![]() |
|
Log-Analyse und Auswertung: Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. Trojaner eingefangen trotz aktuellem Avira. Auf populären News-Siten wird Chrome plötzlich umgeleitet auf https://prizemediayou.com. Zurück geht nicht mehr, man muss das Fenster schliessen. Rechner wird sehr sehr langsam, hängt teilweise für 30-40 Sekunden. Avira auf aktuellem Stand, surfe selbstverständlich auch nicht als Administrator. Ausser Updates auch nichts installiert, Herkunft ist mir unklar. Hier mein FRST Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018 Ran by popp_000 (ATTENTION: The user is not administrator) on ROLLS_PC (04-08-2018 12:12:23) Running from C:\Users\popp_000\Downloads Loaded Profiles: Rolls & popp_000 (Available Profiles: Rolls & popp_000) Platform: Windows 8.1 (Update) (X64) Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> winlogon.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> dwm.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> wlanext.exe Failed to access process -> conhost.exe Failed to access process -> spoolsv.exe Failed to access process -> sched.exe Failed to access process -> svchost.exe Failed to access process -> avguard.exe Failed to access process -> AppleMobileDeviceService.exe Failed to access process -> mDNSResponder.exe Failed to access process -> OfficeClickToRun.exe Failed to access process -> svchost.exe Failed to access process -> dasHost.exe Failed to access process -> EvtEng.exe Failed to access process -> FCUpdateService.exe Failed to access process -> HuaweiHiSuiteService64.exe Failed to access process -> HeciServer.exe Failed to access process -> ibtrksrv.exe Failed to access process -> iSCTAgent.exe Failed to access process -> PGService.exe Failed to access process -> RegSrvc.exe Failed to access process -> RichVideo64.exe Failed to access process -> svchost.exe Failed to access process -> VfConnectorService.exe Failed to access process -> ZeroConfigService.exe Failed to access process -> Avira.ServiceHost.exe Failed to access process -> unsecapp.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe Failed to access process -> SearchIndexer.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe Failed to access process -> iPodService.exe (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe Failed to access process -> devmonsrv.exe Failed to access process -> obexsrv.exe Failed to access process -> HPSupportSolutionsFrameworkService.exe Failed to access process -> GoogleCrashHandler.exe Failed to access process -> GoogleCrashHandler64.exe Failed to access process -> IAStorDataMgrSvc.exe Failed to access process -> IntelMeFWService.exe Failed to access process -> jhi_service.exe Failed to access process -> LMS.exe Failed to access process -> wmpnetwk.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Failed to access process -> WmiPrvSE.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> SearchFilterHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor) HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-01-20] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-01-20] (Lenovo(beijing) Limited) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.) HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [1775464 2011-10-24] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFCreHook] => C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [1771368 2011-10-24] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.) HKLM-x32\...\Run: [Nuance PDF Create 7-reminder] => "C:\Program Files (x86)\Nuance\PDFCreate\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Create 7\Ereg\Ereg.ini" HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-04] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [*WerKernelReporting] => C:\windows\SYSTEM32\WerFault.exe [465320 2014-10-29] (Microsoft Corporation) HKLM-x32\...\RunOnce: [{0bb4751a-1ff2-4c79-80df-5bab5da63823}] => C:\ProgramData\Package Cache\{0bb4751a-1ff2-4c79-80df-5bab5da63823}\Avira.OE.Setup.Bundle.exe [1293824 2018-07-12] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [Dropbox Update] => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654728 2018-06-26] (Skype Technologies S.A.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\RunOnce: [Application Restart #5] => C:\Users\popp_000\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-si (the data entry has 546 more characters). HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6574-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\MountPoints2: {523c6629-72e9-11e7-82ea-fcf8ae81aa91} - "E:\HiSuiteDownLoader.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-01-20] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-08-02] ShortcutTarget: Dropbox.lnk -> C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-31] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-419436004-3641650613-4044294934-1004] => 144.76.1.58:80 Tcpip\Parameters: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 Tcpip\..\Interfaces\{4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}: [DhcpNameServer] 129.132.98.12 129.132.250.2 Tcpip\..\Interfaces\{A18FC3BF-B907-4373-9D7F-2A14F0C58609}: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 Tcpip\..