| |
| |||||||
Log-Analyse und Auswertung: Diverse Trojaner, Windows 8.1 ProWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.11.2016, 22:26
| #1 |
 |  Diverse Trojaner, Windows 8.1 Pro Guten Abend zusammen Mein Sohnemann hat sich beklagt, sein Laptop (Windows 8.1 Pro, 64 bit) verbinde sich zwar mit unserem WLAN, aber er bekomme keine Internet-Verbindung mehr hin. Der Diagnoserichtliniendienst konnte nicht mehr ausgeführt werden, also habe ich Malwarebytes auf meinem Rechner heruntergeladen und auf dem Laptop meines Sohns ausgeführt. Die Diagnose ergab folgendes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 02.11.2016 Suchlaufzeit: 20:59 Protokolldatei: mbamlog1st.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.02.16.06 Rootkit-Datenbank: v2016.02.08.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Andri1 Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 439204 Abgelaufene Zeit: 13 Min., 44 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, In Quarantäne, [2c3a0d548712092d6a57748413f0ed13], Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 6 PUP.Optional.GlobalUpdate, C:\Users\Andri1\AppData\Local\Temp\comh.127512, In Quarantäne, [aabc2839970278be1e49fed6cc36f30d], PUP.Optional.GlobalUpdate, C:\Users\Andri1\AppData\Local\Temp\comh.449295, In Quarantäne, [90d68cd5dfba3006f275c4107092857b], PUP.Optional.GlobalUpdate, C:\Users\Andri1\AppData\Local\Temp\comh.459633, In Quarantäne, [3b2b025fb1e8db5b68ffb420a45e9967], PUP.Optional.CrossAd.Gen, C:\Users\Andri1\AppData\Local\Diner Plugin\Component, In Quarantäne, [5e08c1a02673e15515b5ea254db8d030], PUP.Optional.CrossAd.Gen, C:\Users\Andri1\AppData\Local\Diner Plugin, In Quarantäne, [5e08c1a02673e15515b5ea254db8d030], PUP.Optional.CrossAd.Gen, C:\Users\Andri1\AppData\Local\Diner Plugin\xBin, In Quarantäne, [5e08c1a02673e15515b5ea254db8d030], Dateien: 55 PUP.Optional.CrossRider, C:\Program Files (x86)\Apple Software Update\ca373d01-2b6e-4153-b669-af6ed8d41ee2.dll, In Quarantäne, [f6709ec39affe0564e5cf53f2ad79967], PUP.Optional.Nova, C:\Program Files (x86)\Apple Software Update\d047f1f7-6aa5-476f-80c8-76b57b68081c.dll, In Quarantäne, [82e4550ca2f72f0769cff5460cf52cd4], PUP.Optional.CrossRider, C:\Program Files (x86)\ca373d01-2b6e-4153-b669-af6ed8d41ee2\872234c1-b629-4ca0-819f-fd4754c27ee0.dll, In Quarantäne, [95d17ce5415876c0317985afa75af10f], PUP.Optional.Nova, C:\Program Files (x86)\ca373d01-2b6e-4153-b669-af6ed8d41ee2\cafe4609-e3eb-45ad-98d6-32ea4578a186.dll, In Quarantäne, [ed797de4663301352810ce6dc23f12ee], PUP.Optional.Bundler, C:\Users\Andri1\AppData\Local\Temp\fsd9D33.exe, In Quarantäne, [e18577eaf9a026101bf9a38dd729cd33], PUP.Optional.ShopperPro, C:\Users\Andri1\AppData\Local\Temp\ShopperProJSINJFull.exe, In Quarantäne, [5b0ba1c017820d29e29d80bcd62ba759], PUP.Optional.CheckOffer, C:\Users\Andri1\AppData\Local\Temp\nsfEF6F.tmp, In Quarantäne, [f373b8a93a5f8bab22fb779b8879c33d], PUP.Optional.ConvertAd, C:\Users\Andri1\AppData\Local\Temp\nsjF262.tmp, In Quarantäne, [88deff62cdcc51e5a1e1785e7d840af6], PUP.Optional.ConvertAd, C:\Users\Andri1\AppData\Local\Temp\nsv8B97.tmp, In Quarantäne, [f86e5b066039082ef870d9f39e66857b], PUP.Optional.PreInstaller, C:\Users\Andri1\AppData\Local\Temp\nsx909F.tmp, In Quarantäne, [c89e9fc27e1b65d1566ba09b8c7556aa], Trojan.Downloader.Generic, C:\Users\Andri1\AppData\Local\Temp\nsy1622.tmp, In Quarantäne, [66004e13ecad82b47dc65475d62bb947], PUP.Optional.WebNotifier, C:\Users\Andri1\AppData\Local\Temp\wk2_9S8CHU59dLye.tmp, In Quarantäne, [76f03c256633ab8b76bc2da02cd5a858], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.127512\globalupdate.exe, In Quarantäne, [32341c45168394a2e1bd27da4db4738d], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.127512\globalupdateBroker.exe, In Quarantäne, [0066233ebcdd989e336bfe030ff2dd23], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.127512\globalupdateCrashHandler.exe, In Quarantäne, [174fa5bc2178e1553569a55cba47fc04], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.127512\globalupdateOnDemand.exe, In Quarantäne, [69fdb0b19cfda3937d21867b20e1b848], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.127512\goopdate.dll, In Quarantäne, [7fe786db6930dc5a029c1de48d74f50b], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.127512\goopdateres_en.dll, In Quarantäne, [194d3f22e6b34bebc1dd699837cae917], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.127512\npglobalupdateUpdate4.dll, In Quarantäne, [d78fd48d7227d95d910d8f729b66817f], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.127512\psmachine.dll, In Quarantäne, [2640e57c2e6b50e6e5b94fb225dc10f0], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.127512\psuser.dll, In Quarantäne, [2e386bf63267d561009e22df07fadc24], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.449295\globalupdate.exe, In Quarantäne, [2541ef724d4c3ff7792551b09e6307f9], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.449295\globalupdateBroker.exe, In Quarantäne, [590df76a2d6cf244a2fc34cd6f922ed2], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.449295\globalupdateCrashHandler.exe, In Quarantäne, [2244c99885147bbbe3bbd52c78893fc1], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.449295\globalupdateOnDemand.exe, In Quarantäne, [e77f68f9dfba1620940a90711be639c7], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.449295\goopdate.dll, In Quarantäne, [471f303138611a1c4a54bc4503fe659b], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.449295\goopdateres_en.dll, In Quarantäne, [78ee84dd9108da5cb8e6b64b9d64b14f], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.449295\npglobalupdateUpdate4.dll, In