Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD c0000135 %hs is missing


  • This topic is locked This topic is locked
15 replies to this topic

#1 rwittmann

rwittmann

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 16 November 2017 - 10:38 AM

Mod Edit:  Moved from AII to MRL after OP attached FRST - Hamluis.

 

We've just got a Customer PC that won't boot. We think that it's caused by Avast due to the ample google results with that errorcode.

 

Things we've tried so far.

Boot to Safemode (unable to boot)

Windows Repair with and without a Windows CD (both times unable to finish)

the usual Windows checks

 

We've come to the conclusion that it has to do something with Avast, as the bluescreen error and similarities with other cases imply.

 

Attached is this FRST Log that was run in the Windows Recovery Shell.

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-11-2017
durchgeführt von SYSTEM auf MININT-5LE7QAJ (16-11-2017 16:08:52)
Gestartet von F:\
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11
Start-Modus: Recovery
Standard: ControlSet001
ACHTUNG!:=====> Wenn das System startfähig ist sollte FRST im normalen oder abgesicherten Modus ausgeführt werden, um ein vollständiges Ergebnis zu erhalten.
 
 
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-22] (VIA)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast Business\avastUI.exe [4770952 2016-10-24] (Avast Software s.r.o.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [fvwremoted] => C:\Program Files (x86)\fastviewer Remoted Service\FastTray.exe [2109440 2015-08-21] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CanonQuickToolbox] => C:\Program Files (x86)\Canon\Quick Toolbox\cnqtbapp.exe [1854544 2014-05-13] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (CANON INC.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AWinLogon_x64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\888\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ACHTUNG
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
IFEO\acs.exe: [Debugger] svchost.exe
IFEO\AdAwareDesktop.exe: [Debugger] svchost.exe
IFEO\AdAwareService.exe: [Debugger] svchost.exe
IFEO\AdAwareTray.exe: [Debugger] svchost.exe
IFEO\AgentSvc.exe: [Debugger] svchost.exe
IFEO\AVK.exe: [Debugger] svchost.exe
IFEO\AVKProxy.exe: [Debugger] svchost.exe
IFEO\AVKService.exe: [Debugger] svchost.exe
IFEO\AVKTray.exe: [Debugger] svchost.exe
IFEO\AVKWCtlx64.exe: [Debugger] svchost.exe
IFEO\avpmapp.exe: [Debugger] svchost.exe
IFEO\av_task.exe: [Debugger] svchost.exe
IFEO\Bav.exe: [Debugger] svchost.exe
IFEO\bavhm.exe: [Debugger] svchost.exe
IFEO\BavSvc.exe: [Debugger] svchost.exe
IFEO\BavTray.exe: [Debugger] svchost.exe
IFEO\BavUpdater.exe: [Debugger] svchost.exe
IFEO\BavWebClient.exe: [Debugger] svchost.exe
IFEO\BDSSVC.EXE: [Debugger] svchost.exe
IFEO\BgScan.exe: [Debugger] svchost.exe
IFEO\BullGuard.exe: [Debugger] svchost.exe
IFEO\BullGuardBhvScanner.exe: [Debugger] svchost.exe
IFEO\BullGuardUpdate.exe: [Debugger] svchost.exe
IFEO\BullGuarScanner.exe: [Debugger] svchost.exe
IFEO\capinfos.exe: [Debugger] svchost.exe
IFEO\cavwp.exe: [Debugger] svchost.exe
IFEO\CertReg.exe: [Debugger] svchost.exe
IFEO\cis.exe: [Debugger] svchost.exe
IFEO\CisTray.exe: [Debugger] svchost.exe
IFEO\clamscan.exe: [Debugger] svchost.exe
IFEO\ClamTray.exe: [Debugger] svchost.exe
IFEO\ClamWin.exe: [Debugger] svchost.exe
IFEO\cmdagent.exe: [Debugger] svchost.exe
IFEO\ConfigSecurityPolicy.exe: [Debugger] svchost.exe
IFEO\CONSCTLX.EXE: [Debugger] svchost.exe
IFEO\coreFrameworkHost.exe: [Debugger] svchost.exe
IFEO\coreServiceShell.exe: [Debugger] svchost.exe
IFEO\dragon_updater.exe: [Debugger] svchost.exe
IFEO\dumpcap.exe: [Debugger] svchost.exe
IFEO\econceal.exe: [Debugger] svchost.exe
IFEO\econser.exe: [Debugger] svchost.exe
IFEO\editcap.exe: [Debugger] svchost.exe
IFEO\EMLPROXY.EXE: [Debugger] svchost.exe
IFEO\escanmon.exe: [Debugger] svchost.exe
IFEO\escanpro.exe: [Debugger] svchost.exe
IFEO\fcappdb.exe: [Debugger] svchost.exe
IFEO\FCDBlog.exe: [Debugger] svchost.exe
IFEO\FCHelper64.exe: [Debugger] svchost.exe
IFEO\FilMsg.exe: [Debugger] svchost.exe
IFEO\FilUp.exe: [Debugger] svchost.exe
IFEO\filwscc.exe: [Debugger] svchost.exe
IFEO\fmon.exe: [Debugger] svchost.exe
IFEO\FortiClient.exe: [Debugger] svchost.exe
IFEO\FortiClient_Diagnostic_Tool.exe: [Debugger] svchost.exe
IFEO\FortiESNAC.exe: [Debugger] svchost.exe
IFEO\FortiFW.exe: [Debugger] svchost.exe
IFEO\FortiProxy.exe: [Debugger] svchost.exe
IFEO\FortiSSLVPNdaemon.exe: [Debugger] svchost.exe
IFEO\FortiTray.exe: [Debugger] svchost.exe
IFEO\FPAVServer.exe: [Debugger] svchost.exe
IFEO\FProtTray.exe: [Debugger] svchost.exe
IFEO\FPWin.exe: [Debugger] svchost.exe
IFEO\freshclam.exe: [Debugger] svchost.exe
IFEO\freshclamwrap.exe: [Debugger] svchost.exe
IFEO\fsgk32.exe: [Debugger] svchost.exe
IFEO\FSHDLL64.exe: [Debugger] svchost.exe
IFEO\fshoster32.exe: [Debugger] svchost.exe
IFEO\FSM32.EXE: [Debugger] svchost.exe
IFEO\FSMA32.EXE: [Debugger] svchost.exe
IFEO\fsorsp.exe: [Debugger] svchost.exe
IFEO\fssm32.exe: [Debugger] svchost.exe
IFEO\GdBgInx64.exe: [Debugger] svchost.exe
IFEO\GDKBFltExe32.exe: [Debugger] svchost.exe
IFEO\GDSC.exe: [Debugger] svchost.exe
IFEO\GDScan.exe: [Debugger] svchost.exe
IFEO\guardxkickoff_x64.exe: [Debugger] svchost.exe
IFEO\guardxservice.exe: [Debugger] svchost.exe
IFEO\iptray.exe: [Debugger] svchost.exe
IFEO\K7AVScan.exe: [Debugger] svchost.exe
IFEO\K7CrvSvc.exe: [Debugger] svchost.exe
IFEO\K7EmlPxy.EXE: [Debugger] svchost.exe
IFEO\K7FWSrvc.exe: [Debugger] svchost.exe
IFEO\K7PSSrvc.exe: [Debugger] svchost.exe
IFEO\K7RTScan.exe: [Debugger] svchost.exe
IFEO\K7SysMon.Exe: [Debugger] svchost.exe
IFEO\K7TSecurity.exe: [Debugger] svchost.exe
IFEO\K7TSMain.exe: [Debugger] svchost.exe
IFEO\K7TSMngr.exe: [Debugger] svchost.exe
IFEO\LittleHook.exe: [Debugger] svchost.exe
IFEO\mbam.exe: [Debugger] svchost.exe
IFEO\mbamscheduler.exe: [Debugger] svchost.exe
IFEO\mbamservice.exe: [Debugger] svchost.exe
IFEO\MCS-Uninstall.exe: [Debugger] svchost.exe
IFEO\MCShieldCCC.exe: [Debugger] svchost.exe
IFEO\MCShieldDS.exe: [Debugger] svchost.exe
IFEO\MCShieldRTM.exe: [Debugger] svchost.exe
IFEO\mergecap.exe: [Debugger] svchost.exe
IFEO\MpCmdRun.exe: [Debugger] svchost.exe
IFEO\MpUXSrv.exe: [Debugger] svchost.exe
IFEO\MSASCui.exe: [Debugger] svchost.exe
IFEO\MsMpEng.exe: [Debugger] svchost.exe
IFEO\MWAGENT.EXE: [Debugger] svchost.exe
IFEO\MWASER.EXE: [Debugger] svchost.exe
IFEO\nanoav.exe: [Debugger] svchost.exe
IFEO\nanosvc.exe: [Debugger] svchost.exe
IFEO\nbrowser.exe: [Debugger] svchost.exe
IFEO\nfservice.exe: [Debugger] svchost.exe
IFEO\NisSrv.exe: [Debugger] svchost.exe
IFEO\njeeves2.exe: [Debugger] svchost.exe
IFEO\nnf.exe: [Debugger] svchost.exe
IFEO\nprosec.exe: [Debugger] svchost.exe
IFEO\NS.exe: [Debugger] svchost.exe
IFEO\nseupdatesvc.exe: [Debugger] svchost.exe
IFEO\nvcod.exe: [Debugger] svchost.exe
IFEO\nvcsvc.exe: [Debugger] svchost.exe
IFEO\nvoy.exe: [Debugger] svchost.exe
IFEO\nwscmon.exe: [Debugger] svchost.exe
IFEO\ONLINENT.EXE: [Debugger] svchost.exe
IFEO\OPSSVC.EXE: [Debugger] svchost.exe
IFEO\op_mon.exe: [Debugger] svchost.exe
IFEO\ProcessHacker.exe: [Debugger] svchost.exe
IFEO\procexp.exe: [Debugger] svchost.exe
IFEO\PSANHost.exe: [Debugger] svchost.exe
IFEO\PSUAMain.exe: [Debugger] svchost.exe
IFEO\PSUAService.exe: [Debugger] svchost.exe
IFEO\psview.exe: [Debugger] svchost.exe
IFEO\PtSessionAgent.exe: [Debugger] svchost.exe
IFEO\PtSvcHost.exe: [Debugger] svchost.exe
IFEO\PtWatchDog.exe: [Debugger] svchost.exe
IFEO\quamgr.exe: [Debugger] svchost.exe
IFEO\QUHLPSVC.EXE: [Debugger] svchost.exe
IFEO\rawshark.exe: [Debugger] svchost.exe
IFEO\SAPISSVC.EXE: [Debugger] svchost.exe
IFEO\SASCore64.exe: [Debugger] svchost.exe
IFEO\SASTask.exe: [Debugger] svchost.exe
IFEO\SBAMSvc.exe: [Debugger] svchost.exe
IFEO\SBAMTray.exe: [Debugger] svchost.exe
IFEO\SBPIMSvc.exe: [Debugger] svchost.exe
IFEO\SCANNER.EXE: [Debugger] svchost.exe
IFEO\SCANWSCS.EXE: [Debugger] svchost.exe
IFEO\schmgr.exe: [Debugger] svchost.exe
IFEO\scproxysrv.exe: [Debugger] svchost.exe
IFEO\ScSecSvc.exe: [Debugger] svchost.exe
IFEO\SDFSSvc.exe: [Debugger] svchost.exe
IFEO\SDScan.exe: [Debugger] svchost.exe
IFEO\SDTray.exe: [Debugger] svchost.exe
IFEO\SDWelcome.exe: [Debugger] svchost.exe
IFEO\SSUpdate64.exe: [Debugger] svchost.exe
IFEO\SUPERAntiSpyware.exe: [Debugger] svchost.exe
IFEO\SUPERDelete.exe: [Debugger] svchost.exe
IFEO\Taskmgr.exe: [Debugger] svchost.exe
IFEO\text2pcap.exe: [Debugger] svchost.exe
IFEO\TRAYICOS.EXE: [Debugger] svchost.exe
IFEO\TRAYSSER.EXE: [Debugger] svchost.exe
IFEO\trigger.exe: [Debugger] svchost.exe
IFEO\tshark.exe: [Debugger] svchost.exe
IFEO\twsscan.exe: [Debugger] svchost.exe
IFEO\twssrv.exe: [Debugger] svchost.exe
IFEO\uiSeAgnt.exe: [Debugger] svchost.exe
IFEO\uiUpdateTray.exe: [Debugger] svchost.exe
IFEO\uiWatchDog.exe: [Debugger] svchost.exe
IFEO\uiWinMgr.exe: [Debugger] svchost.exe
IFEO\UnThreat.exe: [Debugger] svchost.exe
IFEO\UserAccountControlSettings.exe: [Debugger] svchost.exe
IFEO\UserReg.exe: [Debugger] svchost.exe
IFEO\utsvc.exe: [Debugger] svchost.exe
IFEO\V3Main.exe: [Debugger] svchost.exe
IFEO\V3Medic.exe: [Debugger] svchost.exe
IFEO\V3Proxy.exe: [Debugger] svchost.exe
IFEO\V3SP.exe: [Debugger] svchost.exe
IFEO\V3Svc.exe: [Debugger] svchost.exe
IFEO\V3Up.exe: [Debugger] svchost.exe
IFEO\VIEWTCP.EXE: [Debugger] svchost.exe
IFEO\VIPREUI.exe: [Debugger] svchost.exe
IFEO\virusutilities.exe: [Debugger] svchost.exe
IFEO\WebCompanion.exe: [Debugger] svchost.exe
IFEO\wireshark.exe: [Debugger] svchost.exe
IFEO\Zanda.exe: [Debugger] svchost.exe
IFEO\Zlh.exe: [Debugger] svchost.exe
IFEO\zlhh.exe: [Debugger] svchost.exe
BootExecute: autocheck autochk * aswBoot.exe /M:791cb492 /wow /dir:"C:\Program Files\AVAST Software\Avast Business"
 