\Interfaces\{E9525CEC-B32C-409E-B026-B233ABEF911C}: [DhcpNameServer] 129.132.98.12 129.132.250.2 Internet Explorer: ================== HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com URLSearchHook: [S-1-5-21-419436004-3641650613-4044294934-1001] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\.DEFAULT -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> DefaultScope {7704B72C-290A-4241-8FA4-6772E6550A96} URL = SearchScopes: HKU\S-1-5-21-419436004-3641650613-4044294934-1004 -> {7704B72C-290A-4241-8FA4-6772E6550A96} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-01] (Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation) BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation) Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-01] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File FireFox: ======== FF DefaultProfile: o2okhndp.default FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Zotero\Zotero\Profiles\tco359nz.default [2016-06-17] FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2016-06-07] [Legacy] [not signed] FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2016-06-07] [Legacy] [not signed] FF ProfilePath: C:\Users\popp_000\AppData\Roaming\Mozilla\Firefox\Profiles\o2okhndp.default [2018-05-16] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll [2011-02-16] (Zeon Corporation) FF Plugin HKU\S-1-5-21-419436004-3641650613-4044294934-1004: pokki.com/PokkiDownloadHelper -> C:\Users\popp_000\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://duckduckgo.com/ CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default [2018-08-04] CHR Extension: (Docs) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15] CHR Extension: (Google Drive) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03] CHR Extension: (uBlock Origin) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-18] CHR Extension: (Google-Suche) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04] CHR Extension: (Session Buddy) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-30] CHR Extension: (Zotero Connector) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2018-06-05] CHR Extension: (Google Docs Offline) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Google Mail) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02] CHR Extension: (Chrome Media Router) - C:\Users\popp_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-11] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [880040 2018-07-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [225384 2018-07-11] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164808 2018-07-11] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-04] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 lmhosts; C:\windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 lmhosts; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] () R2 NlaSvc; C:\windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 NlaSvc; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) R2 nsi; C:\windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 nsi; C:\windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-08] (PointGrab LTD) S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-08] (PointGrab LTD) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] () R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-01-20] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [179376 2018-07-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169864 2018-07-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-22] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-22] (Avira Operations GmbH & Co. KG) R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.) S3 ew_usbccgpfilter; C:\windows\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.) R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation) R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] () R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] () R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] () R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation) S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] () S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.) R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated) S1 vflt; C:\windows\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed] S3 vnet; C:\windows\system32\DRIVERS\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed] S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-04 12:12 - 2018-08-04 12:13 - 000028707 _____ C:\Users\popp_000\Downloads\FRST.txt 2018-08-04 12:12 - 2018-08-04 12:12 - 000000000 ____D C:\FRST 2018-08-04 12:11 - 2018-08-04 12:11 - 002412544 _____ (Farbar) C:\Users\popp_000\Downloads\FRST64.exe 2018-08-03 11:44 - 2018-08-03 11:44 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2 (1).exe 2018-08-03 11:28 - 2018-08-03 11:32 - 000000000 ____D C:\AdwCleaner 2018-08-03 11:28 - 2018-08-03 11:28 - 007417040 _____ (Malwarebytes) C:\Users\popp_000\Downloads\adwcleaner_7.2.2.exe 2018-08-03 11:01 - 2018-08-03 11:01 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-08-03 11:01 - 2018-08-03 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2018-08-03 10:35 - 2018-08-03 10:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2018-08-03 10:35 - 2018-08-03 10:35 - 000002237 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2018-08-02 12:05 - 2018-08-02 12:05 - 001318374 _____ C:\Users\popp_000\Downloads\foreignpolicy.com-Why I Didnt Sign Up to Defend the International Order.pdf 2018-08-02 11:33 - 2018-08-02 11:33 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-07-31 13:47 - 2018-03-27 01:24 - 000029352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll 2018-07-31 13:47 - 2018-03-27 01:24 - 000019088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll 2018-07-31 13:47 - 2018-03-27 01:17 - 000030888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll 2018-07-31 13:47 - 2018-03-27 01:17 - 000019088 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll 2018-07-30 13:38 - 2018-07-30 13:38 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-07-30 13:22 - 2018-07-30 13:22 - 001540104 _____ (CHIP Digital GmbH) C:\Users\popp_000\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe 2018-07-25 17:19 - 2018-07-25 17:19 - 000158109 _____ C:\Users\popp_000\Desktop\Bell_QuestioningGlobalTurn_2014.pdf 