0834 0x1d08 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\windows\system32\msdtckrm.dll 12:41:36.0896 0x1d08 KtmRm - ok 12:41:36.0974 0x1d08 [ B75ADC97905F43C7C946F1465A8697BD, AF50E3F5DBF222DB095B40FD4896650B5F8DD47153CB9A1ADE54D17FCE85C529 ] LanmanServer C:\windows\system32\srvsvc.dll 12:41:37.0037 0x1d08 LanmanServer - ok 12:41:37.0084 0x1d08 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\windows\System32\wkssvc.dll 12:41:37.0177 0x1d08 LanmanWorkstation - ok 12:41:37.0302 0x1d08 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\windows\System32\GeofenceMonitorService.dll 12:41:37.0412 0x1d08 lfsvc - ok 12:41:37.0443 0x1d08 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 12:41:37.0584 0x1d08 lltdio - ok 12:41:37.0615 0x1d08 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\windows\System32\lltdsvc.dll 12:41:37.0693 0x1d08 lltdsvc - ok 12:41:37.0724 0x1d08 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\windows\System32\lmhsvc.dll 12:41:37.0771 0x1d08 lmhosts - ok 12:41:37.0849 0x1d08 [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 12:41:37.0896 0x1d08 LMS - ok 12:41:37.0974 0x1d08 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 12:41:38.0037 0x1d08 LSI_SAS - ok 12:41:38.0052 0x1d08 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 12:41:38.0099 0x1d08 LSI_SAS2 - ok 12:41:38.0131 0x1d08 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\windows\system32\drivers\lsi_sas3.sys 12:41:38.0177 0x1d08 LSI_SAS3 - ok 12:41:38.0193 0x1d08 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\windows\system32\drivers\lsi_sss.sys 12:41:38.0249 0x1d08 LSI_SSS - ok 12:41:38.0313 0x1d08 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\windows\System32\lsm.dll 12:41:38.0454 0x1d08 LSM - ok 12:41:38.0485 0x1d08 [ B0AF753AF28303BB69C67BD85F06FFC9, 6B6805C17BC39F972BB7FF52BDF798B0B57EC5D5F3CE1C97415E86110235C603 ] luafv C:\windows\system32\drivers\luafv.sys 12:41:38.0642 0x1d08 luafv - ok 12:41:38.0657 0x1d08 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\windows\system32\drivers\megasas.sys 12:41:38.0688 0x1d08 megasas - ok 12:41:38.0751 0x1d08 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\windows\system32\drivers\megasr.sys 12:41:38.0829 0x1d08 megasr - ok 12:41:38.0860 0x1d08 [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64 C:\windows\system32\DRIVERS\TeeDriverx64.sys 12:41:38.0892 0x1d08 MEIx64 - ok 12:41:38.0923 0x1d08 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\windows\system32\mmcss.dll 12:41:38.0954 0x1d08 MMCSS - ok 12:41:38.0970 0x1d08 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\windows\system32\drivers\modem.sys 12:41:39.0048 0x1d08 Modem - ok 12:41:39.0063 0x1d08 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\windows\System32\drivers\monitor.sys 12:41:39.0220 0x1d08 monitor - ok 12:41:39.0251 0x1d08 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\windows\System32\drivers\mouclass.sys 12:41:39.0282 0x1d08 mouclass - ok 12:41:39.0298 0x1d08 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\windows\System32\drivers\mouhid.sys 12:41:39.0392 0x1d08 mouhid - ok 12:41:39.0423 0x1d08 [ E5E8665272EBCD87A0A632314F0D221D, 37FDC4CEB8E5FC39C10DE875676863D090CFEA708AC3A8415114DCDD94BD7A1D ] mountmgr C:\windows\system32\drivers\mountmgr.sys 12:41:39.0454 0x1d08 mountmgr - ok 12:41:39.0517 0x1d08 [ 2EDD920BD669C571E3EEFCAAE4FD4C37, D029269D17BC2D2D4B98F331D9F69A973813FBBEF433E260858309D43C09AC09 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 12:41:39.0595 0x1d08 MozillaMaintenance - ok 12:41:39.0658 0x1d08 [ BF2513029E231BE96D82F7C3ABFF87F4, F6DB64112CC50EEE495E2D7C61B8BDBE757A31B03144B0396615FD38C312824E ] MpKsl31aab2c5 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{79D31205-2F6D-4B70-BFC1-D5318EFAC7DE}\MpKsl31aab2c5.sys 12:41:39.0704 0x1d08 MpKsl31aab2c5 - ok 12:41:39.0720 0x1d08 [ 2C8149371222053B82349A6E250900EB, CC6FE69C7B1F9D9EBCCD8568364CD062940962EF42903715CA7F8B877C6B40F7 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 12:41:39.0861 0x1d08 mpsdrv - ok 12:41:39.0939 0x1d08 [ 4D33C8B6159B61C7F13984ED10EA2A82, 2E6B8C104F34BFED3C521062F0F12B8D9B4A602221256C41791932771EB79B2C ] MpsSvc C:\windows\system32\mpssvc.dll 12:41:40.0079 0x1d08 MpsSvc - ok 12:41:40.0142 0x1d08 [ 3F818C1518DA702C8F10259095C9BDE0, B98C1A6F9A3C01A10503B2B2C45CC89AFF17B346B15990F4DB4820F68BDC62C8 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 12:41:40.0267 0x1d08 MRxDAV - ok 12:41:40.0314 0x1d08 [ CF49856813FFDF2EB251762BB8B675C8, 5976D21C6B0A1FF489B406108DBE6ACDB22D706F437B12F58552A6EAA9D3BFD7 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 12:41:40.0407 0x1d08 mrxsmb - ok 12:41:40.0470 0x1d08 [ AFE6DC2E57E876175BA074AD2CB5594F, 004873302BA0BF1B1359A90A5399915BE00A9ED800F60E477A5AE4682C70A708 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 12:41:40.0595 0x1d08 mrxsmb10 - ok 12:41:40.0626 0x1d08 [ B37B58F9F80A51098C42663D5FA5F2BA, 996E2D8344F0095C136D1670D63A476E6B6F6BBA9DD773EEE5F0FD580562B000 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 12:41:40.0704 0x1d08 mrxsmb20 - ok 12:41:40.0736 0x1d08 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\windows\system32\DRIVERS\bridge.sys 12:41:40.0814 0x1d08 MsBridge - ok 12:41:40.0845 0x1d08 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\windows\System32\msdtc.exe 12:41:40.0892 0x1d08 MSDTC - ok 12:41:40.0923 0x1d08 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\windows\system32\drivers\Msfs.sys 12:41:41.0001 0x1d08 Msfs - ok 12:41:41.0033 0x1d08 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\windows\System32\drivers\msgpiowin32.sys 12:41:41.0064 0x1d08 msgpiowin32 - ok 12:41:41.0079 0x1d08 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 12:41:41.0157 0x1d08 mshidkmdf - ok 12:41:41.0189 0x1d08 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\windows\System32\drivers\mshidumdf.sys 12:41:41.0253 0x1d08 mshidumdf - ok 12:41:41.0284 0x1d08 [ 15552CD43BD9DA6C00659167403D19E6, B93BAE0FB5A132FA3F0218B07284117D424175DB0A69C4FB3E3C2E33F122207F ] msisadrv C:\windows\system32\drivers\msisadrv.sys 12:41:41.0300 0x1d08 msisadrv - ok 12:41:41.0331 0x1d08 [ A06142B3850B06972F1C89748FAA2C02, B1CCC5C8D100FEB384FCC85FED2A77F47DA4C9BA5F6889A130F4D73E30ACAA78 ] MSiSCSI C:\windows\system32\iscsiexe.dll 12:41:41.0409 0x1d08 MSiSCSI - ok 12:41:41.0409 0x1d08 msiserver - ok 12:41:41.0440 0x1d08 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 12:41:41.0503 0x1d08 MSKSSRV - ok 12:41:41.0518 0x1d08 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\windows\system32\DRIVERS\mslldp.sys 12:41:41.0706 0x1d08 MsLldp - ok 12:41:41.0722 0x1d08 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 12:41:41.0768 0x1d08 MSPCLOCK - ok 12:41:41.0815 0x1d08 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 12:41:41.0878 0x1d08 MSPQM - ok 12:41:41.0925 0x1d08 [ 493AA78266AA041593DB24155556B8BF, CBAF7FAD5215957D8B8C5956DB423249BB630FCFD03A10B9734E889D594F8EBD ] MsRPC C:\windows\system32\drivers\MsRPC.sys 12:41:41.0987 0x1d08 