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [54344 2016-10-24] (Avast Software s.r.o.)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast Business\afwServ.exe [142704 2016-10-24] (Avast Software s.r.o.)
S4 FastViewerRemoteProxy; C:\Program Files (x86)\fastviewer Remoted Service\FastProxy.exe [749568 2015-08-21] ()
S2 FastViewerRemoteservice; C:\Program Files (x86)\fastviewer Remoted Service\FastRemoteService.exe [954368 2015-08-21] (Fastviewer.com)
S2 Galileo SSL Tunnel; C:\Program Files (x86)\Galileo\SSL\SSLClientService.exe [28672 2013-06-18] (Galileo International)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AC_Service.exe [309720 2016-06-08] (Citrix Systems, Inc.)
S2 HPSLPSVC; C:\Users\sierlinger\AppData\Local\Temp\7zS309D\hpslpsvc64.dll [1039360 2011-08-23] (Hewlett-Packard Co.) <==== ACHTUNG
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8602992 2017-09-11] (Reimage®)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2017-08-16] (TeamViewer GmbH)
S2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
S4 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [42504 2013-02-14] (COMPANYVERS_NAME)
S2 WebDataMover; C:\Program Files\WebDataMover\WebDataMover.exe [53248 2016-06-08] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [32096 2016-10-24] (Avast Software s.r.o.)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90344 2016-10-24] (Avast Software s.r.o.)
S0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-04-23] (ALWIL Software)
S0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [337536 2016-10-24] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [80376 2016-10-24] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74680 2016-10-24] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1053392 2016-10-24] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [441944 2016-10-24] (Avast Software s.r.o.)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [78264 2016-10-24] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292840 2016-10-24] ()
S3 cpuz134; \??\C:\Users\SIERLI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ACHTUNG
 
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 
==================== Ein Monat: Erstellte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2017-11-16 16:08 - 2017-11-16 16:08 - 000000000 ____D C:\FRST
2017-11-16 14:53 - 2017-11-16 14:53 - 000000000 ____D C:\Windows\System32\config\ISHBackup
2017-11-15 10:35 - 2017-11-15 10:35 - 000002051 _____ C:\Users\sierlinger\Desktop\Sierlinger_Canon_Scanner.lnk
2017-11-15 10:33 - 2017-10-18 08:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2017-11-15 10:33 - 2017-10-18 07:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-15 10:33 - 2017-10-18 03:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2017-11-15 10:33 - 2017-10-18 03:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2017-11-15 10:33 - 2017-10-18 03:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2017-11-15 10:33 - 2017-10-18 03:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2017-11-15 10:33 - 2017-10-18 03:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2017-11-15 10:33 - 2017-10-18 03:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-11-15 10:33 - 2017-10-18 03:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2017-11-15 10:33 - 2017-10-17 00:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2017-11-15 10:33 - 2017-10-16 23:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-11-15 10:33 - 2017-10-16 22:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 10:33 - 2017-10-14 09:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-11-15 10:33 - 2017-10-14 09:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2017-11-15 10:33 - 2017-10-14 09:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2017-11-15 10:33 - 2017-10-14 09:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-11-15 10:33 - 2017-10-14 09:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2017-11-15 10:33 - 2017-10-14 09:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2017-11-15 10:33 - 2017-10-14 09:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2017-11-15 10:33 - 2017-10-14 09:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2017-11-15 10:33 - 2017-10-14 09:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2017-11-15 10:33 - 2017-10-14 09:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2017-11-15 10:33 - 2017-10-14 09:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2017-11-15 10:33 - 2017-10-14 09:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2017-11-15 10:33 - 2017-10-14 09:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2017-11-15 10:33 - 2017-10-14 09:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2017-11-15 10:33 - 2017-10-14 09:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2017-11-15 10:33 - 2017-10-14 09:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2017-11-15 10:33 - 2017-10-14 09:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2017-11-15 10:33 - 2017-10-14 08:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2017-11-15 10:33 - 2017-10-14 08:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2017-11-15 10:33 - 2017-10-14 08:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2017-11-15 10:33 - 2017-10-14 08:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-11-15 10:33 - 2017-10-14 08:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2017-11-15 10:33 - 2017-10-14 08:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2017-11-15 10:33 - 2017-10-14 08:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2017-11-15 10:33 - 2017-10-14 08:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2017-11-15 10:33 - 2017-10-14 08:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2017-11-15 10:33 - 2017-10-14 08:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2017-11-15 10:33 - 2017-10-14 08:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-11-15 10:33 - 2017-10-14 08:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-11-15 10:33 - 2017-10-14 08:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2017-11-15 10:33 - 2017-10-14 08:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2017-11-15 10:33 - 2017-10-14 08:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2017-11-15 10:33 - 2017-10-14 08:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-11-15 10:33 - 2017-10-14 08:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-15 10:33 - 2017-10-14 08:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-11-15 10:33 - 2017-10-14 08:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-15 10:33 - 2017-10-14 07:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2017-11-15 10:33 - 2017-10-14 07:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-15 10:33 - 2017-10-14 07:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-15 10:33 - 2017-10-14 07:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-15 10:33 - 2017-10-14 07:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-15 10:33 - 2017-10-14 07:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-15 10:33 - 2017-10-14 07:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-15 10:33 - 2017-10-14 07:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-15 10:33 - 2017-10-14 07:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-15 10:33 - 2017-10-14 07:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-15 10:33 - 2017-10-14 07:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-15 10:33 - 2017-10-14 07:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-15 10:33 - 2017-10-14 07:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-15 10:33 - 2017-10-14 07:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-15 10:33 - 2017-10-14 07:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-15 10:33 - 2017-10-14 07:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-15 10:33 - 2017-10-14 07:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-15 10:33 - 2017-10-14 07:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-15 10:33 - 2017-10-14 07:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-15 10:33 - 2017-10-14 07:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-15 10:33 - 2017-10-14 07:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-15 10:33 - 2017-10-14 07:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-15 10:33 - 2017-10-14 07:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-15 10:33 - 2017-10-14 07:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-15 10:33 - 2017-10-14 07:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-15 10:33 - 2017-10-14 07:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-15 10:33 - 2017-10-14 07:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-15 10:33 - 2017-10-14 07:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-15 10:33 - 2017-10-14 07:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-15 10:33 - 2017-10-14 07:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-15 10:33 - 2017-10-12 01:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2017-11-15 10:33 - 2017-10-12 01:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\System32\tquery.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\System32\Query.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\System32\mssph.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\System32\mssitlb.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2017-11-15 10:33 - 2017-10-12 01:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2017-11-15 10:33 - 2017-10-12 01:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2017-11-15 10:33 - 2017-10-12 01:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-15 10:33 - 2017-10-12 01:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2017-11-15 10:33 - 2017-10-12 01:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2017-11-15 10:33 - 2017-10-12 01:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2017-11-15 10:33 - 2017-10-12 01:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-15 10:33 - 2017-10-12 01:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-15 10:33 - 2017-10-12 01:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-15 10:33 - 2017-10-12 01:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-15 10:33 - 2017-10-12 01:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-15 10:33 - 2017-10-12 01:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-15 10:33 - 2017-10-12 01:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-15 10:33 - 2017-10-12 01:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-15 10:33 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-15 10:33 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-15 10:33 - 2017-10-12 01:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2017-11-15 10:33 - 2017-10-12 01:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2017-11-15 10:33 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
2017-11-15 10:32 - 2017-10-18 03:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2017-11-15 10:32 - 2017-10-18 03:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-11-15 10:32 - 2017-10-15 23:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2017-11-15 10:32 - 2017-10-04 14:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2017-11-15 10:32 - 2017-10-04 14:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2017-11-15 10:32 - 2017-10-04 14:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2017-11-15 10:32 - 2017-10-04 14:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2017-11-15 10:32 - 2017-10-04 14:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2017-11-15 10:32 - 2017-10-04 14:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2017-11-15 10:32 - 2017-10-04 14:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2017-11-15 10:14 - 2017-11-15 10:14 - 000000000 ____T C:\Windows\System32\CNBJNP_60128BA950C3
2017-11-15 09:31 - 2015-08-26 12:15 - 000346624 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_D0L.dll
2017-11-15 09:31 - 2015-05-27 12:08 - 000098048 _____ C:\Windows\SysWOW64\CNC1792D.TBL
2017-11-15 09:31 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2017-11-15 09:27 - 2017-11-15 09:27 - 000000000 ____D C:\Users\sierlinger\Downloads\m68n-win-mb2700-1_00-ea34_2
2017-11-15 09:27 - 2015-11-24 06:00 - 000254464 _____ (CANON INC.) C:\Windows\System32\CNCALD0.DLL
2017-11-15 09:27 - 2015-11-18 05:00 - 000436736 _____ (CANON INC.) C:\Windows\System32\CNMLMD0.DLL
2017-11-15 09:26 - 2017-11-15 09:26 - 041311872 _____ C:\Users\sierlinger\Downloads\m68n-win-mb2700-1_00-ea34_2.exe
2017-11-15 09:23 - 2017-11-15 09:23 - 058449576 _____ C:\Users\sierlinger\Downloads\win-mb2700-1_0-n_mcd.exe
2017-11-14 17:43 - 2017-11-14 17:43 - 000506397 _____ C:\Users\sierlinger\Documents\IMG_20171114_0004.pdf
2017-11-14 16:20 - 2017-11-14 16:21 - 000591709 _____ C:\Users\sierlinger\Documents\IMG_20171114_0003.pdf
2017-11-14 11:04 - 2017-11-14 11:04 - 000474306 _____ C:\Users\sierlinger\Documents\IMG_20171114_0002.pdf
2017-11-14 07:05 - 2017-11-14 07:05 - 000283868 _____ C:\Users\sierlinger\Documents\IMG_20171114_0001.pdf
2017-11-13 15:57 - 2017-11-13 15:57 - 000445601 _____ C:\Users\sierlinger\Documents\IMG_20171113_0005.pdf
2017-11-13 15:26 - 2017-11-13 15:27 - 000217733 _____ C:\Users\sierlinger\Documents\IMG_20171113_0004.pdf
2017-11-13 15:00 - 2017-11-13 15:00 - 000565121 _____ C:\Users\sierlinger\Documents\IMG_20171113_0003.pdf
2017-11-13 14:46 - 2017-11-13 14:46 - 001081333 _____ C:\Users\sierlinger\Documents\IMG_20171113_0002.pdf
2017-11-13 14:24 - 2017-11-13 14:24 - 000821052 _____ C:\Users\sierlinger\Documents\IMG_20171113_0001.pdf
2017-11-12 08:57 - 2017-11-12 08:58 - 000626986 _____ C:\Users\sierlinger\Documents\IMG_20171112_0001.pdf
2017-11-10 15:53 - 2017-11-10 15:53 - 002280460 _____ C:\Users\sierlinger\Documents\IMG_20171110_0003.pdf
2017-11-10 15:17 - 2017-11-10 15:18 - 000769332 _____ C:\Users\sierlinger\Documents\IMG_20171110_0002.pdf
2017-11-10 14:17 - 2017-11-10 14:18 - 001006326 _____ C:\Users\sierlinger\Documents\IMG_20171110_0001.pdf
2017-11-10 10:41 - 2017-11-10 10:41 - 000000000 ____D C:\Users\sierlinger\AppData\Local\JxBrowser
2017-11-10 10:41 - 2017-11-10 10:41 - 000000000 ____D C:\Users\sierlinger\AppData\Local\Chromium
2017-11-09 18:36 - 2017-11-09 18:36 - 001018032 _____ C:\Users\sierlinger\Documents\IMG_20171109_0003.pdf
2017-11-09 17:51 - 2017-11-09 17:52 - 007341771 _____ C:\Users\sierlinger\Documents\IMG_20171109_0002.pdf
2017-11-09 06:44 - 2017-11-09 06:44 - 002656546 _____ C:\Users\sierlinger\Documents\IMG_20171109_0001.pdf
2017-11-08 08:09 - 2017-11-08 08:09 - 000752454 _____ C:\Users\sierlinger\Documents\IMG_20171108_0001.pdf
2017-11-07 14:34 - 2017-11-07 14:34 - 001083453 _____ C:\Users\sierlinger\Documents\IMG_20171107_0002.pdf
2017-11-07 11:49 - 2017-11-07 11:50 - 002123945 _____ C:\Users\sierlinger\Documents\IMG_20171107_0001.pdf
2017-11-06 14:51 - 2017-11-06 14:51 - 000172428 _____ C:\Users\sierlinger\Documents\IMG_20171106_0007.pdf
2017-11-06 14:29 - 2017-11-06 14:29 - 000244230 _____ C:\Users\sierlinger\Documents\IMG_20171106_0006.pdf
2017-11-06 12:12 - 2017-11-06 12:12 - 000507076 _____ C:\Users\sierlinger\Documents\IMG_20171106_0005.pdf
2017-11-06 12:07 - 2017-11-06 12:08 - 000535973 _____ C:\Users\sierlinger\Documents\IMG_20171106_0004.pdf
2017-11-06 11:44 - 2017-11-06 11:44 - 001715449 _____ C:\Users\sierlinger\Documents\IMG_20171106_0003.pdf
2017-11-06 10:58 - 2017-11-06 10:59 - 006257240 _____ C:\Users\sierlinger\Documents\IMG_20171106_0002.pdf
2017-11-06 10:36 - 2017-11-06 10:36 - 000478784 _____ C:\Users\sierlinger\Documents\IMG_20171106_0001.pdf
2017-11-05 09:03 - 2017-11-05 09:03 - 001066763 _____ C:\Users\sierlinger\Documents\IMG_20171105_0002.pdf
2017-11-05 06:55 - 2017-11-05 06:55 - 001160325 _____ C:\Users\sierlinger\Documents\IMG_20171105_0001.pdf
2017-11-04 06:31 - 2017-11-04 06:31 - 001992918 _____ C:\Users\sierlinger\Documents\IMG_20171104_0003.pdf
2017-11-04 06:11 - 2017-11-04 06:11 - 000996175 _____ C:\Users\sierlinger\Documents\IMG_20171104_0002.pdf
2017-11-04 06:05 - 2017-11-04 06:05 - 000603240 _____ C:\Users\sierlinger\Downloads\BoardingPassAMONGABRIELE.pdf
2017-11-04 06:03 - 2017-11-04 06:03 - 000557572 _____ C:\Users\sierlinger\Documents\IMG_20171104_0001.pdf
2017-11-03 17:51 - 2017-11-03 17:51 - 000976575 _____ C:\Users\sierlinger\Documents\IMG_20171103_0003.pdf
2017-11-03 17:21 - 2017-11-03 17:21 - 000160653 _____ C:\Users\sierlinger\Documents\IMG_20171103_0002.pdf
2017-11-03 15:56 - 2017-11-03 15:56 - 000639595 _____ C:\Users\sierlinger\Documents\IMG_20171103_0001.pdf
2017-11-03 14:22 - 2015-08-26 12:15 - 000346624 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_D3L.dll
2017-11-03 14:22 - 2015-05-27 12:08 - 000099072 _____ C:\Windows\SysWOW64\CNC178FD.TBL
2017-11-03 14:17 - 2017-11-03 14:17 - 000000000 ____D C:\Users\Administrator.PC_SIERLINGER\Downloads\m68n-win-mb5400-1_00-ea34_2
2017-11-03 14:17 - 2015-11-24 06:00 - 000254464 _____ (CANON INC.) C:\Windows\System32\CNCALD3.DLL
2017-11-03 14:17 - 2015-11-18 05:00 - 000436736 _____ (CANON INC.) C:\Windows\System32\CNMLMD3.DLL
2017-11-03 14:16 - 2017-11-03 14:17 - 041320064 _____ C:\Users\Administrator.PC_SIERLINGER\Downloads\m68n-win-mb5400-1_00-ea34_2.exe
2017-10-31 09:55 - 2017-10-31 09:56 - 001014065 _____ C:\Users\sierlinger\Documents\IMG_20171031_0002.pdf
2017-10-31 06:01 - 2017-10-31 06:02 - 005113016 _____ C:\Users\sierlinger\Documents\IMG_20171031_0001.pdf
2017-10-30 16:03 - 2017-11-16 15:32 - 000000000 ____D C:\Users\administrator\Downloads\win-mb5400-1_0-n_mcd
2017-10-30 16:01 - 2017-10-30 16:02 - 058449576 _____ C:\Users\administrator\Downloads\win-mb5400-1_0-n_mcd.exe
2017-10-30 15:57 - 2017-10-30 15:57 - 058449576 _____ C:\Users\sierlinger\Downloads\win-mb5400-1_0-n_mcd.exe
2017-10-30 14:15 - 2017-10-30 14:15 - 000689344 _____ C:\Users\sierlinger\Documents\IMG_20171030_0005.pdf
2017-10-30 11:47 - 2017-10-30 11:48 - 001036233 _____ C:\Users\sierlinger\Documents\IMG_20171030_0004.pdf
2017-10-30 08:04 - 2017-10-30 08:04 - 000242422 _____ C:\Users\sierlinger\Documents\IMG_20171030_0003.pdf
2017-10-30 07:32 - 2017-10-30 07:33 - 001818198 _____ C:\Users\sierlinger\Documents\IMG_20171030_0002.pdf
2017-10-30 06:56 - 2017-10-30 06:56 - 000996207 _____ C:\Users\sierlinger\Documents\IMG_20171030_0001.pdf
2017-10-28 05:18 - 2017-10-28 05:18 - 002421345 _____ C:\Users\sierlinger\Documents\IMG_20171028_0001.pdf
2017-10-27 12:24 - 2017-10-27 12:25 - 001719931 _____ C:\Users\sierlinger\Documents\IMG_20171027_0002.pdf
2017-10-27 08:57 - 2017-10-27 08:57 - 000229642 _____ C:\Users\sierlinger\Documents\IMG_20171027_0001.pdf
2017-10-26 08:12 - 2017-10-26 08:12 - 001597213 _____ C:\Users\sierlinger\Documents\IMG_20171026_0001.pdf
2017-10-25 16:59 - 2017-10-25 16:59 - 000645047 _____ C:\Users\sierlinger\Documents\IMG_20171025_0006.pdf
2017-10-25 15:27 - 2017-10-25 15:28 - 001571356 _____ C:\Users\sierlinger\Documents\IMG_20171025_0005.pdf
2017-10-25 10:46 - 2017-10-25 10:46 - 000686105 _____ C:\Users\sierlinger\Documents\IMG_20171025_0004.pdf
2017-10-25 09:10 - 2017-10-25 09:10 - 000491807 _____ C:\Users\sierlinger\Documents\IMG_20171025_0003.pdf
2017-10-25 08:48 - 2017-10-25 08:49 - 001516179 _____ C:\Users\sierlinger\Documents\IMG_20171025_0002.pdf
2017-10-25 07:02 - 2017-10-25 07:02 - 000512866 _____ C:\Users\sierlinger\Documents\IMG_20171025_0001.pdf
2017-10-24 15:19 - 2017-10-24 15:19 - 000295197 _____ C:\Users\sierlinger\Documents\IMG_20171024_0004.pdf
2017-10-24 15:05 - 2017-10-24 15:05 - 001125628 _____ C:\Users\sierlinger\Documents\IMG_20171024_0003.pdf
2017-10-24 11:55 - 2017-10-24 11:55 - 001328457 _____ C:\Users\sierlinger\Downloads\BoardingPass_20171024_125521_6ZZ8VE.pdf
2017-10-24 11:55 - 2017-10-24 11:55 - 001328457 _____ C:\Users\sierlinger\Downloads\BoardingPass_20171024_125501_6ZZ8VE.pdf
2017-10-24 11:54 - 2017-10-24 11:54 - 001328457 _____ C:\Users\sierlinger\Downloads\BoardingPass_20171024_125441_6ZZ8VE.pdf
2017-10-24 11:30 - 2017-10-24 11:30 - 001984667 _____ C:\Users\sierlinger\Documents\IMG_20171024_0002.pdf
2017-10-24 05:47 - 2017-10-24 05:47 - 000490723 _____ C:\Users\sierlinger\Documents\IMG_20171024_0001.pdf
2017-10-23 15:45 - 2017-10-23 15:45 - 000125938 _____ C:\Users\sierlinger\Documents\IMG_20171023_0006.pdf
2017-10-23 15:44 - 2017-10-23 15:44 - 000127688 _____ C:\Users\sierlinger\Documents\IMG_20171023_0005.pdf
2017-10-23 15:39 - 2017-10-23 15:39 - 000006153 _____ C:\Users\sierlinger\Documents\IMG_20171023_0004.pdf
2017-10-23 15:35 - 2017-10-23 15:35 - 000142215 _____ C:\Users\sierlinger\Documents\IMG_20171023_0003.pdf
2017-10-23 14:18 - 2017-10-23 14:18 - 000377772 _____ C:\Users\sierlinger\Downloads\BoardingPass_20171023_151821_CASTORAL_BEATRIX_WYXFXC.pdf
2017-10-23 14:18 - 2017-10-23 14:18 - 000377772 _____ C:\Users\sierlinger\Downloads\BoardingPass_20171023_151810_CASTORAL_BEATRIX_WYXFXC.pdf
2017-10-23 14:15 - 2017-10-23 14:15 - 000376678 _____ C:\Users\sierlinger\Downloads\BoardingPass_20171023_151532_CASTORAL_RALF_WYVEB8.pdf
2017-10-23 14:15 - 2017-10-23 14:15 - 000376678 _____ C:\Users\sierlinger\Downloads\BoardingPass_20171023_151526_CASTORAL_RALF_WYVEB8.pdf
2017-10-23 12:50 - 2017-10-23 12:51 - 002185302 _____ C:\Users\sierlinger\Documents\IMG_20171023_0002.pdf
2017-10-23 09:48 - 2017-10-23 09:48 - 000869622 _____ C:\Users\sierlinger\Documents\IMG_20171023_0001.pdf
2017-10-20 13:46 - 2017-10-20 13:46 - 000801565 _____ C:\Users\sierlinger\Documents\IMG_20171020_0002.pdf
2017-10-20 13:32 - 2017-10-20 13:32 - 001025905 _____ C:\Users\sierlinger\Documents\IMG_20171020_0001.pdf
2017-10-19 17:27 - 2017-10-19 17:28 - 002026889 _____ C:\Users\sierlinger\Documents\IMG_20171019_0003.pdf
2017-10-19 15:31 - 2017-10-19 15:31 - 001574853 _____ C:\Users\sierlinger\Documents\IMG_20171019_0002.pdf
2017-10-19 12:41 - 2017-10-19 12:41 - 003261199 _____ C:\Users\sierlinger\Documents\IMG_20171019_0001.pdf
2017-10-18 12:25 - 2017-10-18 12:26 - 008459653 _____ C:\Users\sierlinger\Documents\IMG_20171018_0001.pdf
 