2018-07-25 17:19 - 2018-07-25 17:19 - 000065607 _____ C:\Users\popp_000\Desktop\Burton_MethodScaleWH_2007.pdf 2018-07-25 17:17 - 2018-07-25 17:17 - 000131170 _____ C:\Users\popp_000\Desktop\Tsing_EconomyAppearances_2000.pdf 2018-07-24 20:33 - 2018-07-24 20:33 - 002092858 _____ C:\Users\popp_000\Desktop\Tsing_GlobalSituation_2000.pdf 2018-07-23 19:48 - 2018-07-23 19:48 - 000055476 _____ C:\Users\popp_000\Desktop\GoodeRevonCollier_2018.pdf 2018-07-23 19:45 - 2018-07-23 19:45 - 001227292 _____ C:\Users\popp_000\Desktop\Rovner_LongWarEast_2018.pdf 2018-07-23 19:44 - 2018-07-23 19:44 - 000985481 _____ C:\Users\popp_000\Desktop\Kroenig_D&STRT_NucleNonprolif_2018.pdf 2018-07-23 19:22 - 2018-07-23 19:22 - 000282576 _____ C:\Users\popp_000\Desktop\Porter_HabitUSGrandStrategy_2018.pdf 2018-07-23 19:19 - 2018-07-23 19:19 - 000176411 _____ C:\Users\popp_000\Desktop\VielhaberBleek_ShadoiwwarsReview_2012.pdf 2018-07-23 19:06 - 2018-07-23 19:06 - 000527232 _____ C:\Users\popp_000\Desktop\MillerVolpe_SaudiNukes_2018.pdf 2018-07-23 19:06 - 2018-07-23 19:06 - 000417636 _____ C:\Users\popp_000\Desktop\Nephew_SanctionsRelief_2018.pdf 2018-07-23 19:04 - 2018-07-23 19:04 - 000501283 _____ C:\Users\popp_000\Desktop\Glaser_IllusionofAmericDecline_2018.pdf 2018-07-22 11:57 - 2018-07-22 11:57 - 000001333 _____ C:\Users\Public\Desktop\Skype.lnk 2018-07-22 11:57 - 2018-07-22 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-07-16 19:25 - 2018-07-16 19:25 - 000060349 _____ C:\Users\popp_000\Downloads\CAE17-09 Additional Information.pdf 2018-07-16 10:41 - 2018-07-16 10:41 - 000041845 _____ C:\Users\popp_000\Downloads\Buchungsdetail 20180716104127.pdf 2018-07-15 13:07 - 2018-06-29 00:07 - 000835064 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2018-07-15 13:07 - 2018-06-29 00:07 - 000179704 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-07-14 06:45 - 2018-07-14 06:52 - 000385911 _____ C:\Users\popp_000\Desktop\Passport.pdf 2018-07-12 11:17 - 2018-07-12 11:17 - 000001147 _____ C:\Users\Public\Desktop\Avira.lnk 2018-07-12 10:19 - 2018-06-20 22:01 - 007398232 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2018-07-12 10:19 - 2018-06-20 21:44 - 001676064 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2018-07-12 10:19 - 2018-06-20 21:44 - 001536120 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2018-07-12 10:19 - 2018-06-20 20:48 - 000095744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys 2018-07-12 10:19 - 2018-06-20 20:48 - 000027136 ____C (Microsoft Corporation) C:\windows\system32\Drivers\fxppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys 2018-07-12 10:19 - 2018-06-20 18:58 - 000092672 ____C (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys 2018-07-12 10:19 - 2018-06-15 05:01 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2018-07-12 10:19 - 2018-06-12 10:00 - 022374248 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2018-07-12 10:19 - 2018-06-12 09:57 - 019790760 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2018-07-12 10:19 - 2018-06-11 18:55 - 025744896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2018-07-12 10:19 - 2018-06-11 18:36 - 003119616 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll 2018-07-12 10:19 - 2018-06-11 18:14 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2018-07-12 10:19 - 2018-06-11 18:06 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2018-07-12 10:19 - 2018-06-11 18:04 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2018-07-12 10:19 - 2018-06-11 17:39 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2018-07-12 10:19 - 2018-06-11 17:36 - 015283200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2018-07-12 10:19 - 2018-06-11 17:31 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2018-07-12 10:19 - 2018-06-11 17:22 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2018-07-12 10:19 - 2018-06-11 17:11 - 001545216 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2018-07-12 10:19 - 2018-06-11 16:59 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2018-07-12 10:19 - 2018-06-09 18:40 - 020286976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2018-07-12 10:19 - 2018-06-09 18:26 - 002712064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll 2018-07-12 10:19 - 2018-06-09 18:09 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2018-07-12 10:19 - 2018-06-09 17:59 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2018-07-12 10:19 - 2018-06-09 17:37 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2018-07-12 10:19 - 2018-06-09 17:37 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2018-07-12 10:19 - 2018-06-09 17:36 - 013680128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2018-07-12 10:19 - 2018-06-09 17:32 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2018-07-12 10:19 - 2018-06-09 17:11 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2018-07-12 10:19 - 2018-06-09 17:08 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2018-07-12 10:19 - 2018-06-09 17:06 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2018-07-12 10:19 - 2018-06-09 04:47 - 002176072 _____ (Microsoft Corporation) C:\windows\system32\combase.dll 2018-07-12 10:19 - 2018-06-09 03:44 - 001565528 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll 2018-07-12 10:19 - 2018-06-08 20:26 - 000440832 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll 2018-07-12 10:19 - 2018-06-08 19:54 - 000656384 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll 2018-07-12 10:19 - 2018-06-08 19:53 - 000252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll 2018-07-12 10:19 - 2018-06-08 19:07 - 000404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll 2018-07-12 10:19 - 2018-06-08 18:44 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll 2018-07-12 10:19 - 2018-06-07 