MsRPC - ok 12:41:42.0003 0x1d08 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\windows\System32\drivers\mssmbios.sys 12:41:42.0034 0x1d08 mssmbios - ok 12:41:42.0050 0x1d08 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 12:41:42.0112 0x1d08 MSTEE - ok 12:41:42.0144 0x1d08 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\windows\System32\drivers\MTConfig.sys 12:41:42.0206 0x1d08 MTConfig - ok 12:41:42.0237 0x1d08 [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup C:\windows\system32\Drivers\mup.sys 12:41:42.0268 0x1d08 Mup - ok 12:41:42.0300 0x1d08 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\windows\system32\drivers\mvumis.sys 12:41:42.0331 0x1d08 mvumis - ok 12:41:42.0362 0x1d08 [ FCDCFEDAF3C1D61DE11FA0DE9453699C, 4E79F1040E62B0DEE00F3035DBFE5241A459FE4C1A46337FF13A25FF8C5A64A5 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 12:41:42.0393 0x1d08 MyWiFiDHCPDNS - ok 12:41:42.0440 0x1d08 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\windows\system32\qagentRT.dll 12:41:42.0518 0x1d08 napagent - ok 12:41:42.0581 0x1d08 [ F3A70F2C79D91B7C95F78E959DEDAD0E, CB1826614D1EEC1C2E8E6F8D2B8DE486CE7AF628DAC6969655E57EC4BAF70C9D ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 12:41:42.0675 0x1d08 NativeWifiP - ok 12:41:42.0737 0x1d08 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\windows\System32\ncasvc.dll 12:41:42.0800 0x1d08 NcaSvc - ok 12:41:42.0862 0x1d08 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\windows\System32\ncbservice.dll 12:41:42.0925 0x1d08 NcbService - ok 12:41:42.0956 0x1d08 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\windows\System32\NcdAutoSetup.dll 12:41:43.0018 0x1d08 NcdAutoSetup - ok 12:41:43.0128 0x1d08 [ FFAA6C6E798FBA448FA7628A1B277F5C, 9E1F2C848A019CE6397F652A21AE43B76149EF95452BB8353249BD9E28D98083 ] NDIS C:\windows\system32\drivers\ndis.sys 12:41:43.0253 0x1d08 NDIS - ok 12:41:43.0300 0x1d08 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 12:41:43.0378 0x1d08 NdisCap - ok 12:41:43.0409 0x1d08 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\windows\system32\DRIVERS\NdisImPlatform.sys 12:41:43.0534 0x1d08 NdisImPlatform - ok 12:41:43.0550 0x1d08 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 12:41:43.0675 0x1d08 NdisTapi - ok 12:41:43.0690 0x1d08 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 12:41:43.0768 0x1d08 Ndisuio - ok 12:41:43.0800 0x1d08 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\windows\System32\drivers\NdisVirtualBus.sys 12:41:43.0909 0x1d08 NdisVirtualBus - ok 12:41:43.0956 0x1d08 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 12:41:44.0112 0x1d08 NdisWan - ok 12:41:44.0128 0x1d08 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy C:\windows\system32\DRIVERS\ndiswan.sys 12:41:44.0175 0x1d08 NdisWanLegacy - ok 12:41:44.0206 0x1d08 [ 4F5178EEF4CC259F0A8CF56C2F16ADDB, 1940275E4AB0A863B146736A189F797EE06841DD74376AF6E09033FB1EEB6643 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 12:41:44.0316 0x1d08 NDProxy - ok 12:41:44.0347 0x1d08 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\windows\system32\drivers\Ndu.sys 12:41:44.0456 0x1d08 Ndu - ok 12:41:44.0472 0x1d08 [ AD6A78E25BBC916354753A500C4E73C8, 52D10B07CA52B90E6934EC8916715B1BA78711A12600980A3A7A16EA5408F99A ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 12:41:44.0581 0x1d08 NetBIOS - ok 12:41:44.0613 0x1d08 [ 0FE750800DEEE91D22399D081371BA79, 7E1E01A5D5BAE68F975070D1676BD830ADF010E42A8046D4074D17B710230CD9 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 12:41:44.0753 0x1d08 NetBT - ok 12:41:44.0769 0x1d08 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\windows\system32\lsass.exe 12:41:44.0800 0x1d08 Netlogon - ok 12:41:44.0831 0x1d08 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\windows\System32\netman.dll 12:41:44.0894 0x1d08 Netman - ok 12:41:44.0972 0x1d08 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\windows\System32\netprofmsvc.dll 12:41:45.0066 0x1d08 netprofm - ok 12:41:45.0113 0x1d08 [ C986B84B68DDA3EECB65F4C330175522, 8F40D3F90BC61FC57BEA66280FF30DEFB1F37F53636992B1C61D01465684BB39 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:41:45.0160 0x1d08 NetTcpPortSharing - ok 12:41:45.0191 0x1d08 [ 39935F3D3582A8B3387E9A2ED4C85413, 4B0629CA22B9AEF90425991BC800043DBE18007AC90445809A8D5D122B41218D ] netvsc C:\windows\System32\drivers\netvsc63.sys 12:41:45.0332 0x1d08 netvsc - ok 12:41:45.0692 0x1d08 [ B6EDB4D2BA55CA06FF679FA4B885B1F4, 3A5E509B52216DEFBEDE2CA35C77A2AB8114E41D702765F6712DD8D24B394826 ] NETwNb64 C:\windows\system32\DRIVERS\NETwbw02.sys 12:41:46.0161 0x1d08 NETwNb64 - ok 12:41:46.0646 0x1d08 [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64 C:\windows\system32\DRIVERS\NETwew02.sys 12:41:47.0161 0x1d08 NETwNe64 - ok 12:41:47.0255 0x1d08 [ A0D7A655BC61C2421CB33F3A1CD97B8A, EF87D3CDB01789195E83FB629B0871ED03211C624BCF814260D86DDA57BD9B33 ] NlaSvc C:\windows\System32\nlasvc.dll 12:41:47.0333 0x1d08 NlaSvc - ok 12:41:47.0364 0x1d08 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\windows\system32\drivers\Npfs.sys 12:41:47.0458 0x1d08 Npfs - ok 12:41:47.0474 0x1d08 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\windows\System32\drivers\npsvctrig.sys 12:41:47.0583 0x1d08 npsvctrig - ok 12:41:47.0599 0x1d08 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\windows\system32\nsisvc.dll 12:41:47.0646 0x1d08 nsi - ok 12:41:47.0677 0x1d08 [ 018510D88536798852DAE12F9BA6E138, C0D89C36F8737FD139CEA80BED65D1DB4248E667804645FF71C39BA92FEC4109 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 12:41:47.0786 0x1d08 nsiproxy - ok 12:41:48.0036 0x1d08 [ 9E60AD04B25D39986599D4397FD96FF8, F4004443A7982EDE01F6069F0601BBAB452B62F1D1F954AFFDA2FE8DA13BFCE5 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 12:41:48.0259 0x1d08 Ntfs - ok 12:41:48.0306 0x1d08 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\windows\system32\drivers\Null.sys 12:41:48.0384 0x1d08 Null - ok 12:41:48.0447 0x1d08 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\windows\system32\drivers\nvraid.sys 12:41:48.0478 0x1d08 nvraid - ok 12:41:48.0509 0x1d08 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\windows\system32\drivers\nvstor.sys 12:41:48.0541 0x1d08 nvstor - ok 12:41:48.0572 0x1d08 [ 9D1D5F4A66790A6B6B83B49497DB7A9F, CEFB57674BB681A0F446307E6D10D141DC2F5C5650A481FCF4D7FA877F421D0B ] nv_agp C:\windows\system32\drivers\nv_agp.sys 12:41:48.0603 0x1d08 nv_agp - ok 12:41:48.0697 0x1d08 [ 0EEC96B0A5E87A5A4A9D37F8C1CEC929, E46C6B4C0E9ADBF4CB3F837C1AAE21BE574A14E1C1422AECB81A6571E5B68D5A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:41:48.0900 0x1d08 ose - ok 12:41:48.0963 0x1d08 [ B0D4F47A4D74F6E6A3FF6B2D109D6734, B34F0AF0EAE3A39FCE8BF3871310A7308E2C0BEF3E2F4CAB5852F8D2B2A8B457 ] p2pimsvc C:\windows\system32\pnrpsvc.dll 12:41:49.0072 0x1d08 p2pimsvc - ok 12:41:49.0119 0x1d08 [ 0B100C336809C1D7DBD108A75DAFFEF5, F8E5B7EBB5F751FD5BBBD0A5CE5CD60F2EE32CC75EFA68DAAD17E2B26B71AF4E ] p2psvc C:\windows\system32\p2psvc.dll 12:41:49.0228 