==================== Ein Monat: Geänderte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2017-11-16 15:32 - 2016-06-08 11:12 - 000000000 ____D C:\Program Files\WebDataMover
2017-11-16 15:32 - 2015-09-15 15:48 - 000000000 ___HD C:\ProgramData\CanonIJScan
2017-11-16 15:32 - 2015-06-05 05:09 - 000000000 ____D C:\rei
2017-11-16 15:32 - 2014-12-10 03:22 - 000000000 ____D C:\Windows\System32\appraiser
2017-11-16 15:32 - 2014-05-07 02:00 - 000000000 ___SD C:\Windows\System32\CompatTel
2017-11-16 15:32 - 2012-06-27 05:07 - 000000000 ____D C:\Users\sierlinger\AppData\Roaming\FinalMediaPlayer
2017-11-16 15:32 - 2012-02-25 08:05 - 000000000 ____D C:\Windows\System32\Macromed
2017-11-16 15:32 - 2011-09-01 10:04 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-16 15:32 - 2011-09-01 09:43 - 000000000 ____D C:\Program Files (x86)\PDFCreator
2017-11-16 15:32 - 2011-09-01 09:11 - 000000000 ____D C:\users\sierlinger
2017-11-16 15:32 - 2009-07-14 04:20 - 000000000 __RSD C:\Windows\Media
2017-11-16 15:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-11-16 15:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-11-16 15:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-16 15:32 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-11-16 03:23 - 2011-09-01 09:11 - 000000314 ___SH C:\Users\sierlinger\ntuser.ini
2017-11-16 03:13 - 2009-07-14 05:45 - 000032096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-16 03:13 - 2009-07-14 05:45 - 000032096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-16 01:26 - 2011-09-01 09:10 - 000000152 _____ C:\Windows\System32\config\netlogon2.ftl
2017-11-15 23:46 - 2013-11-15 05:53 - 000002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-15 16:51 - 2015-04-08 14:28 - 000000157 _____ C:\Users\sierlinger\irisplus-user.properties
2017-11-15 16:40 - 2015-04-08 14:28 - 000000000 ____D C:\Users\sierlinger\irisplus-resources
2017-11-15 10:21 - 2016-08-11 05:25 - 000000259 _____ C:\Windows\SysWOW64\test.txt
2017-11-15 10:19 - 2012-06-27 05:07 - 000000420 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2017-11-15 10:13 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-15 10:12 - 2016-03-16 09:32 - 000000000 ____D C:\Users\sierlinger\.oracle_jre_usage
2017-11-15 10:12 - 2011-09-01 10:40 - 000000000 ____D C:\Users\sierlinger\AppData\Roaming\ICAClient
2017-11-15 10:02 - 2011-09-01 10:20 - 000000000 ____D C:\temp
2017-11-15 09:41 - 2015-09-15 07:54 - 000000000 ____D C:\Program Files (x86)\Canon
2017-11-15 09:30 - 2015-09-15 07:57 - 000000000 ___HD C:\ProgramData\CanonIJFAX
2017-11-14 23:03 - 2012-05-07 11:23 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-14 23:03 - 2012-05-07 11:23 - 000004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-11-14 23:03 - 2011-09-01 10:04 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-14 15:59 - 2016-11-07 15:55 - 000000414 _____ C:\Users\sierlinger\Desktop\http--fti-ticketshop.at-.website
2017-11-14 15:09 - 2016-01-13 09:29 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-14 00:40 - 2011-11-05 09:48 - 000003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 00:40 - 2011-11-05 09:48 - 000003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-11 06:57 - 2015-06-05 05:10 - 000004296 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-11-11 06:57 - 2015-06-05 05:09 - 000001939 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2017-11-11 06:57 - 2015-06-05 05:04 - 000000167 _____ C:\Windows\Reimage.ini
2017-11-09 18:00 - 2012-11-05 13:46 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-30 16:04 - 2015-09-15 07:53 - 000071880 _____ C:\Users\Administrator.PC_SIERLINGER\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-30 16:00 - 2011-11-14 14:32 - 000000000 ____D C:\Users\administrator\AppData\LocalLow\HPAppData
2017-10-30 15:59 - 2015-09-15 07:49 - 000071880 _____ C:\Users\administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-26 06:07 - 2017-02-03 16:23 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-10-22 14:37 - 2013-10-21 04:47 - 000000000 ____D C:\ProgramData\Oracle
2017-10-22 13:28 - 2014-04-18 09:56 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
 