20:51 - 000074240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys 2018-07-12 10:19 - 2018-05-24 23:29 - 002449752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2018-07-12 10:19 - 2018-05-24 23:29 - 000428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS 2018-07-12 10:19 - 2018-05-15 10:42 - 000590680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2018-07-12 10:19 - 2018-05-04 01:02 - 000439640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2018-07-12 10:19 - 2018-05-04 01:02 - 000325456 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2018-07-12 10:19 - 2018-05-04 01:02 - 000187728 ____C (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS 2018-07-12 10:19 - 2018-04-26 15:43 - 000918296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000065880 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000021848 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000018776 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000015704 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000015192 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000013656 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000013152 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000998912 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000063832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000020824 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000019288 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000016216 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000015704 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000014168 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000013656 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012632 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2018-07-12 10:19 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2018-07-12 10:19 - 2018-04-25 19:38 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2018-07-12 10:02 - 2018-06-12 21:01 - 000149632 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe 2018-07-12 10:02 - 2018-06-08 15:15 - 002860032 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2018-07-12 10:02 - 2018-06-08 15:15 - 001602048 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000783872 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000612352 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000470016 _____ (Microsoft Corporation) C:\windows\system32\centel.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000443392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000301056 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2018-07-12 10:02 - 2018-06-08 15:15 - 000246272 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2018-07-11 13:58 - 2018-07-11 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2018-07-09 17:51 - 2018-07-09 17:51 - 000111660 _____ C:\Users\popp_000\Downloads\RAC 15-148.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-04 12:12 - 2015-06-19 15:42 - 000001254 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job 2018-08-04 12:12 - 2015-06-19 15:42 - 000001202 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job 2018-08-04 11:30 - 2017-09-16 11:44 - 000007594 _____ C:\Users\Rolls\AppData\Local\Resmon.ResmonCfg 2018-08-04 11:30 - 2014-02-24 22:06 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-04 11:30 - 2014-02-24 22:06 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-03 11:45 - 2014-03-04 14:59 - 000000000 ___DO C:\Users\popp_000\SkyDrive 2018-08-03 11:38 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2018-08-03 11:35 - 2014-01-20 08:43 - 000027136 _____ C:\windows\system32\VfService.trf 2018-08-03 11:23 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness 2018-08-03 11:05 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-08-03 11:01 - 2017-05-02 11:20 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-08-03 11:01 - 2017-05-02 11:20 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-08-03 10:59 - 2014-01-20 08:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-08-03 10:54 - 2013-08-22 17:36 - 000000000 ____D C:\windows\tracing 2018-08-03 10:34 - 2014-02-24 22:06 - 000000000 ____D C:\Program Files (x86)\Google 2018-08-02 11:46 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf 2018-08-02 11:34 - 2014-03-04 15:59 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Dropbox 2018-08-01 11:33 - 2014-01-20 08:31 - 000157476 _____ C:\windows\system32\perfc00C.dat 2018-08-01 11:33 - 2014-01-20 08:31 - 000081754 _____ C:\windows\system32\perfh00C.dat 2018-08-01 11:33 - 2014-01-20 08:26 - 000761160 _____ C:\windows\system32\perfh007.dat 2018-08-01 11:33 - 2014-01-20 08:26 - 000157652 _____ C:\windows\system32\perfc007.dat 2018-08-01 11:33 - 2013-10-07 20:27 - 002015868 _____ C:\windows\system32\PerfStringBackup.INI 2018-07-31 13:59 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp 2018-07-30 17:51 - 2014-03-04 16:03 - 000000000 ___RD C:\Users\popp_000\Dropbox 2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\ProgramData\Garmin 2018-07-28 21:45 - 2015-02-28 09:37 - 000000000 ____D C:\Program Files (x86)\Garmin 2018-07-28 21:45 - 2014-01-20 08:13 - 000000000 ____D C:\ProgramData\Package Cache 2018-07-25 17:59 - 2014-03-04 22:53 - 000000000 ____D C:\Users\popp_000\AppData\Local\CrashDumps 2018-07-24 21:31 - 2017-11-17 11:34 - 000000000 ____D C:\Users\popp_000\Desktop\LATER 2018-07-24 16:36 - 2018-05-07 11:13 - 001091675 _____ C:\Users\popp_000\Desktop\Kennedy_WoodrowWWI_2018.pdf 2018-07-22 11:57 - 2016-01-24 17:30 - 000000000 ___RD C:\Program Files (x86)\Skype 2018-07-22 11:57 - 2014-03-25 21:31 - 000000000 ____D C:\ProgramData\Skype 2018-07-22 11:55 - 2014-03-25 21:31 - 000000000 ____D C:\Users\popp_000\AppData\Roaming\Skype 2018-07-18 22:51 - 2017-05-02 11:26 - 