Quarantäne, [eb7bc39eddbc88ae2a742cd523dee51b], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.449295\psmachine.dll, In Quarantäne, [c79f70f19cfde45248563fc248b945bb], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.449295\psuser.dll, In Quarantäne, [1254ee73d1c8280e930b3bc600015da3], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.459633\globalupdate.exe, In Quarantäne, [481ee37e69301c1ab2ec758cde2321df], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.459633\globalupdateBroker.exe, In Quarantäne, [a0c67ce5415802348915d22f1be6847c], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.459633\globalupdateCrashHandler.exe, In Quarantäne, [5214233e4b4e4cea0b930ff2639e18e8], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.459633\globalupdateOnDemand.exe, In Quarantäne, [84e295cc2d6cb581702e23de09f86b95], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.459633\goopdate.dll, In Quarantäne, [b8ae7ae7e5b4280ea7f7ce331de4738d], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.459633\goopdateres_en.dll, In Quarantäne, [9fc7d9881782181e77276c95d62ba957], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.459633\npglobalupdateUpdate4.dll, In Quarantäne, [fb6b94cdb2e7ac8a7c22db2635cc926e], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.459633\psmachine.dll, In Quarantäne, [e581f869dcbd112569352dd422df21df], PUP.Optional.ModGoog, C:\Users\Andri1\AppData\Local\Temp\comh.459633\psuser.dll, In Quarantäne, [98ce72ef5c3d8fa7e1bd7a8726dbcd33], PUP.Optional.ShopperPro, C:\Users\Andri1\AppData\Local\Temp\nsoCB96.tmp\setup.exe, In Quarantäne, [95d15f02e9b058ded53648c3917425db], Trojan.Dropper, C:\Users\Andri1\AppData\Local\Temp\Install_11674\ins_cr.exe, In Quarantäne, [eb7b4f12603964d2a925e31454acc33d], Trojan.Dropper, C:\Users\Andri1\AppData\Local\Temp\Install_11674\ins_iwebar.exe, In Quarantäne, [85e1ce93ecade155d1fd01f6aa5635cb], PUP.Optional.ShopperPro, C:\Users\Andri1\AppData\Local\Temp\Install_11674\ins_shopperpro.exe, In Quarantäne, [b6b0b2af2772f93d78071428dc25dc24], PUP.Optional.ConvertAd, C:\Windows\Temp\FFF8.tmp.exe, In Quarantäne, [3a2cc59ce9b0ec4a73e3f3ee30d115eb], PUP.Optional.GlobalUpdate, C:\Users\Andri1\AppData\Local\Temp\comh.127512\globalupdateHelper.msi, In Quarantäne, [aabc2839970278be1e49fed6cc36f30d], PUP.Optional.GlobalUpdate, C:\Users\Andri1\AppData\Local\Temp\comh.449295\globalupdateHelper.msi, In Quarantäne, [90d68cd5dfba3006f275c4107092857b], PUP.Optional.GlobalUpdate, C:\Users\Andri1\AppData\Local\Temp\comh.459633\globalupdateHelper.msi, In Quarantäne, [3b2b025fb1e8db5b68ffb420a45e9967], PUP.Optional.CrossAd.Gen, C:\Users\Andri1\AppData\Local\Diner Plugin\Component\config.json, In Quarantäne, [5e08c1a02673e15515b5ea254db8d030], PUP.Optional.CrossAd.Gen, C:\Users\Andri1\AppData\Local\Diner Plugin\Component\hello.js, In Quarantäne, [5e08c1a02673e15515b5ea254db8d030], PUP.Optional.CrossAd.Gen, C:\Users\Andri1\AppData\Local\Diner Plugin\Component\manifest.json, In Quarantäne, [5e08c1a02673e15515b5ea254db8d030], PUP.Optional.CrossAd.Gen, C:\Users\Andri1\AppData\Local\Diner Plugin\Component\scriptTagContext.js, In Quarantäne, [5e08c1a02673e15515b5ea254db8d030], PUP.Optional.CrossAd.Gen, C:\Users\Andri1\AppData\Local\Diner Plugin\Component\tmp_bg.js, In Quarantäne, [5e08c1a02673e15515b5ea254db8d030], PUP.Optional.CrossAd.Gen, C:\Users\Andri1\AppData\Local\Diner Plugin\Component\uconfig.json, In Quarantäne, [5e08c1a02673e15515b5ea254db8d030], PUP.Optional.CrossAd.Gen, C:\Users\Andri1\AppData\Local\Diner Plugin\xBin\c.dat, In Quarantäne, [5e08c1a02673e15515b5ea254db8d030], PUP.Optional.CrossAd.Gen, C:\Users\Andri1\AppData\Local\Diner Plugin\xBin\jslkf.dll, In Quarantäne, [5e08c1a02673e15515b5ea254db8d030], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Wenn ich jetzt Malwarebytes starte, wird zwar die neuste Datenbank korrekt angezeigt, aber ein neuer Suchlauf bricht immer nach wenigen Sekunden ab. Was tun? Herzlichen Dank Nambarra Hier noch das FRST-Log Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016 durchgeführt von Andri1 (Administrator) auf ANDRI (02-11-2016 22:18:48) Gestartet von C:\Users\Andri1\Desktop Geladene Profile: Andri1 & (Verfügbare Profile: Andri1 & dominik) Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Lenovo) C:\Windows\System32\ibmpmsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (© 2015 Microsoft Corporation) C:\Users\Andri1\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\msdt.exe (Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [248320 2009-12-03] (Alps Electric Co., Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9099440 2016-10-27] (AVAST Software) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKU\S-1-5-21-3167051921-3106254066-3612219389-1001\...\Run: [BingSvc] => C:\Users\Andri1\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-3167051921-3106254066-3612219389-1001\...\MountPoints2: {ef5ad53f-9baf-11e6-bf6c-002268ec5bd2} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3167051921-3106254066-3612219389-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\Andri1\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-3167051921-3106254066-3612219389-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef5ad53f-9baf-11e6-bf6c-002268ec5bd2} - "E:\HiSuiteDownLoader.exe" ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-08] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-17] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Andri1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012-12-23] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) GroupPolicyScripts: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.192.1 Tcpip\..