0x1d08 p2psvc - ok 12:41:49.0291 0x1d08 [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport C:\windows\System32\drivers\parport.sys 12:41:49.0509 0x1d08 Parport - ok 12:41:49.0541 0x1d08 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\windows\system32\drivers\partmgr.sys 12:41:49.0572 0x1d08 partmgr - ok 12:41:49.0666 0x1d08 [ 10D35971E29936AE422A9C728014E761, 7B1547312663D50D72B76A7C13A01E532F41132A8E108AF5C6C086B456C86ACA ] PcaSvc C:\windows\System32\pcasvc.dll 12:41:49.0775 0x1d08 PcaSvc - ok 12:41:49.0822 0x1d08 [ 9C1015B033ABDFC59584F480207AECDD, 288011A1F5A6C6D530122210EF3CAD09DF0BDA15E490CD5C52209037B3A0714F ] pci C:\windows\system32\drivers\pci.sys 12:41:49.0884 0x1d08 pci - ok 12:41:49.0916 0x1d08 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\windows\system32\drivers\pciide.sys 12:41:49.0931 0x1d08 pciide - ok 12:41:49.0978 0x1d08 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\windows\system32\drivers\pcmcia.sys 12:41:50.0009 0x1d08 pcmcia - ok 12:41:50.0041 0x1d08 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\windows\system32\drivers\pcw.sys 12:41:50.0072 0x1d08 pcw - ok 12:41:50.0103 0x1d08 [ E6B3ACBA06BAF48594557FCCBFA66FD2, 44A0FAC6169D9130870456DEFBFFE563FCCC4AD7A9754B455D5A1C1A77F0699D ] pdc C:\windows\system32\drivers\pdc.sys 12:41:50.0134 0x1d08 pdc - ok 12:41:50.0197 0x1d08 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\windows\system32\drivers\peauth.sys 12:41:50.0400 0x1d08 PEAUTH - ok 12:41:50.0478 0x1d08 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\windows\SysWow64\perfhost.exe 12:41:50.0728 0x1d08 PerfHost - ok 12:41:50.0838 0x1d08 [ 64351455DF585673FECA37136BC8CBAC, 41376D69CD5F241F27E4F1B2FF06056DB5551C62393DD5FC357B38CC61677EFE ] PGService C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe 12:41:50.0869 0x1d08 PGService - ok 12:41:50.0916 0x1d08 [ 29D2ADBA0F22B82D7B1C502A26558C7B, C0280D99614DE2490413ED6DB06CFBD0480766D0F7173DEEBCA6AE8D2CB111F7 ] PG_Service_Launcher C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe 12:41:50.0963 0x1d08 PG_Service_Launcher - ok 12:41:51.0103 0x1d08 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\windows\system32\pla.dll 12:41:51.0261 0x1d08 pla - ok 12:41:51.0308 0x1d08 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\windows\system32\umpnpmgr.dll 12:41:51.0354 0x1d08 PlugPlay - ok 12:41:51.0386 0x1d08 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 12:41:51.0464 0x1d08 PNRPAutoReg - ok 12:41:51.0511 0x1d08 [ B0D4F47A4D74F6E6A3FF6B2D109D6734, B34F0AF0EAE3A39FCE8BF3871310A7308E2C0BEF3E2F4CAB5852F8D2B2A8B457 ] PNRPsvc C:\windows\system32\pnrpsvc.dll 12:41:51.0573 0x1d08 PNRPsvc - ok 12:41:51.0636 0x1d08 [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent C:\windows\System32\ipsecsvc.dll 12:41:51.0745 0x1d08 PolicyAgent - ok 12:41:51.0761 0x1d08 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\windows\system32\umpo.dll 12:41:51.0808 0x1d08 Power - ok 12:41:51.0854 0x1d08 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 12:41:51.0995 0x1d08 PptpMiniport - ok 12:41:52.0294 0x1d08 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll 12:41:52.0825 0x1d08 PrintNotify - ok 12:41:52.0872 0x1d08 [ 400E95F70BC0336D206139C930C3F7F6, 50D40C9E4B4BAEC25067B0A4E55A8FE0CEF6C6B66BDBAE62BBDB5A02C62DDF7E ] Processor C:\windows\System32\drivers\processr.sys 12:41:52.0966 0x1d08 Processor - ok 12:41:52.0997 0x1d08 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\windows\system32\profsvc.dll 12:41:53.0091 0x1d08 ProfSvc - ok 12:41:53.0122 0x1d08 [ DEF4D00D1E55B1E29138A1541D0B82D3, CB042B49BA34F501CAD5AE1277EBFC34BD7BC01C1251811733901566880FF280 ] Psched C:\windows\system32\DRIVERS\pacer.sys 12:41:53.0231 0x1d08 Psched - ok 12:41:53.0263 0x1d08 [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio C:\windows\system32\pwdrvio.sys 12:41:53.0294 0x1d08 pwdrvio - ok 12:41:53.0310 0x1d08 [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio C:\windows\system32\pwdspio.sys 12:41:53.0341 0x1d08 pwdspio - ok 12:41:53.0388 0x1d08 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\windows\system32\qwave.dll 12:41:53.0466 0x1d08 QWAVE - ok 12:41:53.0497 0x1d08 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 12:41:53.0575 0x1d08 QWAVEdrv - ok 12:41:53.0591 0x1d08 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 12:41:53.0685 0x1d08 RasAcd - ok 12:41:53.0732 0x1d08 [ D5ECE7E7F349EB3C4B152AFF3577280D, 3A5D3E440D1ED72D654BBFE30A73667F055C0AD04375C22C202F21BF75B612B2 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 12:41:53.0857 0x1d08 RasAgileVpn - ok 12:41:53.0904 0x1d08 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\windows\System32\rasauto.dll 12:41:53.0966 0x1d08 RasAuto - ok 12:41:54.0013 0x1d08 [ 235624C147E3CB4C288D5D3D8E8D64A2, B3F182019DBAD9C761FE9F62EAED34AD5902B41A13A766D814FC3E2EA29D8D92 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 12:41:54.0138 0x1d08 Rasl2tp - ok 12:41:54.0216 0x1d08 [ 0A655DD285E4E1E2975CEAB8FDE75295, 023B73A71CB48578702548F8F1096BDF72BE09D836F2D324DDA869E4F0354133 ] RasMan C:\windows\System32\rasmans.dll 12:41:54.0310 0x1d08 RasMan - ok 12:41:54.0341 0x1d08 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 12:41:54.0419 0x1d08 RasPppoe - ok 12:41:54.0451 0x1d08 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 12:41:54.0591 0x1d08 RasSstp - ok 12:41:54.0638 0x1d08 [ 3560C2D5A5DAC09BF81F5C5CD0029192, BF07AE75CAC322304024AF2385034847F18615439894306CC96D3F6F3C088CB5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 12:41:54.0747 0x1d08 rdbss - ok 12:41:54.0779 0x1d08 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\windows\System32\drivers\rdpbus.sys 12:41:54.0904 0x1d08 rdpbus - ok 12:41:54.0935 0x1d08 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\windows\system32\drivers\rdpdr.sys 12:41:55.0154 0x1d08 RDPDR - ok 12:41:55.0216 0x1d08 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys 12:41:55.0232 0x1d08 RdpVideoMiniport - ok 12:41:55.0279 0x1d08 [ 468F9F3886DD3320357ECDBFF838DBBF, B8A8198A3D7CF19D662718AC9D33AD3722D179DA88D9F3FCFFB67AAA3F95C153 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 12:41:55.0326 0x1d08 rdyboost - ok 12:41:55.0404 0x1d08 [ D6B1EC83A1C6B7E49074429F0E0B3A6A, A1D61E8AAFE731EECD78865102707F65C62CF1B5A45F811C877EBC72939C8202 ] ReFS C:\windows\system32\drivers\ReFS.sys 12:41:55.0529 0x1d08 ReFS - ok 12:41:55.0607 0x1d08 [ 5B1F724CBCA8E08DC9D4C158C9BC1C1C, D5B170CF4B5420213130E151AFBBD9B84C5F7E710F5F67066E07095DEC1BD4B9 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 12:41:55.0623 0x1d08 RegSrvc - ok 12:41:55.0685 0x1d08 [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess C:\windows\System32\mprdim.dll 12:41:55.0748 0x1d08 RemoteAccess - ok 12:41:55.0779 0x1d08 [ 7594FEFBAD6BA4645CE7AA175C19BAD0, 32625BA39B905576F0465E261F15D222ED228A19071E3A1BC4286B5FECA0F948 ] RemoteRegistry C:\windows\system32\regsvc.dll 12:41:55.0857 0x1d08 RemoteRegistry - ok 12:41:55.0888 0x1d08 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\windows\System32\drivers\rfcomm.sys 