000002377 _____ C:\Users\popp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2018-07-16 20:48 - 2013-08-22 17:36 - 000000000 ____D C:\windows\LiveKernelReports 2018-07-16 15:07 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache 2018-07-15 13:33 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-07-15 13:23 - 2014-01-20 08:44 - 000000000 ____D C:\ProgramData\Energy Manager 2018-07-15 13:04 - 2013-08-22 16:44 - 000500816 _____ C:\windows\system32\FNTCACHE.DAT 2018-07-15 12:58 - 2015-04-18 18:10 - 000000000 ____D C:\windows\system32\appraiser 2018-07-15 12:58 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData 2018-07-15 12:57 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\NDF 2018-07-12 15:38 - 2014-03-04 15:58 - 000000000 ____D C:\windows\system32\MRT 2018-07-12 15:31 - 2014-03-04 15:58 - 134675576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe 2018-07-12 09:52 - 2018-05-09 10:30 - 000685568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2018-07-11 13:55 - 2014-02-24 22:16 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2018-07-11 13:55 - 2014-02-24 22:16 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2018-07-10 17:05 - 2014-03-04 14:56 - 000000000 ____D C:\Users\popp_000\AppData\Local\VirtualStore 2018-07-09 16:52 - 2015-11-09 17:52 - 000000424 _____ C:\windows\Tasks\DriverEasy Scheduled Scan.job Some files in TEMP: ==================== 2014-03-04 14:58 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\popp_000\AppData\Local\Temp\avgnt.exe 2016-12-31 18:38 - 2014-07-01 11:20 - 011719232 _____ (Foxit Corporation) C:\Users\popp_000\AppData\Local\Temp\Foxit Reader Updater.exe 2014-12-21 09:41 - 2014-12-21 09:41 - 095168336 _____ (SweetLabs,Inc.) C:\Users\popp_000\AppData\Local\Temp\oct50EC.tmp.exe 2017-07-12 13:05 - 2017-07-12 13:06 - 064794200 _____ (SweetLabs,Inc.) C:\Users\popp_000\AppData\Local\Temp\oct5FE4.tmp.exe 2017-10-02 13:09 - 2018-07-22 11:56 - 057812744 _____ (Skype Technologies S.A.) C:\Users\popp_000\AppData\Local\Temp\SkypeSetup.exe 2014-02-24 22:16 - 2014-04-13 17:45 - 000000000 ____D () C:\Users\Rolls\AppData\Local\Temp\avgnt.exe 2015-11-09 17:47 - 2015-11-09 17:47 - 064809432 _____ (SweetLabs,Inc.) C:\Users\Rolls\AppData\Local\Temp\oct5CEE.tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================ --- --- --- Additions.txt: [CODE]Additional FRST Logfile: FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by popp_000 (04-08-2018 12:15:35) Running from C:\Users\popp_000\Downloads Windows 8.1 (Update) (X64) (2014-02-24 19:54:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-419436004-3641650613-4044294934-500 - Administrator - Disabled) Guest (S-1-5-21-419436004-3641650613-4044294934-501 - Limited - Disabled) popp_000 (S-1-5-21-419436004-3641650613-4044294934-1004 - Limited - Enabled) => C:\Users\popp_000 Rolls (S-1-5-21-419436004-3641650613-4044294934-1001 - Administrator - Enabled) => C:\Users\Rolls ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM-x32\...\{b883705a-0784-4d1e-9766-601e8d66945a}) (Version: 1.2.115.14232 - Avira Operations GmbH & Co. KG) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Dropbox (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.) Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Hidden Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation) Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions) GentiumPlus 1.510 (HKLM-x32\...\GentiumPlus) (Version: - ) GitHub (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.) Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard) HP Support Solutions Framework (HKLM-x32\...\{AAE126B3-95C5-49E1-A590-7B5F6EDC7D60}) (Version: 12.5.32.203 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{CF713F23-4866-4A5D-91CC-A5F42111C82A}) (Version: 12.7.5.9 - Apple Inc.) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) jpgtopdf_setup (HKLM-x32\...\{6C1A8DBD-C0AA-4FD0-93C8-33934FD3F396}) (Version: 1.0.0.1 - jpgtopdf_setup_caudio) Hidden Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.) Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo) Lenovo Motion Control (HKLM-x32\...\{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Hidden Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo) MailStore Home 10.1.2.12457 (HKLM-x32\...\MailStore Home_universal1) (Version: 10.1.2.12457 - MailStore Software GmbH) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 57.0.4 (x64 de) (HKLM\...\Mozilla Firefox 57.0.4 (x64 de)) (Version: 57.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla) Nuance PDF Create 7 (HKLM\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Create 7 (HKLM-x32\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.) ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version: - ) Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Skype Version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated) UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.) vpnui.exe custom database (HKLM\...\{f0fbb653-f915-4899-a129-43562c94b062}.sdb) (Version: - ) Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll -> No File ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers4-x32: [FolderColorize] -> {3443FE61-F294-403D-A4A6-53E034FC9B3F} => C:\Program Files\Folder Colorizer\FolderColorShlExt.dll [2014-01-13] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers1_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DriverEasy Scheduled Scan.job => Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2018-06-27 08:53 - 2018-06-22 21:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll 2018-06-27 08:53 - 2018-06-22 21:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2015-11-22 17:35 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\popp_000\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 62.2.17.60 - 62.2.24.162 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "PDFCreHook" HKLM\...