\Interfaces\{FF36A725-F0B3-46BA-9A55-645D57D36921}: [DhcpNameServer] 192.168.192.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3167051921-3106254066-3612219389-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.ch.msn.com/ HKU\S-1-5-21-3167051921-3106254066-3612219389-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.ch.msn.com/ SearchScopes: HKU\S-1-5-21-3167051921-3106254066-3612219389-1022-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-3167051921-3106254066-3612219389-1022-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-30] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-25] (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-11] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-30] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-13] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-25] (AVAST Software) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-11] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-13] (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-11] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-11] (Google Inc.) Toolbar: HKU\S-1-5-21-3167051921-3106254066-3612219389-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-11] (Google Inc.) Toolbar: HKU\S-1-5-21-3167051921-3106254066-3612219389-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-11] (Google Inc.) FireFox: ======== FF DefaultProfile: x9ea8jin.default FF ProfilePath: C:\Users\Andri1\AppData\Roaming\Mozilla\Firefox\Profiles\x9ea8jin.default [2016-11-02] FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\x9ea8jin.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\x9ea8jin.default -> Bing FF Homepage: Mozilla\Firefox\Profiles\x9ea8jin.default -> www.google.ch FF Keyword.URL: Mozilla\Firefox\Profiles\x9ea8jin.default -> hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q= FF Extension: (Bing Search) - C:\Users\Andri1\AppData\Roaming\Mozilla\Firefox\Profiles\x9ea8jin.default\Extensions\bingsearch.full@microsoft.com [2015-09-20] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-08] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-08] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-13] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3167051921-3106254066-3612219389-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andri1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3167051921-3106254066-3612219389-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andri1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-12-13] <==== ACHTUNG (Zeigt auf eine *.cfg Datei) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.google.ch/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => Keine Datei CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\pdf.dll => Keine Datei CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => Keine Datei CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Keine Datei CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => Keine Datei CHR Profile: C:\Users\Andri1\AppData\Local\Google\Chrome\User Data\Default [2016-11-02] CHR Extension: (YouTube) - C:\Users\Andri1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16] CHR Extension: (Google-Suche) - C:\Users\Andri1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16] CHR Extension: (Avast Online Security) - C:\Users\Andri1\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-09-08] CHR Extension: (Avast SafePrice) - C:\Users\Andri1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-15] CHR Extension: (Avast Online Security) - C:\Users\Andri1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-22] CHR Extension: (Skype) - C:\Users\Andri1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-30] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Andri1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08] CHR Extension: (Google Mail) - C:\Users\Andri1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02] CHR Extension: (Chrome Media Router) - C:\Users\Andri1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-17] CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (Kein Name) - C:\Users\Andri1\AppData\Roaming\Opera Software\Opera Stable\Extensions\gppbppehiogfokmpligejhaepeopajdf [2015-11-20] ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-08] (AVAST Software) R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] S3 vmicvss; C:\WINDOWS\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S4 ApRunSvc; C:\Program Files\Apoint2K\ApRunSvc.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-08] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-08] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-08] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-08] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-08] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-08] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-16] (AVAST Software) R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.) S0 ebdrv; C:\WINDOWS\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-02] (Malwarebytes) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-11-02 22:18 - 2016-11-02 22:19 - 00020259 _____ C:\Users\Andri1\Desktop\FRST.txt 2016-11-02 22:18 - 2016-11-02 22:18 - 00000000 ____D C:\FRST 2016-11-02 22:18 - 2016-11-02 22:17 - 02408960 _____ (Farbar) C:\Users\Andri1\Desktop\FRST64.exe 2016-11-02 21:41 - 2016-11-02 