12:41:55.0998 0x1d08 RFCOMM - ok 12:41:56.0045 0x1d08 [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe 12:41:56.0107 0x1d08 RichVideo64 - ok 12:41:56.0123 0x1d08 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 12:41:56.0201 0x1d08 RpcEptMapper - ok 12:41:56.0201 0x1d08 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\windows\system32\locator.exe 12:41:56.0279 0x1d08 RpcLocator - ok 12:41:56.0357 0x1d08 [ 2928249E4DD39C2ADD3E74F02427AB8B, E331028A55FFFD753BC09163F25765AA67B1FE55BD0EB2803CC50D841E14BDA6 ] RpcSs C:\windows\system32\rpcss.dll 12:41:56.0451 0x1d08 RpcSs - ok 12:41:56.0467 0x1d08 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 12:41:56.0561 0x1d08 rspndr - ok 12:41:56.0639 0x1d08 [ 948D5E71CF9DB59961353A355EA45139, A23D012B07A92CC217C67C904CDFBA2BCCDCC2BD49B24FB694BD230D000F2B7B ] RTL8168 C:\windows\system32\DRIVERS\Rt630x64.sys 12:41:56.0717 0x1d08 RTL8168 - ok 12:41:56.0779 0x1d08 [ D1255851605A6FBFC5D740152D7FEEA3, 3780D3CD521176850E080A0541201C43ED9E84E2EC7D355DA317CCA491913194 ] RTSPER C:\windows\system32\DRIVERS\RtsPer.sys 12:41:56.0826 0x1d08 RTSPER - ok 12:41:57.0639 0x1d08 [ D72F22971F0F492BE045EBAB0C79177D, 984B161880226440B5BF09478C783543C242CA995E56074229385E88FF87399A ] rtsuvc C:\windows\system32\DRIVERS\rtsuvc.sys 12:41:58.0483 0x1d08 rtsuvc - ok 12:41:58.0530 0x1d08 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\windows\System32\drivers\vms3cap.sys 12:41:58.0608 0x1d08 s3cap - ok 12:41:58.0655 0x1d08 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\windows\system32\lsass.exe 12:41:58.0686 0x1d08 SamSs - ok 12:41:58.0717 0x1d08 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\windows\system32\drivers\sbp2port.sys 12:41:58.0749 0x1d08 sbp2port - ok 12:41:58.0795 0x1d08 [ 305B725E3FC1936162FE84A0BB526F22, 341E311BAF071F630E277BA41629883D5F8DB76E820425AB898BAC13D09971DC ] SCardSvr C:\windows\System32\SCardSvr.dll 12:41:58.0842 0x1d08 SCardSvr - ok 12:41:58.0905 0x1d08 [ 92D2FA1870F4EB4A9BA767DB6E0DEF6F, AB019E17D5F330CBB7F7CAF8CEB01F3F3DBBB181CDE19E4C2354AF51E66C8291 ] ScDeviceEnum C:\windows\System32\ScDeviceEnum.dll 12:41:58.0952 0x1d08 ScDeviceEnum - ok 12:41:58.0967 0x1d08 [ DEA731D96816F1F67C32F49E4EF248DD, 6A977D80164616A85BDAE437A3D50E055720E3163941259F19E8719F54BE267D ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 12:41:59.0045 0x1d08 scfilter - ok 12:41:59.0170 0x1d08 [ F5523FFAFFCE7937D076E4FE6F5BD9AD, 42B08D5B54C07331D3754688878122F9CD9C7C9253C5ED8C3185C4BF6F68D847 ] Schedule C:\windows\system32\schedsvc.dll 12:41:59.0295 0x1d08 Schedule - ok 12:41:59.0342 0x1d08 [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] SCPolicySvc C:\windows\System32\certprop.dll 12:41:59.0374 0x1d08 SCPolicySvc - ok 12:41:59.0420 0x1d08 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\windows\System32\drivers\sdbus.sys 12:41:59.0467 0x1d08 sdbus - ok 12:41:59.0514 0x1d08 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\windows\System32\drivers\sdstor.sys 12:41:59.0545 0x1d08 sdstor - ok 12:41:59.0561 0x1d08 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys 12:41:59.0717 0x1d08 secdrv - ok 12:41:59.0749 0x1d08 [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\windows\system32\seclogon.dll 12:41:59.0858 0x1d08 seclogon - ok 12:41:59.0920 0x1d08 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\windows\System32\sens.dll 12:42:00.0045 0x1d08 SENS - ok 12:42:00.0108 0x1d08 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\windows\system32\sensrsvc.dll 12:42:00.0233 0x1d08 SensrSvc - ok 12:42:00.0249 0x1d08 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\windows\system32\drivers\SerCx.sys 12:42:00.0281 0x1d08 SerCx - ok 12:42:00.0312 0x1d08 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\windows\system32\drivers\SerCx2.sys 12:42:00.0359 0x1d08 SerCx2 - ok 12:42:00.0375 0x1d08 [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum C:\windows\System32\drivers\serenum.sys 12:42:00.0484 0x1d08 Serenum - ok 12:42:00.0531 0x1d08 [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial C:\windows\System32\drivers\serial.sys 12:42:00.0609 0x1d08 Serial - ok 12:42:00.0640 0x1d08 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\windows\System32\drivers\sermouse.sys 12:42:00.0703 0x1d08 sermouse - ok 12:42:00.0781 0x1d08 [ 624BB76941938B9F5776DEA56004D33E, D4EE7A23665D71646622D477CA962335B4C17BAC931A728122DF8C112CD5A560 ] SessionEnv C:\windows\system32\sessenv.dll 12:42:00.0890 0x1d08 SessionEnv - ok 12:42:00.0922 0x1d08 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\windows\System32\drivers\sfloppy.sys 12:42:01.0000 0x1d08 sfloppy - ok 12:42:01.0109 0x1d08 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\windows\System32\ipnathlp.dll 12:42:01.0172 0x1d08 SharedAccess - ok 12:42:01.0265 0x1d08 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\windows\System32\shsvcs.dll 12:42:01.0375 0x1d08 ShellHWDetection - ok 12:42:01.0406 0x1d08 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 12:42:01.0437 0x1d08 SiSRaid2 - ok 12:42:01.0453 0x1d08 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 12:42:01.0484 0x1d08 SiSRaid4 - ok 12:42:01.0515 0x1d08 [ 2458D9FA17F51A458463CF0A4D3FC238, 9CB160C391C24229FF068A56E6B0AD7869FBDAF254B9B30497FAE3443AC19FC3 ] SmbDrvI C:\windows\system32\DRIVERS\Smb_driver_Intel.sys 12:42:01.0531 0x1d08 SmbDrvI - ok 12:42:01.0547 0x1d08 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\windows\System32\smphost.dll 12:42:01.0656 0x1d08 smphost - ok 12:42:01.0750 0x1d08 [ 961507DB02D7AC0B7A7828D457143B8E, F423BE6287C65960A955EBB3BFBAC047313BEB2F54920A6E57E51FCCE855F5E0 ] SNMPTRAP C:\windows\System32\snmptrap.exe 12:42:01.0843 0x1d08 SNMPTRAP - ok 12:42:01.0937 0x1d08 [ F6AF6499C3788105EA7AF1DA27769A77, F847789B0AD498CC9C985F334F7BA0906ACB41FB356CC2EF2A00C62C75D94A79 ] spaceport C:\windows\system32\drivers\spaceport.sys 12:42:02.0031 0x1d08 spaceport - ok 12:42:02.0062 0x1d08 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\windows\system32\drivers\SpbCx.sys 12:42:02.0093 0x1d08 SpbCx - ok 12:42:02.0234 0x1d08 [ 851F06253BED584E39F5126EB5C2D6DD, 5144AA4C45598B0749D4F2CF477BB8E9B75DFB858385888E31E703B7C8FB6463 ] Spooler C:\windows\System32\spoolsv.exe 12:42:02.0359 0x1d08 Spooler - ok 12:42:02.0843 0x1d08 [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc C:\windows\system32\sppsvc.exe 12:42:03.0659 0x1d08 sppsvc - ok 12:42:03.0722 0x1d08 [ CA62440584866C8435AF39E70C8CDDDD, 8B4C6AF1CFD628632D20C17D4D64C70BA6609382E416007DE28E542C5E5C8798 ] srv C:\windows\system32\DRIVERS\srv.sys 12:42:03.0847 0x1d08 srv - ok 12:42:03.0925 0x1d08 [ C62A74CAF963057C3A98083D1177DA50, DCA30352D472F6DF4AB2F0BE30D321060584F58CB043B7EBF223538CF0C48BEA ] srv2 C:\windows\system32\DRIVERS\srv2.sys 12:42:04.0097 0x1d08 srv2 - ok 12:42:04.0128 0x1d08 [ 09F76E4F5B3B37474A2F49CC6F94B39A, D0ADDF3E5BBF7D6CB6B01430FA4D8C7E15CFE7356877604B40AAA944CB35970C ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 12:42:04.0269 0x1d08 srvnet - ok 12:42:04.0316 