\StartupApproved\Run32: => "PDFProHook" HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "World of Tanks" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "Skype for Desktop" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C3EC1C83-ED75-4491-B69D-9C40FAD13721}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{6FCD0814-38FE-47D2-816C-72C1415D1D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{E620D2F9-0BA9-4DFE-8D6B-9C59F1F71526}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{1077B56E-1938-4248-A619-9B854EE3AFD9}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{AFFD236C-2F03-4514-9493-28D4A9C50B77}] => (Allow) C:\Users\Rolls\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{F288F15D-002F-40A2-A40C-97E28F56AA80}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{AD2DB122-CC56-424D-8E16-AA4AAECF4344}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{3EF055D5-32DE-4CA6-BE7C-F5665694844B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{D21787BE-28FE-4C10-A07A-1CCFE3E7B79D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{FB099CB8-CA09-4117-99D4-B42CDBB28D90}] => (Allow) C:\Users\Rolls\AppData\Local\Viber\Viber.exe FirewallRules: [{965D02E2-997F-4A1B-9984-1738A0E2A113}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{CE0097F9-DC40-4522-87F1-1051989D5C39}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D889966A-1277-4A5D-9DA8-ED3C03A0E9C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BDDE8199-B36C-41F3-AA66-04834F80B129}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CC8120C7-33BE-4EE0-A5D3-2FC1CDB57184}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{FFDB7024-EDC1-4129-AAE2-F6C96C8E383E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{C6053D39-4308-4B42-8A8A-6E2A35310460}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{95CBABA5-8E3D-4A5B-A1B8-03D82509368F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{6266A37E-5C70-40AA-899F-C3525EED13D9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{3AFE67D9-1ACF-4E60-AE30-AEF8B0F6AEEC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{3907E02F-601D-4C7F-B2FA-D854CBCE60F4}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{0B084486-00AB-497C-885E-F03C9EA3A10F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{04F273D0-6AE9-4E96-B78C-3ACFB71DE717}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{C62B610C-F3DB-4EFA-92DC-01B1BDB6CE37}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{E8091B04-83D8-4214-92CC-9E6103FBD59F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{33047F60-F67D-430B-B231-902153223054}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2B912316-B9F7-4E28-9106-2F194B2C3068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8A7C5277-E975-4A7B-A51E-0F21B6A95CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22D86146-2671-4E3D-92CB-8F6C06857C3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8ACE25C7-A358-4542-9ABA-01AD445562AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{2BAD3012-6736-4535-87B5-A0A267A5B46F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{471A0AF8-318E-4228-97DE-AEE58A161E68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{9F29F59E-3EB9-415A-9AAA-8F8ED2C6BB02}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{B23CA18C-2F92-44C0-B9C1-B1EBA20109DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/04/2018 11:17:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 74821703 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 74821703 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/03/2018 11:44:34 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d5c Startzeit: 01d42b0dcbb3b9b0 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: c2926c2b-9701-11e8-8336-fcf8ae81aa91 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (08/03/2018 11:42:02 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (08/03/2018 10:40:27 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/03/2018 10:36:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6a18 Startzeit: 01d42b03eebce287 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 3f7d4b87-96f8-11e8-8334-fcf8ae81aa91 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (08/04/2018 11:08:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY) Description: Für den Miniport "Realtek PCIe GBE Family Controller, {4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}" ist das Ereignis "74" aufgetreten. Error: (08/03/2018 11:43:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "HP Support Solutions Framework Service" wurde nicht richtig gestartet. Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:34:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:34:41 AM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Windows Defender: =================================== Date: 2017-05-04 16:39:21.013 Description: Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Betroffene Signaturen: Aktuell Fehlercode: 0x80073aba Fehlerbeschreibung: The resource is too old to be compatible. Signaturversion: 1.155.266.0;1.155.266.0 Modulversion: 1.1.9700.0 CodeIntegrity: =================================== Date: 2018-08-03 11:42:33.517 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:31.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:26.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:37:39.892 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-03 11:22:59.575 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:54.841 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:47.622 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:42.906 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 59% Total physical RAM: 8104.27 MB Available physical RAM: 3286.13 MB Total Virtual: 13480.27 MB Available Virtual: 7809.13 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:283.73 GB) (Free:151.47 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:164.36 GB) (Free:98.53 GB) NTFS \\?