21:41 - 00009803 _____ C:\Users\Andri1\Desktop\mbamlog1st.txt 2016-11-02 21:26 - 2016-11-02 21:26 - 00000049 _____ C:\Users\Andri1\Desktop\mbam.txt 2016-11-02 20:59 - 2016-11-02 21:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-11-02 20:58 - 2016-11-02 21:26 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-11-02 20:58 - 2016-11-02 20:58 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-11-02 20:58 - 2016-11-02 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-11-02 20:58 - 2016-11-02 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-11-02 20:58 - 2016-11-02 20:52 - 22851472 _____ (Malwarebytes ) C:\Users\Andri1\Desktop\mbam-setup-2.2.1.1043.exe 2016-11-02 20:58 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-11-02 20:58 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-11-02 20:58 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-10-30 16:49 - 2016-10-30 16:49 - 00000000 ____D C:\Users\Andri1\AppData\Local\Eclipse 2016-10-30 16:48 - 2016-10-30 16:57 - 00000000 ____D C:\Users\Andri1\workspace 2016-10-30 16:44 - 2016-10-30 16:48 - 00000000 ____D C:\Users\Andri1\Desktop\eclipse 2016-10-30 16:40 - 2016-10-30 16:40 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2016-10-30 16:37 - 2016-10-30 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2016-10-30 16:33 - 2016-10-30 16:41 - 231988138 _____ C:\Users\Andri1\Downloads\eclipse-jee-juno-win32-x86_64.zip 2016-10-30 16:28 - 2016-10-30 16:29 - 204090936 _____ (Oracle Corporation) C:\Users\Andri1\Downloads\jdk-8u111-windows-x64.exe 2016-10-23 12:37 - 2016-10-23 12:37 - 00074783 _____ C:\Users\Andri1\Downloads\rep303201371_20160101_p8083.pdf 2016-10-23 12:37 - 2016-10-23 12:37 - 00071951 _____ C:\Users\Andri1\Downloads\rep308932975_20160101_p8085.pdf 2016-10-23 12:37 - 2016-10-23 12:37 - 00071951 _____ C:\Users\Andri1\Downloads\rep308932975_20160101_p8085 (1).pdf 2016-10-13 23:34 - 2016-08-27 20:44 - 22360288 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-10-13 23:34 - 2016-08-27 20:44 - 02755504 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-10-13 23:34 - 2016-08-27 20:44 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe 2016-10-13 23:34 - 2016-08-27 19:26 - 19789232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-10-13 23:34 - 2016-08-27 19:26 - 02411048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-10-13 23:34 - 2016-08-27 19:26 - 00113656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe 2016-10-13 23:34 - 2016-08-27 17:33 - 02881536 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-10-13 23:34 - 2016-08-27 17:11 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-10-13 23:34 - 2016-08-27 17:09 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-10-13 23:34 - 2016-08-27 16:55 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-10-13 23:34 - 2016-08-20 23:24 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-10-13 23:34 - 2016-08-20 23:12 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-10-13 23:33 - 2016-09-13 00:48 - 00085680 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-10-13 23:33 - 2016-09-09 14:38 - 01629184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-10-13 23:33 - 2016-09-09 14:38 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-10-13 23:33 - 2016-09-09 14:38 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-10-13 23:33 - 2016-09-09 14:38 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-10-13 23:33 - 2016-09-09 14:38 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-10-13 23:33 - 2016-09-09 14:38 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll 2016-10-13 23:33 - 2016-09-09 14:38 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-10-13 23:33 - 2016-09-09 14:38 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-10-13 23:31 - 2016-09-30 08:55 - 25765376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-10-13 23:31 - 2016-09-30 07:09 - 06048256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-10-13 23:31 - 2016-09-30 06:47 - 20306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-10-13 23:31 - 2016-09-30 06:21 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-10-13 23:31 - 2016-08-12 22:47 - 15431168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-10-13 23:31 - 2016-08-12 21:52 - 13317120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-10-13 23:31 - 2016-07-30 18:12 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2016-10-13 23:31 - 2016-07-30 17:36 - 02537472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2016-10-13 23:30 - 2016-10-01 01:22 - 07444312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-10-13 23:30 - 2016-09-30 07:25 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-10-13 23:30 - 2016-09-30 07:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-10-13 23:30 - 2016-09-30 06:42 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-10-13 23:30 - 2016-09-30 06:41 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-10-13 23:30 - 2016-09-30 06:38 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-10-13 23:30 - 2016-09-30 06:32 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-10-13 23:30 - 2016-09-30 06:31 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-10-13 23:30 - 2016-09-30 06:17 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-10-13 23:30 - 2016-09-30 06:12 - 04608512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-10-13 23:30 - 2016-09-30 06:11 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-10-13 23:30 - 2016-09-30 06:05 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-10-13 