Einige Dateien in TEMP:
====================
2014-05-15 20:10 - 2014-05-15 20:10 - 001122384 ____N (CANON INC.) C:\Users\administrator\AppData\Local\Temp\MSETUP4.EXE
2014-05-15 20:10 - 2014-05-15 20:10 - 001122384 ____N (CANON INC.) C:\Users\Administrator.PC_SIERLINGER\AppData\Local\Temp\MSETUP4.EXE
2013-03-08 15:10 - 2013-03-08 15:10 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\10fvwautoupd.exe
2013-03-21 13:06 - 2013-03-21 13:07 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\11fvwautoupd.exe
2013-05-02 10:47 - 2013-05-02 10:47 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\12fvwautoupd.exe
2013-05-17 12:29 - 2013-05-17 12:29 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\13fvwautoupd.exe
2013-06-10 07:07 - 2013-06-10 07:07 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\14fvwautoupd.exe
2013-06-12 08:38 - 2013-06-12 08:38 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\15fvwautoupd.exe
2013-06-12 08:41 - 2013-06-12 08:41 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\16fvwautoupd.exe
2013-08-09 10:32 - 2013-08-09 10:32 - 001925120 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\17fvwautoupd.exe
2013-08-12 06:43 - 2013-08-12 06:43 - 001925120 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\18fvwautoupd.exe
2013-08-22 07:24 - 2013-08-22 07:24 - 001925120 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\19fvwautoupd.exe
2012-03-27 16:00 - 2012-03-27 16:00 - 001504096 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\1fvwautoupd.exe
2013-08-22 08:58 - 2013-08-22 08:58 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\20fvwautoupd.exe
2013-08-29 10:48 - 2013-08-29 10:48 - 001925120 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\21fvwautoupd.exe
2013-10-17 08:29 - 2013-10-17 08:29 - 001925120 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\22fvwautoupd.exe
2013-11-20 11:58 - 2013-11-20 11:58 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\23fvwautoupd.exe
2014-04-23 10:23 - 2014-04-23 10:23 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\24fvwautoupd.exe
2014-04-23 10:24 - 2014-04-23 10:24 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\25fvwautoupd.exe
2014-04-23 13:09 - 2014-04-23 13:09 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\26fvwautoupd.exe
2014-07-03 08:31 - 2014-07-03 08:31 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\27fvwautoupd.exe
2014-07-03 08:32 - 2014-07-03 08:32 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\28fvwautoupd.exe
2014-07-03 08:33 - 2014-07-03 08:33 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\29fvwautoupd.exe
2012-07-02 13:28 - 2012-07-02 13:28 - 001504096 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\2fvwautoupd.exe
2014-09-26 14:42 - 2014-09-26 14:42 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\30fvwautoupd.exe
2014-10-27 14:19 - 2014-10-27 14:19 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\31fvwautoupd.exe
2014-10-27 14:20 - 2014-10-27 14:20 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\32fvwautoupd.exe
2014-11-24 13:57 - 2014-11-24 13:57 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\33fvwautoupd.exe
2015-02-05 13:26 - 2015-02-05 13:26 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\34fvwautoupd.exe
2015-02-05 13:28 - 2015-02-05 13:28 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\35fvwautoupd.exe
2015-08-25 08:40 - 2015-08-25 08:41 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\36fvwautoupd.exe
2015-08-25 09:26 - 2015-08-25 09:26 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\37fvwautoupd.exe
2015-08-25 09:53 - 2015-08-25 09:53 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\38fvwautoupd.exe
2015-08-27 07:25 - 2015-08-27 07:25 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\39fvwautoupd.exe
2012-08-13 12:06 - 2012-08-13 12:06 - 001761280 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\3fvwautoupd.exe
2015-08-27 07:25 - 2015-08-27 07:25 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\40fvwautoupd.exe
2016-02-16 11:29 - 2016-02-16 11:29 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\41fvwautoupd.exe
2016-04-04 09:31 - 2016-04-04 09:31 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\42fvwautoupd.exe
2016-04-04 09:32 - 2016-04-04 09:32 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\43fvwautoupd.exe
2016-04-06 09:47 - 2016-04-06 09:47 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\44fvwautoupd.exe
2016-04-07 14:46 - 2016-04-07 14:46 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\45fvwautoupd.exe
2016-04-07 14:47 - 2016-04-07 14:47 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\46fvwautoupd.exe
2017-03-16 16:17 - 2017-03-16 16:17 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\47fvwautoupd.exe
2017-05-22 13:47 - 2017-05-22 13:48 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\48fvwautoupd.exe
2012-08-30 14:45 - 2012-08-30 14:45 - 001761280 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\4fvwautoupd.exe
2012-09-15 09:15 - 2012-09-15 09:15 - 001504096 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\5fvwautoupd.exe
2012-09-15 09:28 - 2012-09-15 09:28 - 001504096 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\6fvwautoupd.exe
2012-09-17 09:35 - 2012-09-17 09:35 - 001761280 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\7fvwautoupd.exe
2013-01-11 13:36 - 2013-01-11 13:36 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\8fvwautoupd.exe
2013-03-05 12:49 - 2013-03-05 12:49 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\9fvwautoupd.exe
2013-10-21 04:47 - 2013-10-21 04:47 - 000510928 _____ (Ask Partner Network) C:\Users\sierlinger\AppData\Local\Temp\APNSetup.exe
2012-09-14 14:01 - 2012-09-14 14:01 - 000005120 _____ (ALWIL Software) C:\Users\sierlinger\AppData\Local\Temp\aswV5Hlp.dll
2013-01-17 12:44 - 2012-08-30 18:19 - 004327024 _____ (Foxit Corporation) C:\Users\sierlinger\AppData\Local\Temp\Foxit Updater.exe
2012-05-07 11:22 - 2012-05-07 11:22 - 004139680 _____ (Adobe Systems Incorporated) C:\Users\sierlinger\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
2012-06-25 10:35 - 2012-06-25 10:35 - 000633104 _____ () C:\Users\sierlinger\AppData\Local\Temp\fvw_k[2188].exe
2012-06-25 11:51 - 2012-06-25 11:51 - 000633104 _____ () C:\Users\sierlinger\AppData\Local\Temp\fvw_k[8540].exe
2011-11-05 09:48 - 2011-11-05 09:48 - 002376368 _____ (Google Inc.) C:\Users\sierlinger\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
2011-09-01 09:39 - 2011-09-01 10:12 - 380301488 _____ () C:\Users\sierlinger\AppData\Local\Temp\HPInstaller.exe
2011-11-14 22:08 - 2011-11-14 22:08 - 000909088 _____ (Sun Microsystems, Inc.) C:\Users\sierlinger\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
2012-08-29 13:07 - 2012-08-29 13:07 - 000908272 _____ (Sun Microsystems, Inc.) C:\Users\sierlinger\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
2012-10-26 16:05 - 2012-10-26 16:05 - 000912368 _____ (Sun Microsystems, Inc.) C:\Users\sierlinger\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
2013-02-16 06:00 - 2013-02-16 06:00 - 000897448 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
2013-03-01 21:00 - 2013-03-01 21:00 - 000897448 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
2013-04-05 15:44 - 2013-04-05 15:44 - 000904104 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
2013-06-22 02:58 - 2013-06-22 02:58 - 000903080 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 19:27 - 2013-10-08 19:27 - 000915368 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2014-04-15 21:50 - 2014-04-15 21:50 - 000921512 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-09-29 18:06 - 2014-09-29 18:06 - 000937896 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2017-01-18 06:32 - 2017-01-18 06:32 - 000739904 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-19 05:32 - 2017-04-19 05:32 - 000739904 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-07-30 13:27 - 2017-07-30 13:27 - 000740416 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-10-22 13:27 - 2017-10-22 13:27 - 001856576 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u151-windows-au.exe
2015-03-04 09:57 - 2015-03-15 09:57 - 000561576 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u40-windows-au.exe
2015-04-15 08:57 - 2015-04-15 08:57 - 000562088 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u45-windows-au.exe
2015-10-21 10:14 - 2015-10-21 10:14 - 000585824 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u65-windows-au.exe
2016-01-20 11:14 - 2016-01-20 11:14 - 000644704 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u71-windows-au.exe
2014-05-15 20:10 - 2014-05-15 20:10 - 001122384 ____N (CANON INC.) C:\Users\sierlinger\AppData\Local\Temp\MSETUP4.EXE
2016-04-05 22:09 - 2016-04-05 22:09 - 000027136 _____ () C:\Users\sierlinger\AppData\Local\Temp\piecer.dll
2017-09-01 11:25 - 2017-09-01 11:25 - 000043520 _____ () C:\Users\sierlinger\AppData\Local\Temp\proxy_vole5920777710392867692.dll
2017-09-01 11:26 - 2017-09-01 11:26 - 000043520 ____N () C:\Users\sierlinger\AppData\Local\Temp\proxy_vole8939342035819460420.dll
2015-06-05 05:08 - 2017-11-11 06:56 - 014280864 _____ (Reimage) C:\Users\sierlinger\AppData\Local\Temp\ReimagePackage.exe
2016-09-01 10:00 - 2016-09-01 10:00 - 000603704 _____ (Reimage) C:\Users\sierlinger\AppData\Local\Temp\ReimageRepair.exe
2016-10-30 09:08 - 2017-11-11 06:56 - 000605376 _____ (Reimage) C:\Users\sierlinger\AppData\Local\Temp\ReimageRepairTemp.exe
2015-06-05 05:09 - 2015-06-05 05:09 - 000295912 _____ (Reimage®) C:\Users\sierlinger\AppData\Local\Temp\ReiSysUpdate.exe
2013-05-09 12:53 - 2013-05-09 12:53 - 008192280 _____ () C:\Users\sierlinger\AppData\Local\Temp\SmartbarExeInstaller.exe
2017-02-09 03:29 - 2017-02-09 03:29 - 000695808 _____ () C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-268f6755-c3d2-4f35-9d43-9378b88a165d-sqlitejdbc.dll
2017-03-23 00:05 - 2017-03-23 00:05 - 000695808 _____ () C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-288ddfd9-a511-4329-ae4d-4c4926c5f1f3-sqlitejdbc.dll
2017-03-10 02:13 - 2017-03-10 02:13 - 000695808 _____ () C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-758b2d06-cf7a-4486-9f8c-ba75764b0022-sqlitejdbc.dll
2017-02-20 04:34 - 2017-02-20 04:34 - 000695808 ____N () C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-aa24579c-6700-4f11-9710-56c1be5fb0c5-sqlitejdbc.dll
2017-03-29 02:14 - 2017-03-29 02:14 - 000695808 _____ () C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-c097ede8-3c66-4018-92cc-5897f30d87a2-sqlitejdbc.dll
2014-10-07 05:39 - 2014-10-07 05:39 - 000011264 _____ () C:\Users\sierlinger\AppData\Local\Temp\System.dll
2011-08-03 14:23 - 2011-08-03 14:23 - 000828944 _____ (GlavSoft LLC.) C:\Users\sierlinger\AppData\Local\Temp\tvnserver.exe
2013-06-12 08:42 - 2013-05-20 08:38 - 000395248 _____ (Babylon Ltd.) C:\Users\sierlinger\AppData\Local\Temp\uninst1.exe
2017-01-12 09:38 - 2017-01-12 09:38 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows1035082910145211335.dll
2017-04-03 07:27 - 2017-04-03 07:27 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows1163122409435896571.dll
2016-08-11 10:54 - 2016-08-11 10:54 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows1183072880446115078.dll
2017-02-09 03:29 - 2017-02-09 03:29 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows1331441442982658771.dll
2016-10-31 10:44 - 2016-10-31 10:44 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows1494873060436198568.dll
2017-03-30 09:49 - 2017-03-30 09:49 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows1534037975956945447.dll
2017-01-24 14:56 - 2017-01-24 14:56 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows1573256777534885526.dll
2017-03-15 08:10 - 2017-03-15 08:10 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows2056885976908481970.dll
2017-01-05 00:41 - 2017-01-05 00:41 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows2381625360707533143.dll
2016-10-31 10:44 - 2016-10-31 10:44 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows242757692969190949.dll
2017-03-30 08:03 - 2017-03-30 08:03 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows2526246206827447720.dll
2017-03-28 05:16 - 2017-03-28 05:16 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows2550451353301539763.dll
2016-10-18 16:01 - 2016-10-18 16:01 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows277911315481704964.dll
2017-03-15 06:01 - 2017-03-15 06:01 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows3299138123834174315.dll
2017-02-20 04:34 - 2017-02-20 04:34 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows3455980230349914084.dll
2017-01-29 09:16 - 2017-01-29 09:16 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows403288133830292052.dll
2017-01-05 00:41 - 2017-01-05 00:41 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4234359817331048863.dll
2017-04-03 07:54 - 2017-04-03 07:54 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4285214011182943549.dll
2017-05-02 13:09 - 2017-05-02 13:09 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4379680405355328704.dll
2016-09-26 00:29 - 2016-09-26 00:29 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4667221925445175609.dll
2017-04-18 13:25 - 2017-04-18 13:25 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4689139944846814134.dll
2017-01-22 07:50 - 2017-01-22 07:50 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4740323957681001641.dll
2016-10-30 22:10 - 2016-10-30 22:10 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4791359857795620985.dll
2017-05-11 05:18 - 2017-05-11 05:18 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4997403067981077413.dll
2017-03-23 00:05 - 2017-03-23 00:05 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows5108105454830893069.dll
2016-08-17 15:39 - 2016-08-17 15:39 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows522636755138584827.dll
2016-10-18 16:01 - 2016-10-18 16:01 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows5227622502502547906.dll
2016-09-08 04:52 - 2016-09-08 04:52 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows5368409901493865842.dll
2017-01-25 12:36 - 2017-01-25 12:36 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows5509762120597835916.dll
2017-03-29 02:14 - 2017-03-29 02:14 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows6109937091314622049.dll
2017-04-19 19:01 - 2017-04-19 19:01 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows6436127298633248271.dll
2017-01-22 07:50 - 2017-01-22 07:50 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows6557521847518305292.dll
2017-01-23 18:12 - 2017-01-23 18:12 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows7113266582806943326.dll
2017-01-23 18:12 - 2017-01-23 18:12 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows7164441031988869576.dll
2016-09-09 01:15 - 2016-09-09 01:15 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows7171745392765772348.dll
2017-01-24 14:56 - 2017-01-24 14:56 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows7555492784459223562.dll
2017-03-09 06:38 - 2017-03-09 06:38 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows7601298757272123084.dll
2017-04-26 07:33 - 2017-04-26 07:33 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows779938085122457398.dll
2017-03-10 02:13 - 2017-03-10 02:13 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows8074892769347643507.dll
2017-04-26 07:08 - 2017-04-26 07:08 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows8148244771615273702.dll
2017-04-13 05:25 - 2017-04-13 05:25 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows8433640575966361519.dll
2017-04-12 06:47 - 2017-04-12 06:47 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows8546951208127882785.dll
2017-02-16 08:54 - 2017-02-16 08:54 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows8738165610506195784.dll
2016-09-26 00:29 - 2016-09-26 00:29 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows9015719396948528578.dll
2017-01-12 09:38 - 2017-01-12 09:38 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows961149347040939609.dll
2013-03-01 21:00 - 2013-03-01 21:00 - 000897448 _____ (Oracle Corporation) C:\Users\skokoff\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
2014-09-29 18:06 - 2014-09-29 18:06 - 000937896 _____ (Oracle Corporation) C:\Users\skokoff\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
 