0x1d08 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 12:42:04.0362 0x1d08 SSDPSRV - ok 12:42:04.0409 0x1d08 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\windows\system32\sstpsvc.dll 12:42:04.0456 0x1d08 SstpSvc - ok 12:42:04.0472 0x1d08 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\windows\system32\drivers\stexstor.sys 12:42:04.0503 0x1d08 stexstor - ok 12:42:04.0534 0x1d08 [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam C:\windows\system32\DRIVERS\serscan.sys 12:42:04.0612 0x1d08 StillCam - ok 12:42:04.0675 0x1d08 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\windows\System32\wiaservc.dll 12:42:04.0784 0x1d08 stisvc - ok 12:42:04.0816 0x1d08 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\windows\system32\drivers\storahci.sys 12:42:04.0862 0x1d08 storahci - ok 12:42:04.0878 0x1d08 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\windows\system32\drivers\vmstorfl.sys 12:42:04.0909 0x1d08 storflt - ok 12:42:04.0941 0x1d08 [ 1D5A045F59D216448FCDE3A8D69970E2, CEDEB0843D93339D10FE4BC209CCFCB6E12C6064FD62694DA7675082E8B8C915 ] stornvme C:\windows\system32\drivers\stornvme.sys 12:42:04.0972 0x1d08 stornvme - ok 12:42:05.0003 0x1d08 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\windows\system32\storsvc.dll 12:42:05.0097 0x1d08 StorSvc - ok 12:42:05.0097 0x1d08 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\windows\system32\drivers\storvsc.sys 12:42:05.0128 0x1d08 storvsc - ok 12:42:05.0144 0x1d08 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\windows\system32\svsvc.dll 12:42:05.0191 0x1d08 svsvc - ok 12:42:05.0206 0x1d08 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\windows\System32\drivers\swenum.sys 12:42:05.0237 0x1d08 swenum - ok 12:42:05.0331 0x1d08 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\windows\System32\swprv.dll 12:42:05.0409 0x1d08 swprv - ok 12:42:05.0472 0x1d08 [ ECC3E50A419EABCE700D3E956495E08C, FBC8E365BE88D37553E0C670984CAE0F3FE0A51B5EDBF627315F6FEBF23BBFC1 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys 12:42:05.0534 0x1d08 SynTP - ok 12:42:05.0644 0x1d08 [ 0404A539EC3D731EE42632AAFFF0666A, 5558B96C9A425ADEC69A020E0FEDB6D7562A60E403A2ECDCE58CAF2CA155549F ] SysMain C:\windows\system32\sysmain.dll 12:42:05.0769 0x1d08 SysMain - ok 12:42:05.0800 0x1d08 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll 12:42:05.0878 0x1d08 SystemEventsBroker - ok 12:42:05.0956 0x1d08 [ 54A1F83B166F1062000A0D816CB3B43A, 8A104B2141546984CFB988CC178EB1910F6B42A19CB75A30F4E74D5EE67901EB ] TabletInputService C:\windows\System32\TabSvc.dll 12:42:06.0050 0x1d08 TabletInputService - ok 12:42:06.0081 0x1d08 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\windows\System32\tapisrv.dll 12:42:06.0159 0x1d08 TapiSrv - ok 12:42:06.0331 0x1d08 [ CB10F295128E551C0631C1459752BEDB, EFD2BC496D4F78C301DFCBA5210BB9BF99B6124AD519E4DED366023EA59EB950 ] Tcpip C:\windows\system32\drivers\tcpip.sys 12:42:06.0581 0x1d08 Tcpip - ok 12:42:06.0769 0x1d08 [ CB10F295128E551C0631C1459752BEDB, EFD2BC496D4F78C301DFCBA5210BB9BF99B6124AD519E4DED366023EA59EB950 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 12:42:06.0987 0x1d08 TCPIP6 - ok 12:42:07.0034 0x1d08 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 12:42:07.0112 0x1d08 tcpipreg - ok 12:42:07.0144 0x1d08 [ 576FA545FAB846B06E79B324160DE25C, 14F1FD2769E7F5362E6452CA061564EF3DEBFDF6BC8EFF0CD4E22068A460A727 ] tdx C:\windows\system32\DRIVERS\tdx.sys 12:42:07.0270 0x1d08 tdx - ok 12:42:07.0285 0x1d08 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\windows\System32\drivers\terminpt.sys 12:42:07.0317 0x1d08 terminpt - ok 12:42:07.0426 0x1d08 [ 680396E9E1FA365C80CA470BEB7CEECF, C51E5E5EAD08E2CED701464C4030DD161877F9A291BC8BF12AF7A0358DCA1886 ] TermService C:\windows\System32\termsrv.dll 12:42:07.0535 0x1d08 TermService - ok 12:42:07.0567 0x1d08 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\windows\system32\themeservice.dll 12:42:07.0614 0x1d08 Themes - ok 12:42:07.0645 0x1d08 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\windows\system32\mmcss.dll 12:42:07.0692 0x1d08 THREADORDER - ok 12:42:07.0739 0x1d08 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\windows\System32\TimeBrokerServer.dll 12:42:07.0817 0x1d08 TimeBroker - ok 12:42:07.0864 0x1d08 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\windows\system32\drivers\tpm.sys 12:42:07.0895 0x1d08 TPM - ok 12:42:07.0926 0x1d08 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\windows\System32\trkwks.dll 12:42:07.0989 0x1d08 TrkWks - ok 12:42:08.0004 0x1d08 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 12:42:08.0051 0x1d08 TrustedInstaller - ok 12:42:08.0145 0x1d08 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 12:42:08.0348 0x1d08 TsUsbFlt - ok 12:42:08.0379 0x1d08 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\windows\System32\drivers\TsUsbGD.sys 12:42:08.0489 0x1d08 TsUsbGD - ok 12:42:08.0520 0x1d08 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 12:42:08.0723 0x1d08 tunnel - ok 12:42:08.0739 0x1d08 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\windows\system32\drivers\uagp35.sys 12:42:08.0785 0x1d08 uagp35 - ok 12:42:08.0832 0x1d08 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\windows\System32\drivers\uaspstor.sys 12:42:08.0879 0x1d08 UASPStor - ok 12:42:08.0910 0x1d08 [ 42FF91AAAFB5BFA7FE0F5A31E8D83AE3, 11D4EF275357BB69F9431F9B24A5524A631D65610F8128F68290C6E839009BE2 ] UCX01000 C:\windows\System32\drivers\ucx01000.sys 12:42:09.0004 0x1d08 UCX01000 - ok 12:42:09.0082 0x1d08 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\windows\system32\DRIVERS\udfs.sys 12:42:09.0239 0x1d08 udfs - ok 12:42:09.0274 0x1d08 [ 5DFA6081BE0AE39EA5B3A38CAC6A961F, D2EC133CF68E794225DE4FAB678F9FECD20D82EC7539A450769076BA57C1914F ] UEFI C:\windows\System32\drivers\UEFI.sys 12:42:09.0305 0x1d08 UEFI - ok 12:42:09.0352 0x1d08 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\windows\system32\UI0Detect.exe 12:42:09.0445 0x1d08 UI0Detect - ok 12:42:09.0508 0x1d08 [ 4EF2D1DCFFC75ADFFFDD471BD9EBEDCC, 9B47DB34537B08D2F934C5FA0503B3441F718F0F8CEDF2483F77C684BD2D63E5 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 12:42:09.0539 0x1d08 uliagpkx - ok 12:42:09.0586 0x1d08 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\windows\System32\drivers\umbus.sys 12:42:09.0680 0x1d08 umbus - ok 12:42:09.0711 0x1d08 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\windows\System32\drivers\umpass.sys 12:42:09.0836 0x1d08 UmPass - ok 12:42:09.0899 0x1d08 [ 87743CF5FF2FB3F2B424F0D8DFF8FD8C, C14C979612426D4449274C109FCF25D3BE170DC5CD7EF8E230C7E8D5681904D3 ] UmRdpService C:\windows\System32\umrdp.dll 12:42:10.0024 0x1d08 UmRdpService - ok 12:42:10.0102 0x1d08 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\windows\System32\upnphost.dll 12:42:10.0180 0x1d08 upnphost - ok 12:42:10.0227 0x1d08 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\windows\System32\Drivers\usbaapl64.sys 12:42:10.0445 0x1d08 USBAAPL64 - ok 12:42:10.0477 0x1d08 [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio C:\windows\system32\drivers\usbaudio.sys 12:42:10.0602 0x1d08 usbaudio - ok 12:42:10.0664 0x1d08 [ 621317D14B93CBFBD5694767EFB6B40A, 84D3F4AA2CAFA11DF5EAD178889ACCAA2FF50D48AFE9518F63FBB862928630FB ] usbccgp C:\windows\System32\drivers\usbccgp.sys 12:42:10.0758 0x1d08 usbccgp - ok 12:42:10.0789 0x1d08 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\windows\System32\drivers\usbcir.sys 12:42:10.0930 0x1d08 usbcir - ok 12:42:10.0977 0x1d08 [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci C:\windows\System32\drivers\usbehci.sys 12:42:11.0008 0x1d08 usbehci - ok 12:42:11.0055 0x1d08 [ E30B159760053C5A1297D2CD08046CD7, E45472CEEC31616DBE2B38C4FD9B90179ED7FF29041F21FB124334B4A53AE48C ] usbhub C:\windows\System32\drivers\usbhub.sys 12:42:11.0133 0x1d08 usbhub - ok 12:42:11.0295 0x1d08 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\windows\System32\drivers\UsbHub3.sys 12:42:11.0404 0x1d08 USBHUB3 - ok 12:42:11.0436 0x1d08 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\windows\System32\drivers\usbohci.sys 12:42:11.0592 0x1d08 usbohci - ok 12:42:11.0608 0x1d08 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\windows\System32\drivers\usbprint.sys 12:42:11.0795 0x1d08 usbprint - ok 12:42:11.0858 0x1d08 [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\windows\System32\drivers\USBSTOR.SYS 12:42:11.0920 0x1d08 USBSTOR - ok 12:42:11.0936 0x1d08 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\windows\System32\drivers\usbuhci.sys 12:42:12.0061 0x1d08 usbuhci - ok 12:42:12.0108 0x1d08 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys 12:42:12.0342 0x1d08 usbvideo - ok 12:42:12.0404 0x1d08 [ 3413BCA17155F82614A3F18518923475, A3C8FAB425CDC088CE9CC33A23B242291469C17848B8BE8DDEAC276905F7BAA4 ] USBXHCI C:\windows\System32\drivers\USBXHCI.SYS 12:42:12.0467 0x1d08 USBXHCI - ok 12:42:12.0498 0x1d08 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\windows\system32\lsass.exe 12:42:12.0545 0x1d08 VaultSvc - ok 12:42:12.0561 0x1d08 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 12:42:12.0592 0x1d08 vdrvroot - ok 12:42:12.0733 0x1d08 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\windows\System32\vds.exe 12:42:12.0904 0x1d08 vds - ok 12:42:12.0951 0x1d08 [ F7579733F4E8FF9B534C3F7D38F25C2C, 449FED49F2178D2A8000549B180606D050751762F53E600C13CFBEC91601DE87 ] VeriFaceSrv C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe 12:42:13.0045 0x1d08 VeriFaceSrv - ok 12:42:13.0061 0x1d08 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\windows\system32\drivers\VerifierExt.sys 12:42:13.0108 0x1d08 VerifierExt - ok 12:42:13.0139 0x1d08 [ E4DA1D85CCCB610DFF0C0E116900E17F, 874EB88B9E2743654094F04AB04C254BBDFBCDECBB200514E73F696098B847F3 ] vflt C:\windows\system32\DRIVERS\vfilter.sys 12:42:13.0217 0x1d08 vflt - detected UnsignedFile.Multi.Generic ( 1 ) 12:42:13.0359 0x1d08 Detect skipped due to KSN trusted 12:42:13.0359 0x1d08 vflt - ok 12:42:13.0452 0x1d08 [ 8ABB4BABF59F092DF0B43778D8FD1884, 94C2100CE86448543A8DD586AD4A128AB9EB37959238D70F33EF59202270AC6C ] vhdmp C:\windows\System32\drivers\vhdmp.sys 12:42:13.0546 0x1d08 vhdmp - ok 12:42:13.0562 0x1d08 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\windows\system32\drivers\viaide.sys 12:42:13.0593 0x1d08 viaide - ok 12:42:13.0609 0x1d08 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\windows\system32\drivers\vmbus.sys 12:42:13.0640 0x1d08 vmbus - ok 12:42:13.0671 0x1d08 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\windows\System32\drivers\VMBusHID.sys 12:42:13.0749 0x1d08 VMBusHID - ok 12:42:13.0796 0x1d08 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\windows\System32\ICSvc.dll 12:42:13.0890 0x1d08 vmicguestinterface - ok 12:42:13.0921 0x1d08 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\windows\System32\ICSvc.dll 12:42:13.0983 0x1d08 vmicheartbeat - ok 12:42:14.0046 0x1d08 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\windows\System32\ICSvc.dll 12:42:14.0109 0x1d08 vmickvpexchange - ok 12:42:14.0171 0x1d08 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\windows\System32\ICSvc.dll 12:42:14.0234 0x1d08 vmicrdv - ok 12:42:14.0282 0x1d08 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\windows\System32\ICSvc.dll 12:42:14.0345 0x1d08 vmicshutdown - ok 12:42:14.0392 0x1d08 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\windows\System32\ICSvc.dll 12:42:14.0454 0x1d08 vmictimesync - ok 12:42:14.0485 0x1d08 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\windows\System32\ICSvc.dll 12:42:14.0548 0x1d08 vmicvss - ok 12:42:14.0579 0x1d08 [ A99CA064AD11266FE7067A79BF78BBB5, B5AFFBA1A9A6E51639A89B9F6C0678E70F73D2BF37D5F88F4AD45DFC6798597D ] vnet C:\windows\system32\DRIVERS\virtualnet.sys 12:42:14.0626 0x1d08 vnet - detected UnsignedFile.Multi.Generic ( 1 ) 12:42:14.0829 0x1d08 Detect skipped due to KSN trusted 12:42:14.0829 0x1d08 vnet - ok 12:42:14.0860 0x1d08 [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr C:\windows\system32\drivers\volmgr.sys 12:42:14.0892 0x1d08 volmgr - ok 12:42:14.0970 0x1d08 [ 7DD4EAE2E680948D9AFF3E1B5234C1D3, 7B893CEF2B72458F5C716C811A24E4A8856E12E2AC9F551606A64B59C9DCF272 ] volmgrx C:\windows\system32\drivers\volmgrx.sys 12:42:15.0032 0x1d08 volmgrx - ok 12:42:15.0095 0x1d08 [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap C:\windows\system32\drivers\volsnap.sys 12:42:15.0157 0x1d08 volsnap - ok 12:42:15.0173 0x1d08 [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci C:\windows\System32\drivers\vpci.sys 12:42:15.0204 0x1d08 vpci - ok 12:42:15.0220 0x1d08 vpnva - ok 12:42:15.0251 0x1d08 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\windows\system32\drivers\vsmraid.sys 12:42:15.0282 0x1d08 vsmraid - ok 12:42:15.0407 0x1d08 [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS C:\windows\system32\vssvc.exe 12:42:15.0579 0x1d08 VSS - ok 12:42:15.0610 0x1d08 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\windows\system32\drivers\vstxraid.sys 12:42:15.0673 0x1d08 VSTXRAID - ok 12:42:15.0688 0x1d08 [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus C:\windows\System32\drivers\vwifibus.sys 12:42:15.0751 0x1d08 vwifibus - ok 12:42:15.0782 0x1d08 [ 29AB43937FFDA0B0FB56984226E698C6, 6A1A559964FE5D594E54988C46149969E6FFD5A8D5A6862E14648B608794CC29 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 12:42:15.0860 0x1d08 vwififlt - ok 12:42:15.0876 0x1d08 [ 8B8624A93E3F88CB923AEB05B6313227, 2856B63CD376BF2B1A9129581E7B9207588D4EAFD29A2C8D98F176FEAFDE26A9 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys 12:42:15.0938 0x1d08 vwifimp - ok 12:42:16.0001 0x1d08 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\windows\system32\w32time.dll 12:42:16.0079 0x1d08 W32Time - ok 12:42:16.0110 0x1d08 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\windows\System32\drivers\wacompen.sys 12:42:16.0220 0x1d08 WacomPen - ok 12:42:16.0251 0x1d08 [ FCAFB80B6BB215E908EA1E9F598FEBCB, 9DCF4EE49AAD1E23F904FECDCEECDE3879D61B648DCF675CB5C3B52B779BC802 