23:30 - 2016-09-30 06:05 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-10-13 23:30 - 2016-09-30 06:03 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-10-13 23:30 - 2016-09-30 05:46 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-10-13 23:30 - 2016-09-30 05:43 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-10-13 23:30 - 2016-09-17 19:16 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll 2016-10-13 23:30 - 2016-09-17 18:21 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll 2016-10-13 23:30 - 2016-09-17 18:02 - 01446400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-10-13 23:30 - 2016-09-14 02:53 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-10-13 23:30 - 2016-09-14 02:53 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-10-13 23:30 - 2016-09-14 02:53 - 01490112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-10-13 23:30 - 2016-09-14 02:53 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-10-13 23:30 - 2016-09-09 15:17 - 04170752 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-10-13 23:30 - 2016-09-08 21:41 - 00121176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2016-10-13 23:30 - 2016-09-08 15:00 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2016-10-13 23:30 - 2016-09-08 15:00 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2016-10-13 23:30 - 2016-09-07 23:07 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2016-10-13 23:30 - 2016-09-07 22:59 - 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-10-13 23:30 - 2016-09-07 22:59 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2016-10-13 23:30 - 2016-09-07 22:57 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2016-10-13 23:30 - 2016-09-07 22:56 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-10-13 23:30 - 2016-08-31 18:22 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll 2016-10-13 23:30 - 2016-08-31 17:33 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll 2016-10-13 23:30 - 2016-08-25 21:50 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2016-10-13 23:30 - 2016-08-25 20:40 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll 2016-10-13 23:30 - 2016-08-13 01:05 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL 2016-10-13 23:30 - 2016-08-13 01:02 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys 2016-10-13 23:30 - 2016-08-13 01:01 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2016-10-13 23:30 - 2016-08-12 23:35 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll 2016-10-13 23:30 - 2016-08-12 23:19 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL 2016-10-13 23:30 - 2016-08-12 22:17 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll 2016-10-13 23:30 - 2016-08-12 02:58 - 02315496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2016-10-13 23:30 - 2016-08-12 02:58 - 01946176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2016-10-13 23:30 - 2016-08-11 19:33 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys 2016-10-13 23:30 - 2016-08-11 19:33 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys 2016-10-13 23:30 - 2016-08-11 18:17 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe 2016-10-13 23:30 - 2016-08-11 14:39 - 00445765 _____ C:\WINDOWS\system32\ApnDatabase.xml 2016-10-13 23:30 - 2016-08-11 06:46 - 00420184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2016-10-13 23:30 - 2016-08-03 16:42 - 01317888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2016-10-13 23:30 - 2016-08-03 16:36 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2016-10-13 23:30 - 2016-08-03 16:36 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2016-10-13 23:30 - 2016-08-03 16:33 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2016-10-13 23:30 - 2016-07-23 19:18 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2016-10-13 23:30 - 2016-07-23 19:12 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2016-10-13 23:29 - 2016-09-30 07:12 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-10-13 23:29 - 2016-09-30 06:33 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-10-13 23:29 - 2016-09-30 06:33 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-10-13 23:29 - 2016-09-30 06:32 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-10-13 23:29 - 2016-09-30 06:06 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-10-13 23:29 - 2016-09-30 06:05 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-10-13 23:29 - 2016-09-30 05:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-10-13 23:29 - 2016-09-30 05:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-10-13 23:29 - 2016-09-17 18:53 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-10-13 23:29 - 2016-09-17 18:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-10-13 23:29 - 2016-09-12 23:03 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2016-10-13 23:29 - 2016-09-12 22:01 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2016-10-13 23:29 - 2016-08-13 01:03 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifibus.sys 2016-10-13 23:29 - 2016-08-11 19:33 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys 2016-10-13 23:29 - 2016-07-26 14:40 - 00162850 _____ C:\WINDOWS\SysWOW64\C_932.NLS 2016-10-13 23:29 - 2016-07-26 14:40 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-11-02 21:48 - 2014-11-21 04:35 - 01686150 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-11-02 21:48 - 2014-11-21 03:45 - 00727930 _____ C:\WINDOWS\system32\perfh007.dat 2016-11-02 21:48 - 2014-11-21 03:45 - 00151586 _____ C:\WINDOWS\system32\perfc007.dat 