==================== Known DLLs (Nicht auf der Ausnahmeliste) =========================
 
 
==================== Bamital & volsnap ======================
 
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 
C:\Windows\System32\winlogon.exe => MD5 ist legitim
C:\Windows\System32\wininit.exe => MD5 ist legitim
C:\Windows\SysWOW64\wininit.exe => MD5 ist legitim
C:\Windows\explorer.exe => MD5 ist legitim
C:\Windows\SysWOW64\explorer.exe => MD5 ist legitim
C:\Windows\System32\svchost.exe => MD5 ist legitim
C:\Windows\SysWOW64\svchost.exe => MD5 ist legitim
C:\Windows\System32\services.exe => MD5 ist legitim
C:\Windows\System32\User32.dll => MD5 ist legitim
C:\Windows\SysWOW64\User32.dll => MD5 ist legitim
C:\Windows\System32\userinit.exe => MD5 ist legitim
C:\Windows\SysWOW64\userinit.exe => MD5 ist legitim
C:\Windows\System32\rpcss.dll => MD5 ist legitim
C:\Windows\System32\dnsapi.dll => MD5 ist legitim
C:\Windows\SysWOW64\dnsapi.dll => MD5 ist legitim
C:\Windows\System32\Drivers\volsnap.sys => MD5 ist legitim
 
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============
 
 
==================== Wiederherstellungspunkte  =========================
 
Wiederherstellungspunkt Datum: 2017-10-08 18:01
Wiederherstellungspunkt Datum: 2017-11-16 03:04
 
==================== Speicherinformationen =========================== 
 
Prozentuale Nutzung des RAM: 11%
Installierter physikalischer RAM: 7912.68 MB
Verfügbarer physikalischer RAM: 7038.8 MB
Summe virtueller Speicher: 7910.88 MB
Verfügbarer virtueller Speicher: 7036.39 MB
 
==================== Laufwerke ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:320.56 GB) NTFS
Drive e: (GSP1RMCPRXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:28.64 GB) (Free:28.57 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
 
==================== MBR & Partitionstabelle ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 57BDBA0C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 28.6 GB) (Disk ID: 55CB739A)
Partition 1: (Not Active) - (Size=28.6 GB) - (Type=07 NTFS)
 
LastRegBack: 2017-11-10 09:33
 
==================== Ende von FRST.txt ============================

 

Thanks for reading,

René


Edited by hamluis, 17 November 2017 - 09:25 AM.
Moved from MRL to AII, PM sent OP - Hamluis.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:22 AM

Posted 17 November 2017 - 11:39 AM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)

Download the enclosed file. Save it in the same location FRS64 is saved. Open FRST and you did before. Click on the Fix button.

When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Restart to Normal Mode and let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 rwittmann

rwittmann
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 20 November 2017 - 02:16 AM

Thanks for helping me, I was kinda slow to reply as this is a work related issue and I wasn't in on the weekend.

After using the fixlist you provided the PC still wouldn't boot, FRST was launched in Recovery Mode with the CLI, the fixlog is attached below.
But what I've noticed is that the last few drivers the system loads before it hangs and proceeds to restart are "aswVmm.sys" and "aswRvrt.sys". 

 

 

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-11-2017
durchgeführt von SYSTEM (20-11-2017 08:06:16) Run:1
Gestartet von F:\
Start-Modus: Recovery
==============================================
 