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys 12:42:16.0360 0x1d08 Wanarp - ok 12:42:16.0376 0x1d08 [ FCAFB80B6BB215E908EA1E9F598FEBCB, 9DCF4EE49AAD1E23F904FECDCEECDE3879D61B648DCF675CB5C3B52B779BC802 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 12:42:16.0407 0x1d08 Wanarpv6 - ok 12:42:16.0532 0x1d08 [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine C:\windows\system32\wbengine.exe 12:42:16.0720 0x1d08 wbengine - ok 12:42:16.0782 0x1d08 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 12:42:16.0876 0x1d08 WbioSrvc - ok 12:42:16.0923 0x1d08 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\windows\System32\wcmsvc.dll 12:42:16.0985 0x1d08 Wcmsvc - ok 12:42:17.0032 0x1d08 [ A7F2B008F038EFFED5A847029852BC27, EC6C6DEC559AA0DD4307F87880939A84A4CFB13C73C92C444E9B53EBBDE80F79 ] wcncsvc C:\windows\System32\wcncsvc.dll 12:42:17.0095 0x1d08 wcncsvc - ok 12:42:17.0110 0x1d08 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 12:42:17.0173 0x1d08 WcsPlugInService - ok 12:42:17.0220 0x1d08 [ F2E08D1C067FEFC3A42D21FD4810F1D3, A8AD114094D9AE3BC6F76940EF873FD21CCF130DE7F8712950F1962DCE25F1B3 ] WdBoot C:\windows\system32\drivers\WdBoot.sys 12:42:17.0314 0x1d08 WdBoot - ok 12:42:17.0392 0x1d08 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 12:42:17.0470 0x1d08 Wdf01000 - ok 12:42:17.0517 0x1d08 [ E234820E6B84ABA5E84E00227F505AE8, 645B809B883D8F678F2535B575AA1D595F27EBFCE0A16433E9A54CC266BD74F2 ] WdFilter C:\windows\system32\drivers\WdFilter.sys 12:42:17.0564 0x1d08 WdFilter - ok 12:42:17.0580 0x1d08 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\windows\system32\wdi.dll 12:42:17.0642 0x1d08 WdiServiceHost - ok 12:42:17.0658 0x1d08 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\windows\system32\wdi.dll 12:42:17.0705 0x1d08 WdiSystemHost - ok 12:42:17.0736 0x1d08 [ A74AD6D80AC26E1B5DD276FC927F2BAC, F73F090D46BB2AAA6A8D148C658B2EA8C07B16201BB800A9283F4017DC249809 ] WdNisDrv C:\windows\system32\Drivers\WdNisDrv.sys 12:42:17.0767 0x1d08 WdNisDrv - ok 12:42:17.0783 0x1d08 WdNisSvc - ok 12:42:17.0830 0x1d08 [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient C:\windows\System32\webclnt.dll 12:42:17.0923 0x1d08 WebClient - ok 12:42:17.0955 0x1d08 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\windows\system32\wecsvc.dll 12:42:18.0002 0x1d08 Wecsvc - ok 12:42:18.0048 0x1d08 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\windows\system32\wephostsvc.dll 12:42:18.0080 0x1d08 WEPHOSTSVC - ok 12:42:18.0127 0x1d08 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\windows\System32\wercplsupport.dll 12:42:18.0220 0x1d08 wercplsupport - ok 12:42:18.0236 0x1d08 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\windows\System32\WerSvc.dll 12:42:18.0298 0x1d08 WerSvc - ok 12:42:18.0330 0x1d08 [ B3E08E32BD082100928C6BA18AE5E526, 1D93EB34B5A6DE9CEF3A0F41C346E2172CA43A3EEDD9230CB24DB1AC6F1974DF ] WFPLWFS C:\windows\system32\DRIVERS\wfplwfs.sys 12:42:18.0377 0x1d08 WFPLWFS - ok 12:42:18.0423 0x1d08 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\windows\System32\wiarpc.dll 12:42:18.0470 0x1d08 WiaRpc - ok 12:42:18.0502 0x1d08 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\windows\system32\drivers\wimmount.sys 12:42:18.0533 0x1d08 WIMMount - ok 12:42:18.0533 0x1d08 WinDefend - ok 12:42:18.0627 0x1d08 [ A083D80E73C2186C63A973971BD6E76D, 921BF84860F75FBDC841789B88E7C2835ADAB3DDCE7E7A7E61DE23D3376CAF96 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll 12:42:18.0720 0x1d08 WinHttpAutoProxySvc - ok 12:42:18.0783 0x1d08 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 12:42:18.0845 0x1d08 Winmgmt - ok 12:42:19.0017 0x1d08 [ F81B96E455847919D2382098157DC20A, EDB286730D4F3D535F1F0B738DB39230B05B133FAFDD2F4904AD5B57C2705106 ] WinRM C:\windows\system32\WsmSvc.dll 12:42:19.0315 0x1d08 WinRM - ok 12:42:19.0377 0x1d08 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb C:\windows\System32\drivers\WinUsb.sys 12:42:19.0471 0x1d08 WinUsb - ok 12:42:19.0596 0x1d08 [ 2A4A54CB5198AEF84DF56560C679EDD9, 829BED307F9E57EEC38CEF91978034CC6846493AE33E51E76A1AC36EB5B1F197 ] WlanSvc C:\windows\System32\wlansvc.dll 12:42:19.0737 0x1d08 WlanSvc - ok 12:42:19.0877 0x1d08 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\windows\system32\wlidsvc.dll 12:42:20.0033 0x1d08 wlidsvc - ok 12:42:20.0049 0x1d08 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\windows\System32\drivers\wmiacpi.sys 12:42:20.0127 0x1d08 WmiAcpi - ok 12:42:20.0174 0x1d08 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 12:42:20.0221 0x1d08 wmiApSrv - ok 12:42:20.0221 0x1d08 WMPNetworkSvc - ok 12:42:20.0268 0x1d08 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\windows\system32\drivers\Wof.sys 12:42:20.0299 0x1d08 Wof - ok 12:42:20.0424 0x1d08 [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc C:\windows\system32\workfolderssvc.dll 12:42:20.0612 0x1d08 workfolderssvc - ok 12:42:20.0643 0x1d08 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\windows\system32\DRIVERS\wpcfltr.sys 12:42:20.0674 0x1d08 wpcfltr - ok 12:42:20.0690 0x1d08 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\windows\System32\wpcsvc.dll 12:42:20.0721 0x1d08 WPCSvc - ok 12:42:20.0752 0x1d08 [ 25BE82B325AC22FE563A58A1AC29F4C1, 4247BAA9A44C964446F81ED44F18B28F1F730F46851EC2B756BAC57FB9D86700 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 12:42:20.0815 0x1d08 WPDBusEnum - ok 12:42:20.0830 0x1d08 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\windows\system32\drivers\WpdUpFltr.sys 12:42:20.0862 0x1d08 WpdUpFltr - ok 12:42:20.0877 0x1d08 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 12:42:20.0955 0x1d08 ws2ifsl - ok 12:42:21.0002 0x1d08 [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc C:\windows\System32\wscsvc.dll 12:42:21.0065 0x1d08 wscsvc - ok 12:42:21.0096 0x1d08 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\windows\System32\drivers\WSDPrint.sys 12:42:21.0221 0x1d08 WSDPrintDevice - ok 12:42:21.0221 0x1d08 WSearch - ok 12:42:21.0489 0x1d08 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\windows\System32\WSService.dll 12:42:21.0833 0x1d08 WSService - ok 12:42:21.0911 0x1d08 [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd C:\windows\system32\DRIVERS\wsvd.sys 12:42:21.0942 0x1d08 wsvd - ok 12:42:22.0208 0x1d08 [ D9FFD9E4DECC180ECFD85C44B5459D7B, 863BB388B855407BFE45A71EB64EF683C72332C6B948888BD9953D644C044F85 ] wuauserv C:\windows\system32\wuaueng.dll 12:42:22.0521 0x1d08 wuauserv - ok 12:42:22.0567 0x1d08 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 12:42:22.0677 0x1d08 WudfPf - ok 12:42:22.0708 0x1d08 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\windows\System32\drivers\WUDFRd.sys 12:42:22.0802 0x1d08 WUDFRd - ok 12:42:22.0817 0x1d08 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\windows\System32\drivers\WUDFRd.sys 12:42:22.0864 0x1d08 WUDFSensorLP - ok 12:42:22.0896 0x1d08 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\windows\System32\WUDFSvc.dll 12:42:22.0958 0x1d08 wudfsvc - ok 12:42:22.0989 0x1d08 