2016-11-02 21:48 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf 2016-11-02 21:46 - 2012-12-17 19:07 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3167051921-3106254066-3612219389-1001 2016-11-02 21:38 - 2012-12-17 21:38 - 00004180 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-11-02 21:28 - 2013-09-07 11:30 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-02 21:28 - 2013-09-07 11:30 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-02 21:28 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-11-02 21:14 - 2015-11-12 18:47 - 00000000 ____D C:\Program Files (x86)\ca373d01-2b6e-4153-b669-af6ed8d41ee2 2016-11-02 21:14 - 2013-06-02 20:09 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2016-11-02 10:08 - 2015-05-12 16:41 - 00000000 ____D C:\Users\Andri1 2016-11-02 10:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing 2016-11-01 20:10 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache 2016-11-01 20:00 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-11-01 18:53 - 2016-08-28 20:52 - 00000000 ____D C:\Users\Andri1\AppData\Local\ElevatedDiagnostics 2016-11-01 13:33 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-10-31 20:52 - 2012-12-17 23:15 - 00000000 ____D C:\Users\Andri1\Documents\Outlook-Dateien 2016-10-30 20:36 - 2015-09-20 09:17 - 00000000 ____D C:\Users\Andri1\AppData\Roaming\Skype 2016-10-30 16:40 - 2015-04-09 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-10-30 16:39 - 2013-04-07 16:47 - 00000000 ____D C:\Program Files\Java 2016-10-30 14:39 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-10-25 19:34 - 2013-09-07 11:31 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-25 19:34 - 2013-09-07 11:31 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-10-25 19:04 - 2015-09-20 09:16 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-10-24 22:54 - 2016-09-15 13:52 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-10-24 22:54 - 2016-09-15 13:52 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-10-23 14:04 - 2013-08-22 15:44 - 00414536 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-10-23 14:03 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-10-23 14:02 - 2015-01-03 18:20 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-10-23 14:02 - 2014-11-21 12:07 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2016-10-23 14:02 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-10-23 12:50 - 2014-11-21 05:04 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2016-10-23 12:49 - 2013-08-20 18:33 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-10-23 12:40 - 2012-12-18 20:42 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-10-23 12:35 - 2015-11-16 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-10-23 12:32 - 2015-11-16 14:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-10-23 12:32 - 2015-11-16 14:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-10-23 12:30 - 2015-09-20 09:16 - 00000000 ____D C:\ProgramData\Skype 2016-10-16 19:32 - 2013-03-22 22:36 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2016-10-11 15:47 - 2015-01-03 18:07 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-10-11 15:46 - 2016-06-02 19:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-06-01 21:20 - 2014-06-01 21:20 - 0025083 _____ () C:\Users\Andri1\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2012-12-17 23:01 - 2016-08-28 21:13 - 0001724 _____ () C:\ProgramData\hpzinstall.log Einige Dateien in TEMP: ==================== C:\Users\Andri1\AppData\Local\Temp\BingSvc.exe C:\Users\Andri1\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Andri1\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Andri1\AppData\Local\Temp\libeay32.dll C:\Users\Andri1\AppData\Local\Temp\msvcr120.dll C:\Users\Andri1\AppData\Local\Temp\Opera_NI_stable.exe C:\Users\Andri1\AppData\Local\Temp\SkypeSetup.exe C:\Users\Andri1\AppData\Local\Temp\sqlite3.dll C:\Users\Andri1\AppData\Local\Temp\tu17p84.exe C:\Users\Andri1\AppData\Local\Temp\{9011CF9E-2C61-432A-8F6C-2801053FD74A}-47.0.2526.80_46.0.2490.86_chrome_updater_3stage.exe C:\Users\Andri1\AppData\Local\Temp\{B3D94A63-9A41-46FA-AE04-A6EDF1FA7275}-53.0.2785.113_53.0.2785.101_chrome_updater.exe C:\Users\Andri1\AppData\Local\Temp\{FEC2C8DD-BE21-41BF-A12D-230B24DFBBDB}-48.0.2564.97_chrome_installer.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-11-02 22:04 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 30-10-2016
durchgeführt von Andri1 (02-11-2016 22:19:47)
Gestartet von C:\Users\Andri1\Desktop
Windows 8.1 Pro (Update) (X64) (2015-05-12 20:06:13)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3167051921-3106254066-3612219389-500 - Administrator - Disabled)
Andri1 (S-1-5-21-3167051921-3106254066-3612219389-1001 - Administrator - Enabled) => C:\Users\Andri1
dominik (S-1-5-21-3167051921-3106254066-3612219389-1022 - Limited - Enabled) => C:\Users\dominik
Gast (S-1-5-21-3167051921-3106254066-3612219389-501 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909a (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-3167051921-3106254066-3612219389-1022-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ACHTUNG
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
English Grammar in Use Extra application (HKLM-x32\...\EnglishGrammarinUseExtra) (Version: 1.0.0 - Cambridge University Press Holdings Limited)
English Grammar in Use Extra application (x32 Version: 1.0.0 - Cambridge University Press Holdings Limited) Hidden