fixlist Inhalt:
*****************
HKLM-x32\...\Run: [] => [X] 
S3 cpuz134; \??\C:\Users\SIERLI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ACHTUNG 
S2 HPSLPSVC; C:\Users\sierlinger\AppData\Local\Temp\7zS309D\hpslpsvc64.dll [1039360 2011-08-23] (Hewlett-Packard Co.) <==== ACHTUNG 
S3 cpuz134; \??\C:\Users\SIERLI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ACHTUNG 
2014-05-15 20:10 - 2014-05-15 20:10 - 001122384 ____N (CANON INC.) C:\Users\administrator\AppData\Local\Temp\MSETUP4.EXE 
2014-05-15 20:10 - 2014-05-15 20:10 - 001122384 ____N (CANON INC.) C:\Users\Administrator.PC_SIERLINGER\AppData\Local\Temp\MSETUP4.EXE 
2013-03-08 15:10 - 2013-03-08 15:10 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\10fvwautoupd.exe 
2013-03-21 13:06 - 2013-03-21 13:07 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\11fvwautoupd.exe 
2013-05-02 10:47 - 2013-05-02 10:47 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\12fvwautoupd.exe 
2013-05-17 12:29 - 2013-05-17 12:29 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\13fvwautoupd.exe 
2013-06-10 07:07 - 2013-06-10 07:07 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\14fvwautoupd.exe 
2013-06-12 08:38 - 2013-06-12 08:38 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\15fvwautoupd.exe 
2013-06-12 08:41 - 2013-06-12 08:41 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\16fvwautoupd.exe 
2013-08-09 10:32 - 2013-08-09 10:32 - 001925120 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\17fvwautoupd.exe 
2013-08-12 06:43 - 2013-08-12 06:43 - 001925120 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\18fvwautoupd.exe 
2013-08-22 07:24 - 2013-08-22 07:24 - 001925120 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\19fvwautoupd.exe 
2012-03-27 16:00 - 2012-03-27 16:00 - 001504096 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\1fvwautoupd.exe 
2013-08-22 08:58 - 2013-08-22 08:58 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\20fvwautoupd.exe 
2013-08-29 10:48 - 2013-08-29 10:48 - 001925120 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\21fvwautoupd.exe 
2013-10-17 08:29 - 2013-10-17 08:29 - 001925120 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\22fvwautoupd.exe 
2013-11-20 11:58 - 2013-11-20 11:58 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\23fvwautoupd.exe 
2014-04-23 10:23 - 2014-04-23 10:23 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\24fvwautoupd.exe 
2014-04-23 10:24 - 2014-04-23 10:24 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\25fvwautoupd.exe 
2014-04-23 13:09 - 2014-04-23 13:09 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\26fvwautoupd.exe 
2014-07-03 08:31 - 2014-07-03 08:31 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\27fvwautoupd.exe 
2014-07-03 08:32 - 2014-07-03 08:32 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\28fvwautoupd.exe 
2014-07-03 08:33 - 2014-07-03 08:33 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\29fvwautoupd.exe 
2012-07-02 13:28 - 2012-07-02 13:28 - 001504096 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\2fvwautoupd.exe 
2014-09-26 14:42 - 2014-09-26 14:42 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\30fvwautoupd.exe 
2014-10-27 14:19 - 2014-10-27 14:19 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\31fvwautoupd.exe 
2014-10-27 14:20 - 2014-10-27 14:20 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\32fvwautoupd.exe 
2014-11-24 13:57 - 2014-11-24 13:57 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\33fvwautoupd.exe 
2015-02-05 13:26 - 2015-02-05 13:26 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\34fvwautoupd.exe 
2015-02-05 13:28 - 2015-02-05 13:28 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\35fvwautoupd.exe 
2015-08-25 08:40 - 2015-08-25 08:41 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\36fvwautoupd.exe 
2015-08-25 09:26 - 2015-08-25 09:26 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\37fvwautoupd.exe 
2015-08-25 09:53 - 2015-08-25 09:53 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\38fvwautoupd.exe 
2015-08-27 07:25 - 2015-08-27 07:25 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\39fvwautoupd.exe 
2012-08-13 12:06 - 2012-08-13 12:06 - 001761280 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\3fvwautoupd.exe 
2015-08-27 07:25 - 2015-08-27 07:25 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\40fvwautoupd.exe 
2016-02-16 11:29 - 2016-02-16 11:29 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\41fvwautoupd.exe 
2016-04-04 09:31 - 2016-04-04 09:31 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\42fvwautoupd.exe 
2016-04-04 09:32 - 2016-04-04 09:32 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\43fvwautoupd.exe 
2016-04-06 09:47 - 2016-04-06 09:47 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\44fvwautoupd.exe 
2016-04-07 14:46 - 2016-04-07 14:46 - 000000000 _____ () C:\Users\sierlinger\AppData\Local\Temp\45fvwautoupd.exe 
2016-04-07 14:47 - 2016-04-07 14:47 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\46fvwautoupd.exe 
2017-03-16 16:17 - 2017-03-16 16:17 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\47fvwautoupd.exe 
2017-05-22 13:47 - 2017-05-22 13:48 - 002384600 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\48fvwautoupd.exe 
2012-08-30 14:45 - 2012-08-30 14:45 - 001761280 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\4fvwautoupd.exe 
2012-09-15 09:15 - 2012-09-15 09:15 - 001504096 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\5fvwautoupd.exe 
2012-09-15 09:28 - 2012-09-15 09:28 - 001504096 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\6fvwautoupd.exe 
2012-09-17 09:35 - 2012-09-17 09:35 - 001761280 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\7fvwautoupd.exe 
2013-01-11 13:36 - 2013-01-11 13:36 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\8fvwautoupd.exe 
2013-03-05 12:49 - 2013-03-05 12:49 - 001843200 _____ (Fastviewer.com) C:\Users\sierlinger\AppData\Local\Temp\9fvwautoupd.exe 
2013-10-21 04:47 - 2013-10-21 04:47 - 000510928 _____ (Ask Partner Network) C:\Users\sierlinger\AppData\Local\Temp\APNSetup.exe 
2012-09-14 14:01 - 2012-09-14 14:01 - 000005120 _____ (ALWIL Software) C:\Users\sierlinger\AppData\Local\Temp\aswV5Hlp.dll 
2013-01-17 12:44 - 2012-08-30 18:19 - 004327024 _____ (Foxit Corporation) C:\Users\sierlinger\AppData\Local\Temp\Foxit Updater.exe 
2012-05-07 11:22 - 2012-05-07 11:22 - 004139680 _____ (Adobe Systems Incorporated) C:\Users\sierlinger\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe 
2012-06-25 10:35 - 2012-06-25 10:35 - 000633104 _____ () C:\Users\sierlinger\AppData\Local\Temp\fvw_k[2188].exe 
2012-06-25 11:51 - 2012-06-25 11:51 - 000633104 _____ () C:\Users\sierlinger\AppData\Local\Temp\fvw_k[8540].exe 
2011-11-05 09:48 - 2011-11-05 09:48 - 002376368 _____ (Google Inc.) C:\Users\sierlinger\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe 
2011-09-01 09:39 - 2011-09-01 10:12 - 380301488 _____ () C:\Users\sierlinger\AppData\Local\Temp\HPInstaller.exe 
2011-11-14 22:08 - 2011-11-14 22:08 - 000909088 _____ (Sun Microsystems, Inc.) C:\Users\sierlinger\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe 
2012-08-29 13:07 - 2012-08-29 13:07 - 000908272 _____ (Sun Microsystems, Inc.) C:\Users\sierlinger\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe 
2012-10-26 16:05 - 2012-10-26 16:05 - 000912368 _____ (Sun Microsystems, Inc.) C:\Users\sierlinger\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe 
2013-02-16 06:00 - 2013-02-16 06:00 - 000897448 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe 
2013-03-01 21:00 - 2013-03-01 21:00 - 000897448 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe 
2013-04-05 15:44 - 2013-04-05 15:44 - 000904104 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe 
2013-06-22 02:58 - 2013-06-22 02:58 - 000903080 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe 
2013-10-08 19:27 - 2013-10-08 19:27 - 000915368 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe 
2014-04-15 21:50 - 2014-04-15 21:50 - 000921512 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe 
2014-09-29 18:06 - 2014-09-29 18:06 - 000937896 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe 
2017-01-18 06:32 - 2017-01-18 06:32 - 000739904 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u121-windows-au.exe 
2017-04-19 05:32 - 2017-04-19 05:32 - 000739904 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u131-windows-au.exe 
2017-07-30 13:27 - 2017-07-30 13:27 - 000740416 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u144-windows-au.exe 
2017-10-22 13:27 - 2017-10-22 13:27 - 001856576 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u151-windows-au.exe 
2015-03-04 09:57 - 2015-03-15 09:57 - 000561576 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u40-windows-au.exe 
2015-04-15 08:57 - 2015-04-15 08:57 - 000562088 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u45-windows-au.exe 
2015-10-21 10:14 - 2015-10-21 10:14 - 000585824 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u65-windows-au.exe 
2016-01-20 11:14 - 2016-01-20 11:14 - 000644704 _____ (Oracle Corporation) C:\Users\sierlinger\AppData\Local\Temp\jre-8u71-windows-au.exe 
2014-05-15 20:10 - 2014-05-15 20:10 - 001122384 ____N (CANON INC.) C:\Users\sierlinger\AppData\Local\Temp\MSETUP4.EXE 
2016-04-05 22:09 - 2016-04-05 22:09 - 000027136 _____ () C:\Users\sierlinger\AppData\Local\Temp\piecer.dll 
2017-09-01 11:25 - 2017-09-01 11:25 - 000043520 _____ () C:\Users\sierlinger\AppData\Local\Temp\proxy_vole5920777710392867692.dll 
2017-09-01 11:26 - 2017-09-01 11:26 - 000043520 ____N () C:\Users\sierlinger\AppData\Local\Temp\proxy_vole8939342035819460420.dll 
2015-06-05 05:08 - 2017-11-11 06:56 - 014280864 _____ (Reimage) C:\Users\sierlinger\AppData\Local\Temp\ReimagePackage.exe 
2016-09-01 10:00 - 2016-09-01 10:00 - 000603704 _____ (Reimage) C:\Users\sierlinger\AppData\Local\Temp\ReimageRepair.exe 
2016-10-30 09:08 - 2017-11-11 06:56 - 000605376 _____ (Reimage) C:\Users\sierlinger\AppData\Local\Temp\ReimageRepairTemp.exe 
2015-06-05 05:09 - 2015-06-05 05:09 - 000295912 _____ (Reimager) C:\Users\sierlinger\AppData\Local\Temp\ReiSysUpdate.exe 
2013-05-09 12:53 - 2013-05-09 12:53 - 008192280 _____ () C:\Users\sierlinger\AppData\Local\Temp\SmartbarExeInstaller.exe 
2017-02-09 03:29 - 2017-02-09 03:29 - 000695808 _____ () C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-268f6755-c3d2-4f35-9d43-9378b88a165d-sqlitejdbc.dll 
2017-03-23 00:05 - 2017-03-23 00:05 - 000695808 _____ () C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-288ddfd9-a511-4329-ae4d-4c4926c5f1f3-sqlitejdbc.dll 
2017-03-10 02:13 - 2017-03-10 02:13 - 000695808 _____ () C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-758b2d06-cf7a-4486-9f8c-ba75764b0022-sqlitejdbc.dll 
2017-02-20 04:34 - 2017-02-20 04:34 - 000695808 ____N () C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-aa24579c-6700-4f11-9710-56c1be5fb0c5-sqlitejdbc.dll 
2017-03-29 02:14 - 2017-03-29 02:14 - 000695808 _____ () C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-c097ede8-3c66-4018-92cc-5897f30d87a2-sqlitejdbc.dll 
2014-10-07 05:39 - 2014-10-07 05:39 - 000011264 _____ () C:\Users\sierlinger\AppData\Local\Temp\System.dll 
2011-08-03 14:23 - 2011-08-03 14:23 - 000828944 _____ (GlavSoft LLC.) C:\Users\sierlinger\AppData\Local\Temp\tvnserver.exe 
2013-06-12 08:42 - 2013-05-20 08:38 - 000395248 _____ (Babylon Ltd.) C:\Users\sierlinger\AppData\Local\Temp\uninst1.exe 
2017-01-12 09:38 - 2017-01-12 09:38 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows1035082910145211335.dll 
2017-04-03 07:27 - 2017-04-03 07:27 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows1163122409435896571.dll 
2016-08-11 10:54 - 2016-08-11 10:54 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows1183072880446115078.dll 
2017-02-09 03:29 - 2017-02-09 03:29 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows1331441442982658771.dll 
2016-10-31 10:44 - 2016-10-31 10:44 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows1494873060436198568.dll 
2017-03-30 09:49 - 2017-03-30 09:49 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows1534037975956945447.dll 
2017-01-24 14:56 - 2017-01-24 14:56 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows1573256777534885526.dll 
2017-03-15 08:10 - 2017-03-15 08:10 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows2056885976908481970.dll 
2017-01-05 00:41 - 2017-01-05 00:41 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows2381625360707533143.dll 
2016-10-31 10:44 - 2016-10-31 10:44 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows242757692969190949.dll 
2017-03-30 08:03 - 2017-03-30 08:03 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows2526246206827447720.dll 
2017-03-28 05:16 - 2017-03-28 05:16 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows2550451353301539763.dll 
2016-10-18 16:01 - 2016-10-18 16:01 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows277911315481704964.dll 
2017-03-15 06:01 - 2017-03-15 06:01 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows3299138123834174315.dll 
2017-02-20 04:34 - 2017-02-20 04:34 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows3455980230349914084.dll 
2017-01-29 09:16 - 2017-01-29 09:16 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows403288133830292052.dll 
2017-01-05 00:41 - 2017-01-05 00:41 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4234359817331048863.dll 
2017-04-03 07:54 - 2017-04-03 07:54 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4285214011182943549.dll 
2017-05-02 13:09 - 2017-05-02 13:09 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4379680405355328704.dll 
2016-09-26 00:29 - 2016-09-26 00:29 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4667221925445175609.dll 
2017-04-18 13:25 - 2017-04-18 13:25 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4689139944846814134.dll 
2017-01-22 07:50 - 2017-01-22 07:50 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4740323957681001641.dll 
2016-10-30 22:10 - 2016-10-30 22:10 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4791359857795620985.dll 
2017-05-11 05:18 - 2017-05-11 05:18 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows4997403067981077413.dll 
2017-03-23 00:05 - 2017-03-23 00:05 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows5108105454830893069.dll 
2016-08-17 15:39 - 2016-08-17 15:39 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows522636755138584827.dll 
2016-10-18 16:01 - 2016-10-18 16:01 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows5227622502502547906.dll 
2016-09-08 04:52 - 2016-09-08 04:52 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows5368409901493865842.dll 
2017-01-25 12:36 - 2017-01-25 12:36 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows5509762120597835916.dll 
2017-03-29 02:14 - 2017-03-29 02:14 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows6109937091314622049.dll 
2017-04-19 19:01 - 2017-04-19 19:01 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows6436127298633248271.dll 
2017-01-22 07:50 - 2017-01-22 07:50 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows6557521847518305292.dll 
2017-01-23 18:12 - 2017-01-23 18:12 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows7113266582806943326.dll 
2017-01-23 18:12 - 2017-01-23 18:12 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows7164441031988869576.dll 
2016-09-09 01:15 - 2016-09-09 01:15 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows7171745392765772348.dll 
2017-01-24 14:56 - 2017-01-24 14:56 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows7555492784459223562.dll 
2017-03-09 06:38 - 2017-03-09 06:38 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows7601298757272123084.dll 
2017-04-26 07:33 - 2017-04-26 07:33 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows779938085122457398.dll 
2017-03-10 02:13 - 2017-03-10 02:13 - 000039424 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows8074892769347643507.dll 
2017-04-26 07:08 - 2017-04-26 07:08 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows8148244771615273702.dll 
2017-04-13 05:25 - 2017-04-13 05:25 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows8433640575966361519.dll 
2017-04-12 06:47 - 2017-04-12 06:47 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows8546951208127882785.dll 
2017-02-16 08:54 - 2017-02-16 08:54 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows8738165610506195784.dll 
2016-09-26 00:29 - 2016-09-26 00:29 - 000046592 _____ () C:\Users\sierlinger\AppData\Local\Temp\Windows9015719396948528578.dll 
2017-01-12 09:38 - 2017-01-12 09:38 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows961149347040939609.dll 
2013-03-01 21:00 - 2013-03-01 21:00 - 000897448 _____ (Oracle Corporation) C:\Users\skokoff\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe 
2014-09-29 18:06 - 2014-09-29 18:06 - 000937896 _____ (Oracle Corporation) C:\Users\skokoff\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe 
2014-05-15 20:10 - 2014-05-15 20:10 - 001122384 ____N (CANON INC.) C:\Users\administrator\AppData\Local\Temp\MSETUP4.EXE 
2014-05-15 20:10 - 2014-05-15 20:10 - 001122384 ____N (CANON INC.) C:\Users\Administrator.PC_SIERLINGER\AppData\Local\Temp\MSETUP4.EXE 
2014-05-15 20:10 - 2014-05-15 20:10 - 001122384 ____N (CANON INC.) C:\Users\sierlinger\AppData\Local\Temp\MSETUP4.EXE 
2017-09-01 11:26 - 2017-09-01 11:26 - 000043520 ____N () C:\Users\sierlinger\AppData\Local\Temp\proxy_vole8939342035819460420.dll 
2017-02-20 04:34 - 2017-02-20 04:34 - 000695808 ____N () C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-aa24579c-6700-4f11-9710-56c1be5fb0c5-sqlitejdbc.dll 
2017-01-12 09:38 - 2017-01-12 09:38 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows1035082910145211335.dll 
2017-01-24 14:56 - 2017-01-24 14:56 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows1573256777534885526.dll 
2016-10-18 16:01 - 2016-10-18 16:01 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows277911315481704964.dll 
2016-10-18 16:01 - 2016-10-18 16:01 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows5227622502502547906.dll 
2017-01-23 18:12 - 2017-01-23 18:12 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows7113266582806943326.dll 
2017-01-23 18:12 - 2017-01-23 18:12 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows7164441031988869576.dll 
2017-01-24 14:56 - 2017-01-24 14:56 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows7555492784459223562.dll 
2017-04-26 07:33 - 2017-04-26 07:33 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows779938085122457398.dll 
2017-02-16 08:54 - 2017-02-16 08:54 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows8738165610506195784.dll 
2017-01-12 09:38 - 2017-01-12 09:38 - 000046592 ____N () C:\Users\sierlinger\AppData\Local\Temp\Windows961149347040939609.dll 
IFEO\acs.exe: [Debugger] svchost.exe 
IFEO\AdAwareDesktop.exe: [Debugger] svchost.exe 
IFEO\AdAwareService.exe: [Debugger] svchost.exe 
IFEO\AdAwareTray.exe: [Debugger] svchost.exe 
IFEO\AgentSvc.exe: [Debugger] svchost.exe 
IFEO\AVK.exe: [Debugger] svchost.exe 
IFEO\AVKProxy.exe: [Debugger] svchost.exe 
IFEO\AVKService.exe: [Debugger] svchost.exe 
IFEO\AVKTray.exe: [Debugger] svchost.exe 
IFEO\AVKWCtlx64.exe: [Debugger] svchost.exe 
IFEO\avpmapp.exe: [Debugger] svchost.exe 
IFEO\av_task.exe: [Debugger] svchost.exe 
IFEO\Bav.exe: [Debugger] svchost.exe 
IFEO\bavhm.exe: [Debugger] svchost.exe 
IFEO\BavSvc.exe: [Debugger] svchost.exe 
IFEO\BavTray.exe: [Debugger] svchost.exe 
IFEO\BavUpdater.exe: [Debugger] svchost.exe 
IFEO\BavWebClient.exe: [Debugger] svchost.exe 
IFEO\BDSSVC.EXE: [Debugger] svchost.exe 
IFEO\BgScan.exe: [Debugger] svchost.exe 
IFEO\BullGuard.exe: [Debugger] svchost.exe 
IFEO\BullGuardBhvScanner.exe: [Debugger] svchost.exe 
IFEO\BullGuardUpdate.exe: [Debugger] svchost.exe 
IFEO\BullGuarScanner.exe: [Debugger] svchost.exe 
IFEO\capinfos.exe: [Debugger] svchost.exe 
IFEO\cavwp.exe: [Debugger] svchost.exe 
IFEO\CertReg.exe: [Debugger] svchost.exe 
IFEO\cis.exe: [Debugger] svchost.exe 
IFEO\CisTray.exe: [Debugger] svchost.exe 
IFEO\clamscan.exe: [Debugger] svchost.exe 
IFEO\ClamTray.exe: [Debugger] svchost.exe 
IFEO\ClamWin.exe: [Debugger] svchost.exe 
IFEO\cmdagent.exe: [Debugger] svchost.exe 
IFEO\ConfigSecurityPolicy.exe: [Debugger] svchost.exe 
IFEO\CONSCTLX.EXE: [Debugger] svchost.exe 
IFEO\coreFrameworkHost.exe: [Debugger] svchost.exe 
IFEO\coreServiceShell.exe: [Debugger] svchost.exe 
IFEO\dragon_updater.exe: [Debugger] svchost.exe 
IFEO\dumpcap.exe: [Debugger] svchost.exe 
IFEO\econceal.exe: [Debugger] svchost.exe 
IFEO\econser.exe: [Debugger] svchost.exe 
IFEO\editcap.exe: [Debugger] svchost.exe 
IFEO\EMLPROXY.EXE: [Debugger] svchost.exe 
IFEO\escanmon.exe: [Debugger] svchost.exe 
IFEO\escanpro.exe: [Debugger] svchost.exe 
IFEO\fcappdb.exe: [Debugger] svchost.exe 
IFEO\FCDBlog.exe: [Debugger] svchost.exe 
IFEO\FCHelper64.exe: [Debugger] svchost.exe 
IFEO\FilMsg.exe: [Debugger] svchost.exe 
IFEO\FilUp.exe: [Debugger] svchost.exe 
IFEO\filwscc.exe: [Debugger] svchost.exe 
IFEO\fmon.exe: [Debugger] svchost.exe 
IFEO\FortiClient.exe: [Debugger] svchost.exe 
IFEO\FortiClient_Diagnostic_Tool.exe: [Debugger] svchost.exe 
IFEO\FortiESNAC.exe: [Debugger] svchost.exe 
IFEO\FortiFW.exe: [Debugger] svchost.exe 
IFEO\FortiProxy.exe: [Debugger] svchost.exe 
IFEO\FortiSSLVPNdaemon.exe: [Debugger] svchost.exe 
IFEO\FortiTray.exe: [Debugger] svchost.exe 
IFEO\FPAVServer.exe: [Debugger] svchost.exe 
IFEO\FProtTray.exe: [Debugger] svchost.exe 
IFEO\FPWin.exe: [Debugger] svchost.exe 
IFEO\freshclam.exe: [Debugger] svchost.exe 
IFEO\freshclamwrap.exe: [Debugger] svchost.exe 
IFEO\fsgk32.exe: [Debugger] svchost.exe 
IFEO\FSHDLL64.exe: [Debugger] svchost.exe 
IFEO\fshoster32.exe: [Debugger] svchost.exe 
IFEO\FSM32.EXE: [Debugger] svchost.exe 
IFEO\FSMA32.EXE: [Debugger] svchost.exe 
IFEO\fsorsp.exe: [Debugger] svchost.exe 
IFEO\fssm32.exe: [Debugger] svchost.exe 
IFEO\GdBgInx64.exe: [Debugger] svchost.exe 
IFEO\GDKBFltExe32.exe: [Debugger] svchost.exe 
IFEO\GDSC.exe: [Debugger] svchost.exe 
IFEO\GDScan.exe: [Debugger] svchost.exe 
IFEO\guardxkickoff_x64.exe: [Debugger] svchost.exe 
IFEO\guardxservice.exe: [Debugger] svchost.exe 
IFEO\iptray.exe: [Debugger] svchost.exe 
IFEO\K7AVScan.exe: [Debugger] svchost.exe 
IFEO\K7CrvSvc.exe: [Debugger] svchost.exe 
IFEO\K7EmlPxy.EXE: [Debugger] svchost.exe 
IFEO\K7FWSrvc.exe: [Debugger] svchost.exe 
IFEO\K7PSSrvc.exe: [Debugger] svchost.exe 
IFEO\K7RTScan.exe: [Debugger] svchost.exe 
IFEO\K7SysMon.Exe: [Debugger] svchost.exe 
IFEO\K7TSecurity.exe: [Debugger] svchost.exe 
IFEO\K7TSMain.exe: [Debugger] svchost.exe 
IFEO\K7TSMngr.exe: [Debugger] svchost.exe 
IFEO\LittleHook.exe: [Debugger] svchost.exe 
IFEO\mbam.exe: [Debugger] svchost.exe 
IFEO\mbamscheduler.exe: [Debugger] svchost.exe 
IFEO\mbamservice.exe: [Debugger] svchost.exe 
IFEO\MCS-Uninstall.exe: [Debugger] svchost.exe 
IFEO\MCShieldCCC.exe: [Debugger] svchost.exe 
IFEO\MCShieldDS.exe: [Debugger] svchost.exe 
IFEO\MCShieldRTM.exe: [Debugger] svchost.exe 
IFEO\mergecap.exe: [Debugger] svchost.exe 
IFEO\MpCmdRun.exe: [Debugger] svchost.exe 
IFEO\MpUXSrv.exe: [Debugger] svchost.exe 
IFEO\MSASCui.exe: [Debugger] svchost.exe 
IFEO\MsMpEng.exe: [Debugger] svchost.exe 
IFEO\MWAGENT.EXE: [Debugger] svchost.exe 
IFEO\MWASER.EXE: [Debugger] svchost.exe 
IFEO\nanoav.exe: [Debugger] svchost.exe 
IFEO\nanosvc.exe: [Debugger] svchost.exe 
IFEO\nbrowser.exe: [Debugger] svchost.exe 
IFEO\nfservice.exe: [Debugger] svchost.exe 
IFEO\NisSrv.exe: [Debugger] svchost.exe 
IFEO\njeeves2.exe: [Debugger] svchost.exe 
IFEO\nnf.exe: [Debugger] svchost.exe 
IFEO\nprosec.exe: [Debugger] svchost.exe 
IFEO\NS.exe: [Debugger] svchost.exe 
IFEO\nseupdatesvc.exe: [Debugger] svchost.exe 
IFEO\nvcod.exe: [Debugger] svchost.exe 