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\windows\System32\drivers\WUDFRd.sys 12:42:23.0021 0x1d08 WUDFWpdFs - ok 12:42:23.0052 0x1d08 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\windows\System32\drivers\WUDFRd.sys 12:42:23.0083 0x1d08 WUDFWpdMtp - ok 12:42:23.0146 0x1d08 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\windows\System32\wwansvc.dll 12:42:23.0224 0x1d08 WwanSvc - ok 12:42:23.0522 0x1d08 [ C4C5C3198C3261BEC89E6C3631047BAF, 78E5604B4B2A184B328C0669781DF11A35AFC04E7375CAB4DB9A48D74929137D ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe 12:42:23.0787 0x1d08 ZeroConfigService - ok 12:42:23.0850 0x1d08 ================ Scan global =============================== 12:42:23.0928 0x1d08 [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\windows\system32\basesrv.dll 12:42:23.0959 0x1d08 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\windows\system32\winsrv.dll 12:42:24.0022 0x1d08 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\windows\system32\sxssrv.dll 12:42:24.0069 0x1d08 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\windows\system32\services.exe 12:42:24.0100 0x1d08 [ Global ] - ok 12:42:24.0100 0x1d08 ================ Scan MBR ================================== 12:42:24.0115 0x1d08 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 12:42:24.0225 0x1d08 \Device\Harddisk0\DR0 - ok 12:42:24.0225 0x1d08 ================ Scan VBR ================================== 12:42:24.0240 0x1d08 [ CA453601F24B049C37BA8795FDEBA621 ] \Device\Harddisk0\DR0\Partition1 12:42:24.0240 0x1d08 \Device\Harddisk0\DR0\Partition1 - ok 12:42:24.0256 0x1d08 [ 8AF4F363F1C83DD00058CD2E1AD00CBE ] \Device\Harddisk0\DR0\Partition2 12:42:24.0256 0x1d08 \Device\Harddisk0\DR0\Partition2 - ok 12:42:24.0272 0x1d08 [ E5A61A19C767E5F0A2A18CE69B55795C ] \Device\Harddisk0\DR0\Partition3 12:42:24.0272 0x1d08 \Device\Harddisk0\DR0\Partition3 - ok 12:42:24.0303 0x1d08 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4 12:42:24.0303 0x1d08 \Device\Harddisk0\DR0\Partition4 - ok 12:42:24.0303 0x1d08 [ 514B22A6AD07FEB6AE53401E8C0DA0D7 ] \Device\Harddisk0\DR0\Partition5 12:42:24.0303 0x1d08 \Device\Harddisk0\DR0\Partition5 - ok 12:42:24.0334 0x1d08 [ CCC3538F40E49C0474E6EAF8BFE081EB ] \Device\Harddisk0\DR0\Partition6 12:42:24.0334 0x1d08 \Device\Harddisk0\DR0\Partition6 - ok 12:42:24.0350 0x1d08 [ 1E8422257506063D217A3F77AA614542 ] \Device\Harddisk0\DR0\Partition7 12:42:24.0365 0x1d08 \Device\Harddisk0\DR0\Partition7 - ok 12:42:24.0365 0x1d08 ================ Scan generic autorun ====================== 12:42:24.0412 0x1d08 [ 0F0D72037DEA7CC6BDD78DBC26FCA7A3, FB8481906C61BA957D3FEF2E8D48606BCD86AFE6182BCD61C8D3C1A6629F994E ] C:\windows\system32\igfxtray.exe 12:42:24.0459 0x1d08 IgfxTray - ok 12:42:24.0537 0x1d08 [ CCEBA311C9791FDB7A9CBBE13C28D9CC, D39191D265AD196D4E8A0925157173A4AE488B79C969A839715DA53F00CB803F ] C:\windows\system32\igfxpers.exe 12:42:24.0600 0x1d08 Persistence - ok 12:42:25.0553 0x1d08 [ 66EB84DA5F31FDA757336444B8D1E3B2, FECAB747B321AD6ED2336C1FB2E756C39883275ED54A559CF7B6989DEA4DD7EB ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 12:42:26.0600 0x1d08 RtHDVCpl - ok 12:42:26.0756 0x1d08 [ D8AB6AC4A2D30641C9544021373B47EB, A0553AFB3B186D8EA28CF056139FA5AA150D6BD31E36E5EB9D5DD5940A90CA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 12:42:26.0865 0x1d08 RtHDVBg_Dolby - ok 12:42:27.0351 0x1d08 [ F7924502BDFBBD3AD2FAF913F159F0A2, 59217F1B6A3E7FB7BB4C806DB762282533C73A16845A3578DC93BCFA33867B5F ] C:\windows\RTFTrack.exe 12:42:27.0913 0x1d08 RtsFT - ok 12:42:29.0383 0x1d08 [ 64CA43FF218C71AB6EB709AD0341AF2B, 45C4FCCD9F5B12A54A6186F4C94CC55A80745B09A34D398C35FD48C9BF21E6A8 ] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe 12:42:30.0414 0x1d08 Energy Manager - ok 12:42:30.0492 0x1d08 [ F0627CE818DA58BAE771DCD4669FA343, 070CE17C9DAC01CC5AE465DFA3FDD8A44ABF97AC8101ED238C96668027B6F10B ] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe 12:42:30.0508 0x1d08 Lenovo Utility - ok 12:42:30.0601 0x1d08 [ 2F4FE254B5E7FC16A6C6545838EC2DE9, 7E3147B639E31B403C56DEA747B7104AFB3180A3B0803CC22D9E8A036CABBFC1 ] C:\Program Files\iTunes\iTunesHelper.exe 12:42:30.0633 0x1d08 iTunesHelper - ok 12:42:30.0633 0x1d08 WindowsDefender - ok 12:42:30.0789 0x1d08 [ 98A1C4637A509FE91A31791E99C55086, 7C1A7BF63B7B9538EFF031BFE1AE2A4B32E6BF45BACD0BB44B60726B52782871 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe 12:42:30.0914 0x1d08 PDFProHook - ok 12:42:31.0070 0x1d08 [ B199C0CDF11F7B27DF55FE32FF2BA7CA, 5F110B02BDAF96B92F6FD251D50DC4FC3F386ECB07CDAAFBE935BC7B8A714022 ] C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe 12:42:31.0195 0x1d08 PDFCreHook - ok 12:42:31.0226 0x1d08 [ FBB07C0E4D170B1015D0F7CA51809766, 1FD8B050EC07D7131F5EE7D9AF86E35E82398740352693CA984183B1B01D42B3 ] C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe 12:42:31.0242 0x1d08 PDF7 Registry Controller - ok 12:42:31.0242 0x1d08 Nuance PDF Create 7-reminder - ok 12:42:31.0321 0x1d08 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe 12:42:31.0336 0x1d08 HP Software Update - ok 12:42:31.0336 0x1d08 GarminExpressTrayApp - ok 12:42:31.0555 0x1d08 [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe 12:42:31.0742 0x1d08 HP Officejet Pro 8600 (NET) - ok 12:42:31.0758 0x1d08 Waiting for KSN requests completion. In queue: 8 12:42:32.0805 0x1d08 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.209.0 ), 0x61100 ( enabled : updated ) 12:42:32.0805 0x1d08 Win FW state via NFP2: enabled ( trusted ) 12:42:32.0946 0x1d08 ============================================================ 12:42:32.0946 0x1d08 Scan finished 12:42:32.0946 0x1d08 ============================================================ 12:42:32.0961 0x22d4 Detected object count: 0 12:42:32.0961 0x22d4 Actual detected object count: 0 |
06.08.2018, 11:59 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! adwCleaner v7.x Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
__________________ Logfiles bitte immer in CODE-Tags posten |
06.08.2018, 12:23 | #15 |
| Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Und das Logfile des ADWCleaner: Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 7.2.2.0 # ------------------------------- # Build: 07-17-2018 # Database: 2018-07-25.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-06-2018 # Duration: 00:00:03 # OS: Windows 8.1 # Cleaned: 0 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Prefetch [+] Delete Tracing Keys [+] Reset Chromium Policies [+] Reset IE Policies [+] Reset Proxy Settings [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1238 octets] - [06/08/2018 13:16:26] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## |
Themen zu Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. |
adobe, antivir, avdevprot, browser, defender, desktop, explorer, geht nicht mehr, homepage, hängt, langsam, log, microsoft, mozilla, office 365, opera, pdf, prizemediayou, realtek, registry, router, scan, software, system, trojaner, ublock origin, updates, windows, wmp |