English Grammar in Use Extra content (HKLM-x32\...\English Grammar in Use Extra content) (Version: 1.0.0.0 - Cambridge University Press)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8500 A909 Series (HKLM\...\{49C2B7C1-A4E7-4770-8E30-255795AD4712}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{D549B5E2-DBE8-4190-ABA5-71106264398C}) (Version: 12.5.32.37 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation)
Jihosoft Android Phone Recovery Version 8.3.4 (HKLM-x32\...\{698995E2-97BA-42BD-893A-DB51B408E36A}_is1) (Version: 8.3.4 - HONGKONG JIHO CO., LIMITED)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
MPM (HKLM-x32\...\{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
TeXstudio 2.10.2 (HKLM-x32\...\TeXstudio_is1) (Version: 2.10.2 - Benito van der Zander)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.43 - )
ThinkPad UltraNav Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.202.1616.206 - ALPS ELECTRIC CO., LTD.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3167051921-3106254066-3612219389-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3167051921-3106254066-3612219389-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11ACDE7F-D3F1-4120-9349-B16D62F927B7} - System32\Tasks\{7F15B07A-10F6-48FD-B57A-6F141F4D641A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/de/abandoninstall?page=tsProgressBar
Task: {2063574E-4910-4210-99F5-ADC1E78CACF5} - System32\Tasks\{426EDAD7-899B-44D4-A93F-C434E3058547} => Chrome.exe hxxp://ui.skype.com/ui/0/7.14.0.106/de/abandoninstall?page=tsProgressBar
Task: {31160FF6-7B61-49D6-8A24-9C0F65E2752B} - System32\Tasks\{6A565489-8057-4110-BD0D-A4F47BA81988} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/de/abandoninstall?page=tsProgressBar
Task: {34429B2C-9A7A-44DD-BC51-70B3CA2D6CA5} - System32\Tasks\{2E737078-C8EA-4C06-9CD7-4B2E03010F45} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/de/abandoninstall?page=tsProgressBar
Task: {43532483-4500-475B-87A1-BA802AD63F22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {4D6737E8-D564-44FB-B268-5615671E7306} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-08] (AVAST Software)
Task: {50260A08-5D4B-4E59-893A-4B1A9B77121F} - System32\Tasks\SafeZone scheduled Autoupdate 1458742057 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {58A1ACFD-B93A-46AA-9C52-DB82EE16C4AB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-10-23] (Microsoft Corporation)
Task: {674DA2B0-C3B4-4C2A-BA38-D31328012EBC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {745517D5-1995-4E26-8193-B10CE6064862} - System32\Tasks\{A208D5B9-BFB1-4FB3-8EBD-0ECA74C31A84} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/de/abandoninstall?page=tsProgressBar
Task: {7A0A4660-C5E9-431F-B071-961E1EE844CE} - System32\Tasks\{C2110B72-52DD-4805-AF4D-4A915C5C0B93} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/de/abandoninstall?page=tsProgressBar
Task: {7EB921D3-0590-4159-B6B6-078A13AA9C38} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-23] (Microsoft Corporation)
Task: {8ADA812A-AA12-4DBB-AEB5-EC5A72EF3FD9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9A1EBEDD-38A5-4867-9502-4623E598A329} - System32\Tasks\{C37A3040-4A5E-491F-8382-ADCD62DAFAC5} => Chrome.exe hxxp://ui.skype.com/ui/0/7.14.0.106/de/abandoninstall?page=tsProgressBar
Task: {9DAF2FDA-22D5-41DE-ACC6-F89C7FD1C1E5} - System32\Tasks\{D1CDFCC9-6936-47E9-9D91-F6310FC098F9} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/de/abandoninstall?page=tsProgressBar
Task: {AB960842-82C7-449E-A259-556D0A6497B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {B54708C7-C7EA-431E-A83A-08990F9DB47B} - System32\Tasks\{09BED383-1425-482B-AFED-99526A35F482} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/de/abandoninstall?page=tsProgressBar
Task: {BA928206-5A2D-4CC6-9099-DD5F190BC5ED} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {BBDDFFA2-CDF2-48AA-9B12-779C91741A63} - System32\Tasks\{2A36488C-0FFD-4AA0-A6FA-9B408A96E2C6} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/de/abandoninstall?page=tsProgressBar
Task: {BE61317A-F03E-41AD-9960-2487E07D68AA} - System32\Tasks\{CB09E082-B89E-4BAE-936B-08B03E1B36B7} => Chrome.exe hxxp://ui.skype.com/ui/0/7.14.0.106/de/abandoninstall?page=tsProgressBar
Task: {C94602DF-F295-4CA1-B396-B3B2AFDF6864} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {CFF18615-4573-40AC-B212-C136EBD18AAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {E75E78D1-6C21-4ADC-BF3D-F926C090DAFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {EA17FCFE-6E4B-4ABD-B093-72AC2F865C70} - System32\Tasks\{7E8E9D85-E3FA-4010-A5E3-CC2272D74971} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/de/abandoninstall?page=tsProgressBar
Task: {FA32DA6A-4E5A-4855-AECA-58A175A15FD2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-09-08 19:32 - 2016-09-08 19:32 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-30 14:38 - 2016-10-30 14:38 - 03125136 _____ () C:\Program Files\AVAST Software\Avast\defs\16103000\algo.dll
2016-09-08 19:32 - 2016-09-08 19:32 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-30 19:19 - 2016-06-30 19:19 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3167051921-3106254066-3612219389-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andri1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3167051921-3106254066-3612219389-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Andri1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3167051921-3106254066-3612219389-1022-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.192.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Dienst läuft nicht.