IFEO\nvcsvc.exe: [Debugger] svchost.exe 
IFEO\nvoy.exe: [Debugger] svchost.exe 
IFEO\nwscmon.exe: [Debugger] svchost.exe 
IFEO\ONLINENT.EXE: [Debugger] svchost.exe 
IFEO\OPSSVC.EXE: [Debugger] svchost.exe 
IFEO\op_mon.exe: [Debugger] svchost.exe 
IFEO\ProcessHacker.exe: [Debugger] svchost.exe 
IFEO\procexp.exe: [Debugger] svchost.exe 
IFEO\PSANHost.exe: [Debugger] svchost.exe 
IFEO\PSUAMain.exe: [Debugger] svchost.exe 
IFEO\PSUAService.exe: [Debugger] svchost.exe 
IFEO\psview.exe: [Debugger] svchost.exe 
IFEO\PtSessionAgent.exe: [Debugger] svchost.exe 
IFEO\PtSvcHost.exe: [Debugger] svchost.exe 
IFEO\PtWatchDog.exe: [Debugger] svchost.exe 
IFEO\quamgr.exe: [Debugger] svchost.exe 
IFEO\QUHLPSVC.EXE: [Debugger] svchost.exe 
IFEO\rawshark.exe: [Debugger] svchost.exe 
IFEO\SAPISSVC.EXE: [Debugger] svchost.exe 
IFEO\SASCore64.exe: [Debugger] svchost.exe 
IFEO\SASTask.exe: [Debugger] svchost.exe 
IFEO\SBAMSvc.exe: [Debugger] svchost.exe 
IFEO\SBAMTray.exe: [Debugger] svchost.exe 
IFEO\SBPIMSvc.exe: [Debugger] svchost.exe 
IFEO\SCANNER.EXE: [Debugger] svchost.exe 
IFEO\SCANWSCS.EXE: [Debugger] svchost.exe 
IFEO\schmgr.exe: [Debugger] svchost.exe 
IFEO\scproxysrv.exe: [Debugger] svchost.exe 
IFEO\ScSecSvc.exe: [Debugger] svchost.exe 
IFEO\SDFSSvc.exe: [Debugger] svchost.exe 
IFEO\SDScan.exe: [Debugger] svchost.exe 
IFEO\SDTray.exe: [Debugger] svchost.exe 
IFEO\SDWelcome.exe: [Debugger] svchost.exe 
IFEO\SSUpdate64.exe: [Debugger] svchost.exe 
IFEO\SUPERAntiSpyware.exe: [Debugger] svchost.exe 
IFEO\SUPERDelete.exe: [Debugger] svchost.exe 
IFEO\Taskmgr.exe: [Debugger] svchost.exe 
IFEO\text2pcap.exe: [Debugger] svchost.exe 
IFEO\TRAYICOS.EXE: [Debugger] svchost.exe 
IFEO\TRAYSSER.EXE: [Debugger] svchost.exe 
IFEO\trigger.exe: [Debugger] svchost.exe 
IFEO\tshark.exe: [Debugger] svchost.exe 
IFEO\twsscan.exe: [Debugger] svchost.exe 
IFEO\twssrv.exe: [Debugger] svchost.exe 
IFEO\uiSeAgnt.exe: [Debugger] svchost.exe 
IFEO\uiUpdateTray.exe: [Debugger] svchost.exe 
IFEO\uiWatchDog.exe: [Debugger] svchost.exe 
IFEO\uiWinMgr.exe: [Debugger] svchost.exe 
IFEO\UnThreat.exe: [Debugger] svchost.exe 
IFEO\UserAccountControlSettings.exe: [Debugger] svchost.exe 
IFEO\UserReg.exe: [Debugger] svchost.exe 
IFEO\utsvc.exe: [Debugger] svchost.exe 
IFEO\V3Main.exe: [Debugger] svchost.exe 
IFEO\V3Medic.exe: [Debugger] svchost.exe 
IFEO\V3Proxy.exe: [Debugger] svchost.exe 
IFEO\V3SP.exe: [Debugger] svchost.exe 
IFEO\V3Svc.exe: [Debugger] svchost.exe 
IFEO\V3Up.exe: [Debugger] svchost.exe 
IFEO\VIEWTCP.EXE: [Debugger] svchost.exe 
IFEO\VIPREUI.exe: [Debugger] svchost.exe 
IFEO\virusutilities.exe: [Debugger] svchost.exe 
IFEO\WebCompanion.exe: [Debugger] svchost.exe 
IFEO\wireshark.exe: [Debugger] svchost.exe 
IFEO\Zanda.exe: [Debugger] svchost.exe 
IFEO\Zlh.exe: [Debugger] svchost.exe 
IFEO\zlhh.exe: [Debugger] svchost.exe 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKLM\System\ControlSet001\Services\cpuz134 => Schlüssel erfolgreich entfernt
cpuz134 => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\HPSLPSVC => Schlüssel erfolgreich entfernt
HPSLPSVC => Dienst erfolgreich entfernt
cpuz134 => Dienst nicht gefunden.
C:\Users\administrator\AppData\Local\Temp\MSETUP4.EXE => erfolgreich verschoben
C:\Users\Administrator.PC_SIERLINGER\AppData\Local\Temp\MSETUP4.EXE => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\10fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\11fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\12fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\13fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\14fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\15fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\16fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\17fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\18fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\19fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\1fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\20fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\21fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\22fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\23fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\24fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\25fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\26fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\27fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\28fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\29fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\2fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\30fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\31fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\32fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\33fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\34fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\35fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\36fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\37fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\38fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\39fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\3fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\40fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\41fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\42fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\43fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\44fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\45fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\46fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\47fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\48fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\4fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\5fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\6fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\7fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\8fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\9fvwautoupd.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\APNSetup.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\aswV5Hlp.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Foxit Updater.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\fvw_k[2188].exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\fvw_k[8540].exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\HPInstaller.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-8u121-windows-au.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-8u131-windows-au.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-8u144-windows-au.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-8u151-windows-au.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-8u40-windows-au.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-8u45-windows-au.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-8u65-windows-au.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\jre-8u71-windows-au.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\MSETUP4.EXE => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\piecer.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\proxy_vole5920777710392867692.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\proxy_vole8939342035819460420.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\ReimagePackage.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\ReimageRepair.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\ReimageRepairTemp.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\ReiSysUpdate.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\SmartbarExeInstaller.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-268f6755-c3d2-4f35-9d43-9378b88a165d-sqlitejdbc.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-288ddfd9-a511-4329-ae4d-4c4926c5f1f3-sqlitejdbc.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-758b2d06-cf7a-4486-9f8c-ba75764b0022-sqlitejdbc.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-aa24579c-6700-4f11-9710-56c1be5fb0c5-sqlitejdbc.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-c097ede8-3c66-4018-92cc-5897f30d87a2-sqlitejdbc.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\System.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\tvnserver.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\uninst1.exe => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows1035082910145211335.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows1163122409435896571.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows1183072880446115078.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows1331441442982658771.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows1494873060436198568.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows1534037975956945447.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows1573256777534885526.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows2056885976908481970.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows2381625360707533143.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows242757692969190949.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows2526246206827447720.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows2550451353301539763.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows277911315481704964.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows3299138123834174315.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows3455980230349914084.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows403288133830292052.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows4234359817331048863.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows4285214011182943549.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows4379680405355328704.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows4667221925445175609.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows4689139944846814134.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows4740323957681001641.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows4791359857795620985.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows4997403067981077413.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows5108105454830893069.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows522636755138584827.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows5227622502502547906.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows5368409901493865842.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows5509762120597835916.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows6109937091314622049.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows6436127298633248271.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows6557521847518305292.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows7113266582806943326.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows7164441031988869576.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows7171745392765772348.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows7555492784459223562.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows7601298757272123084.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows779938085122457398.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows8074892769347643507.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows8148244771615273702.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows8433640575966361519.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows8546951208127882785.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows8738165610506195784.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows9015719396948528578.dll => erfolgreich verschoben
C:\Users\sierlinger\AppData\Local\Temp\Windows961149347040939609.dll => erfolgreich verschoben
C:\Users\skokoff\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => erfolgreich verschoben
C:\Users\skokoff\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => erfolgreich verschoben
"C:\Users\administrator\AppData\Local\Temp\MSETUP4.EXE" => nicht gefunden.
"C:\Users\Administrator.PC_SIERLINGER\AppData\Local\Temp\MSETUP4.EXE" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\MSETUP4.EXE" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\proxy_vole8939342035819460420.dll" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\sqlite-3.8.11.2-aa24579c-6700-4f11-9710-56c1be5fb0c5-sqlitejdbc.dll" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\Windows1035082910145211335.dll" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\Windows1573256777534885526.dll" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\Windows277911315481704964.dll" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\Windows5227622502502547906.dll" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\Windows7113266582806943326.dll" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\Windows7164441031988869576.dll" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\Windows7555492784459223562.dll" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\Windows779938085122457398.dll" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\Windows8738165610506195784.dll" => nicht gefunden.
"C:\Users\sierlinger\AppData\Local\Temp\Windows961149347040939609.dll" => nicht gefunden.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\acs.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareDesktop.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareService.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareTray.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AgentSvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVK.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKProxy.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKService.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKTray.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKWCtlx64.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avpmapp.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\av_task.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Bav.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bavhm.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavSvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavTray.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavUpdater.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavWebClient.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BDSSVC.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BgScan.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuard.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuardBhvScanner.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuardUpdate.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuarScanner.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\capinfos.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cavwp.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CertReg.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cis.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CisTray.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\clamscan.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ClamTray.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ClamWin.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ConfigSecurityPolicy.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CONSCTLX.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coreFrameworkHost.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coreServiceShell.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dragon_updater.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dumpcap.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\econceal.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\econser.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\editcap.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EMLPROXY.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\escanmon.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\escanpro.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fcappdb.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FCDBlog.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FCHelper64.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FilMsg.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FilUp.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\filwscc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fmon.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiClient.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiClient_Diagnostic_Tool.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiESNAC.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiFW.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiProxy.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiSSLVPNdaemon.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiTray.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FPAVServer.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FProtTray.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FPWin.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\freshclam.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\freshclamwrap.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSHDLL64.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fshoster32.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSM32.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSMA32.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fsorsp.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fssm32.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GdBgInx64.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDKBFltExe32.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDSC.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDScan.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\guardxkickoff_x64.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\guardxservice.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iptray.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7AVScan.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7CrvSvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7EmlPxy.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7FWSrvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7PSSrvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7RTScan.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7SysMon.Exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSecurity.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSMain.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSMngr.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LittleHook.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCS-Uninstall.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldCCC.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldDS.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldRTM.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mergecap.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpUXSrv.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MWAGENT.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MWASER.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nanoav.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nanosvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nbrowser.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nfservice.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NisSrv.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\njeeves2.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nnf.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nprosec.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NS.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nseupdatesvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvcod.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvcsvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvoy.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nwscmon.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ONLINENT.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OPSSVC.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\op_mon.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProcessHacker.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\procexp.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSUAMain.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSUAService.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\psview.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtSessionAgent.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtSvcHost.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtWatchDog.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\quamgr.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\QUHLPSVC.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rawshark.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SAPISSVC.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SASCore64.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SASTask.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBAMSvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBAMTray.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBPIMSvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SCANNER.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SCANWSCS.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\schmgr.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\scproxysrv.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ScSecSvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFSSvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDScan.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDTray.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWelcome.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SSUpdate64.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SUPERAntiSpyware.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SUPERDelete.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Taskmgr.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\text2pcap.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TRAYICOS.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TRAYSSER.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\trigger.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tshark.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\twsscan.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\twssrv.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiSeAgnt.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiUpdateTray.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiWatchDog.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiWinMgr.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UnThreat.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UserAccountControlSettings.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UserReg.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utsvc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Main.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Medic.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Proxy.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3SP.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Svc.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Up.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VIEWTCP.EXE => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VIPREUI.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\virusutilities.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WebCompanion.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Zanda.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Zlh.exe => Schlüssel erfolgreich entfernt
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlhh.exe => Schlüssel erfolgreich entfernt
 