\Volume{544d8d37-33b0-411c-bcb9-194636f9170a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS \\?\Volume{f521da69-fec1-4e43-a83f-ac8ca729b84c}\ (PBR_DRV) (Fixed) (Total:15.34 GB) (Free:5.69 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================ --- --- --- Additions.TXT [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by popp_000 (04-08-2018 12:15:35) Running from C:\Users\popp_000\Downloads Windows 8.1 (Update) (X64) (2014-02-24 19:54:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-419436004-3641650613-4044294934-500 - Administrator - Disabled) Guest (S-1-5-21-419436004-3641650613-4044294934-501 - Limited - Disabled) popp_000 (S-1-5-21-419436004-3641650613-4044294934-1004 - Limited - Enabled) => C:\Users\popp_000 Rolls (S-1-5-21-419436004-3641650613-4044294934-1001 - Administrator - Enabled) => C:\Users\Rolls ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM-x32\...\{b883705a-0784-4d1e-9766-601e8d66945a}) (Version: 1.2.115.14232 - Avira Operations GmbH & Co. KG) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Dropbox (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.) Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Hidden Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation) Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions) GentiumPlus 1.510 (HKLM-x32\...\GentiumPlus) (Version: - ) GitHub (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.) Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard) HP Support Solutions Framework (HKLM-x32\...\{AAE126B3-95C5-49E1-A590-7B5F6EDC7D60}) (Version: 12.5.32.203 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{CF713F23-4866-4A5D-91CC-A5F42111C82A}) (Version: 12.7.5.9 - Apple Inc.) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) jpgtopdf_setup (HKLM-x32\...\{6C1A8DBD-C0AA-4FD0-93C8-33934FD3F396}) (Version: 1.0.0.1 - jpgtopdf_setup_caudio) Hidden Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.) Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo) Lenovo Motion Control (HKLM-x32\...\{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Hidden Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo) MailStore Home 10.1.2.12457 (HKLM-x32\...\MailStore Home_universal1) (Version: 10.1.2.12457 - MailStore Software GmbH) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation) Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 57.0.4 (x64 de) (HKLM\...\Mozilla Firefox 57.0.4 (x64 de)) (Version: 57.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla) Nuance PDF Create 7 (HKLM\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Create 7 (HKLM-x32\...\{CD7A262C-287E-41DD-A0F7-733856252C6B}) (Version: 7.10.2364 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.) ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version: - ) Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Skype Version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated) UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.) vpnui.exe custom database (HKLM\...\{f0fbb653-f915-4899-a129-43562c94b062}.sdb) (Version: - ) Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll -> No File ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers4-x32: [FolderColorize] -> {3443FE61-F294-403D-A4A6-53E034FC9B3F} => C:\Program Files\Folder Colorizer\FolderColorShlExt.dll [2014-01-13] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2018-07-11] (Avira Operations GmbH & Co. KG) ContextMenuHandlers1_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-419436004-3641650613-4044294934-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\popp_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DriverEasy Scheduled Scan.job => Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004Core.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-419436004-3641650613-4044294934-1004UA.job => C:\Users\popp_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2018-06-27 08:53 - 2018-06-22 21:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll 2018-06-27 08:53 - 2018-06-22 21:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2015-11-22 17:35 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-419436004-3641650613-4044294934-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\popp_000\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 62.2.17.60 - 62.2.24.162 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "PDFCreHook" HKLM\...\StartupApproved\Run32: => "PDFProHook" HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "World of Tanks" HKU\S-1-5-21-419436004-3641650613-4044294934-1004\...\StartupApproved\Run: => "Skype for Desktop" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C3EC1C83-ED75-4491-B69D-9C40FAD13721}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{6FCD0814-38FE-47D2-816C-72C1415D1D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{E620D2F9-0BA9-4DFE-8D6B-9C59F1F71526}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{1077B56E-1938-4248-A619-9B854EE3AFD9}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{AFFD236C-2F03-4514-9493-28D4A9C50B77}] => (Allow) C:\Users\Rolls\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{F288F15D-002F-40A2-A40C-97E28F56AA80}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{AD2DB122-CC56-424D-8E16-AA4AAECF4344}C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\popp_000\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{3EF055D5-32DE-4CA6-BE7C-F5665694844B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{D21787BE-28FE-4C10-A07A-1CCFE3E7B79D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{FB099CB8-CA09-4117-99D4-B42CDBB28D90}] => (Allow) C:\Users\Rolls\AppData\Local\Viber\Viber.exe