==== Ende von Fixlog 08:06:20 ====


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:22 AM

Posted 20 November 2017 - 01:50 PM

Lets remove the entries from AVAST.

 

Download the enclosed file.  Save it in the same location FRS64 is saved. Open FRST and you did before. Click on the Fix button.

When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Restart to Normal Mode and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 rwittmann

rwittmann
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 21 November 2017 - 09:45 AM

Enries were correctly removed, the system no longer hangs at the avast .sys entries but on "classpnp.sys"

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-11-2017
durchgeführt von SYSTEM (21-11-2017 15:36:42) Run:2
Gestartet von F:\
Start-Modus: Recovery
==============================================
 
fixlist Inhalt:
*****************
S0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [32096 2016-10-24] (Avast Software s.r.o.)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90344 2016-10-24] (Avast Software s.r.o.)
S0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-04-23] (ALWIL Software)
S0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [337536 2016-10-24] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [80376 2016-10-24] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74680 2016-10-24] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1053392 2016-10-24] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [441944 2016-10-24] (Avast Software s.r.o.)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [78264 2016-10-24] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292840 2016-10-24] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [54344 2016-10-24] (Avast Software s.r.o.)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast Business\afwServ.exe [142704 2016-10-24] (Avast Software s.r.o.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast Business\avastUI.exe [4770952 2016-10-24] (Avast Software s.r.o.)
 
*****************
 
HKLM\System\ControlSet001\Services\aswKbd => Schlüssel erfolgreich entfernt
aswKbd => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\aswMonFlt => Schlüssel erfolgreich entfernt
aswMonFlt => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\aswNdis => Schlüssel erfolgreich entfernt
aswNdis => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\aswNdis2 => Schlüssel erfolgreich entfernt
aswNdis2 => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\aswRdr => Schlüssel erfolgreich entfernt
aswRdr => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\aswRvrt => Schlüssel erfolgreich entfernt
aswRvrt => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\aswSnx => Schlüssel erfolgreich entfernt
aswSnx => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\aswSP => Schlüssel erfolgreich entfernt
aswSP => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\aswTdi => Schlüssel erfolgreich entfernt
aswTdi => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\aswVmm => Schlüssel erfolgreich entfernt
aswVmm => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\avast! Antivirus => Schlüssel erfolgreich entfernt
avast! Antivirus => Dienst erfolgreich entfernt
HKLM\System\ControlSet001\Services\avast! Firewall => Schlüssel erfolgreich entfernt
avast! Firewall => Dienst erfolgreich entfernt
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\avast => Wert erfolgreich entfernt
 
==== Ende von Fixlog 15:36:43 ====


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:22 AM

Posted 21 November 2017 - 02:49 PM

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

classpnp.sys

It then should look like:

Search: classpnp.sys

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.


Please also re-scan with FRST and post a fresh FRST.txt.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 rwittmann

rwittmann
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 22 November 2017 - 02:27 AM

I did as you told, both files are attached to this post (Finally found out why it wouldn't post the original log, should've attached it...). Anyway, do you prefer the logs attached as separate files or just pasted in the post itself?

 

Search.txt: Attached File  Search.txt   1013bytes   4 downloads

FRST.txt: Attached File  FRST.txt   42.69KB   6 downloads

 

Many thanks,

René



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:22 AM

Posted 22 November 2017 - 02:46 PM

The classpnp.sys file is legit and does not appear as corrupted, so that is not the reason. There a registry hive, 888, wonder what is it.

 

Download the enclosed file.   Save it in the same location FRS64 is saved. Open FRST and you did before. Click on the Fix button.

When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Restart to Normal Mode and let me know the outcome. If normal mode is not possible, try safe mode and let me know the outcome. Please post the actual error message.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 rwittmann

rwittmann
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 24 November 2017 - 03:21 AM

Sorry for being a bit late to reply, had a bit of a stressful day. The PC now boots, but it doesn't accept any keyboard input in the loginwindow (CTRL-ALT-DEL). The mouse still works and when trying to use the onscreen keyboard the Windows provides it also won't accept the input. Attached is the Fixlog.txt and a new FRST Scan

 

Fixlog.txt: Attached File  Fixlog.txt   1020bytes   5 downloads

FRST.txt: Attached File  FRST.txt   40.87KB   6 downloads



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:22 AM

Posted 24 November 2017 - 01:03 PM

That means you cannot type your password to logon.

 

Download the enclosed file. Save it in the same location FRS64 is saved. Open FRST and you did before. Click on the Fix button.

When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

Re-start the computer in Normal Mode. Since you cannot type in, click on the easy access icon. A command prompt window will pupup. See if you can type in the command prompt window. If you do, type devmgmt.msc and press Enter.  The Device Manager will be displayed.  Scroll down to keyboard and expand the Keyboard option. Right click on all devices thereunder one by one and click on Properties => Driver =>Update Driver. Once finished, close all windows and restart the computer.

 

Let me know the outcome.

 

Another option:

 

Click on the easy access icon. At the prompt type Net User Administrator Active:Yes.

 

Close all windows and restart the computer. Logon to the Administrator Account. Once at the desktop, click on Start and type recovery. Enter the Recovery Manager and recover only the drivers to your keyboard. Once done restart and check on your account.

 

Let me know the outcome.


Edited by JSntgRvr, 24 November 2017 - 07:02 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 rwittmann

rwittmann
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 27 November 2017 - 03:59 AM

Ok applying that fixlist added the command prompt, but I'm unable to type in the command prompt.

 

Attached again is the fixlog

Attached File  Fixlog.txt   2.34KB   4 downloads



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:22 AM

Posted 27 November 2017 - 12:53 PM

Reach WinRE and scan with FRST. Post a new log.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 rwittmann

rwittmann
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 28 November 2017 - 09:32 AM

The scan finished with the following results -> Attached File  FRST.txt   39.91KB   4 downloads



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:22 AM

Posted 28 November 2017 - 12:52 PM

Download the attached file and save it in the same directory FRST64 is saved. (Gestartet von F:\)

  • Start FRST64 as you did before.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

Retry booting in Normal Mode.
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:22 AM

Posted 28 November 2017 - 12:56 PM

If you are unable to boot in Normal Mode, follow these steps:

Please download  Listparts to a flash drive.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flashdrive into the infected PC.

From an Off position in the computer, enter the System Recovery Options.

To enter the System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on  Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Put check mark on List BCD.
  • Press Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users