FirewallRules: [{965D02E2-997F-4A1B-9984-1738A0E2A113}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{CE0097F9-DC40-4522-87F1-1051989D5C39}] => (Allow) C:\Users\popp_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D889966A-1277-4A5D-9DA8-ED3C03A0E9C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BDDE8199-B36C-41F3-AA66-04834F80B129}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CC8120C7-33BE-4EE0-A5D3-2FC1CDB57184}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{FFDB7024-EDC1-4129-AAE2-F6C96C8E383E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{C6053D39-4308-4B42-8A8A-6E2A35310460}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{95CBABA5-8E3D-4A5B-A1B8-03D82509368F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{6266A37E-5C70-40AA-899F-C3525EED13D9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{3AFE67D9-1ACF-4E60-AE30-AEF8B0F6AEEC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{3907E02F-601D-4C7F-B2FA-D854CBCE60F4}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{0B084486-00AB-497C-885E-F03C9EA3A10F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{04F273D0-6AE9-4E96-B78C-3ACFB71DE717}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{C62B610C-F3DB-4EFA-92DC-01B1BDB6CE37}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{E8091B04-83D8-4214-92CC-9E6103FBD59F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{33047F60-F67D-430B-B231-902153223054}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2B912316-B9F7-4E28-9106-2F194B2C3068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8A7C5277-E975-4A7B-A51E-0F21B6A95CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22D86146-2671-4E3D-92CB-8F6C06857C3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8ACE25C7-A358-4542-9ABA-01AD445562AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{2BAD3012-6736-4535-87B5-A0A267A5B46F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{471A0AF8-318E-4228-97DE-AEE58A161E68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{9F29F59E-3EB9-415A-9AAA-8F8ED2C6BB02}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{B23CA18C-2F92-44C0-B9C1-B1EBA20109DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/04/2018 11:17:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 74821703 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 74821703 Error: (08/04/2018 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/03/2018 11:44:34 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d5c Startzeit: 01d42b0dcbb3b9b0 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: c2926c2b-9701-11e8-8336-fcf8ae81aa91 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (08/03/2018 11:42:02 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (08/03/2018 10:40:27 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/03/2018 10:36:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.22013 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6a18 Startzeit: 01d42b03eebce287 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 3f7d4b87-96f8-11e8-8334-fcf8ae81aa91 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (08/04/2018 11:08:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (08/04/2018 11:07:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY) Description: Für den Miniport "Realtek PCIe GBE Family Controller, {4B58DD45-2EEF-4C3C-9D2B-9E19A7586E04}" ist das Ereignis "74" aufgetreten. Error: (08/03/2018 11:43:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "HP Support Solutions Framework Service" wurde nicht richtig gestartet. Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:35:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:34:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\windows\System32\IWMSSvc.dll Error: (08/03/2018 11:34:41 AM) (Source: DCOM) (EventID: 10010) (User: ROLLS_PC) Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Windows Defender: =================================== Date: 2017-05-04 16:39:21.013 Description: Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Betroffene Signaturen: Aktuell Fehlercode: 0x80073aba Fehlerbeschreibung: The resource is too old to be compatible. Signaturversion: 1.155.266.0;1.155.266.0 Modulversion: 1.1.9700.0 CodeIntegrity: =================================== Date: 2018-08-03 11:42:33.517 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:31.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:42:26.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:37:39.892 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-03 11:22:59.575 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:54.841 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:47.622 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2018-08-03 11:22:42.906 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 59% Total physical RAM: 8104.27 MB Available physical RAM: 3286.13 MB Total Virtual: 13480.27 MB Available Virtual: 7809.13 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:283.73 GB) (Free:151.47 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:164.36 GB) (Free:98.53 GB) NTFS \\?\Volume{544d8d37-33b0-411c-bcb9-194636f9170a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS \\?\Volume{f521da69-fec1-4e43-a83f-ac8ca729b84c}\ (PBR_DRV) (Fixed) (Total:15.34 GB) (Free:5.69 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================ |
Themen zu Chrome wird umgeleitet auf prizemediayou.com ...Trojaner, I guess. |
adobe, antivir, avdevprot, browser, defender, desktop, explorer, geht nicht mehr, homepage, hängt, langsam, log, microsoft, mozilla, office 365, opera, pdf, prizemediayou, realtek, registry, router, scan, software, system, trojaner, ublock origin, updates, windows, wmp |