bfe => Firewall Dienst läuft nicht.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B22702E8-B191-49B1-8C7E-A1F3766A52F9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{C9311A72-46C9-4F1D-AEB3-90F29A422031}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A6CB1358-573A-4C51-9783-6C0BBFB5B2D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CAD24EC4-3EA7-408E-95E7-602DDCF32EBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0472B24F-4010-4304-8E0B-A7CE5A8483DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C19D60F4-8D26-4D3A-AD80-ED872603F857}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{99726447-BB20-49E2-9B9B-7CC9F8E9B2E4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E2135B89-3217-43E6-A5FA-39AF0C1AB1B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C0AEBDB0-E944-4624-BD26-C8FF823D6CB8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{59D51D20-5BC1-4FC6-9BD1-30864B930972}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{DFCBA347-84AD-4514-9E44-95F7BEAE44BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{2C11D266-BE8D-4769-B3A4-33A00FC1F5DE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{E41920E4-6437-422C-933C-C1AB7A4D46A8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{4C3839FC-B531-4781-9CF6-9840C2646376}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{31BAB0EA-2A86-4855-86FA-8D004D90B2B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{E13706BA-3762-46B5-AEA7-67A3581B4C1B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{FB792A37-B879-4D3F-84C2-E5D0965A2E67}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{166D3F6A-DD1D-4822-85F5-C23C420DA455}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{0DEF3559-2C0A-41BF-8ED7-6BFBBB28CB8F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{53008F77-36B9-4E9B-9A48-D722D43074B9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{BD6BECF6-975B-418F-A747-DEE5B4AF899A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{EF85B4CA-BBC8-472A-94D5-2F9B79EC967B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{8415D97E-7692-4F33-B699-684AE68C6DDA}] => (Allow) C:\Users\Andri1\AppData\Local\Temp\7zS725C\setup\hpznui40.exe
FirewallRules: [TCP Query User{F51A7A50-48B5-41A0-9E20-9AA5918B6BE3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{89FDD3E7-590E-4C69-A652-91083CC927DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E5DE5BB6-D1F9-4E24-8B08-FBA9A1B7B135}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{82F9D858-4885-4CDB-9D1D-70CF45F390B5}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B9947CB7-4C9D-4FA7-85EB-B13D60EAFE96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D17F7EAA-C4E8-408A-9A2C-EE5D5C246BA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A9B6646-7F4A-46BF-A066-C69DC4769E87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
23-10-2016 12:26:06 Windows Update
30-10-2016 14:37:45 Windows Update
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/02/2016 10:05:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/02/2016 09:52:44 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0x80070005
6.3.9600.18376
Error: (11/02/2016 09:52:44 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0x80070005
6.3.9600.18376
Error: (11/02/2016 09:31:46 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0x80070005
6.3.9600.18376
Error: (11/02/2016 09:31:46 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0x80070005
6.3.9600.18376
Error: (11/02/2016 09:30:45 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0x80070005
6.3.9600.18376
Error: (11/02/2016 09:30:44 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0x80070005
6.3.9600.18376
Error: (11/02/2016 09:30:17 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0x80070005
6.3.9600.18376
Error: (11/02/2016 09:30:17 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0x80070005
6.3.9600.18376
Error: (11/02/2016 09:29:43 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0x80070005
6.3.9600.18376
Systemfehler:
=============
Error: (11/02/2016 10:18:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Zugriff verweigert
Error: (11/02/2016 10:18:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
Zugriff verweigert
Error: (11/02/2016 10:18:52 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 1004) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden des Dhcpv4-Clientdiensts. Fehlercode 5. Der ShutDown-Kennzeichenwert lautet 0.
Error: (11/02/2016 10:18:52 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 17270) (User: NT-AUTORITÄT)
Description: Fehler bei der DHCPv4-Initialisierung. Fehlercode: 5.
Error: (11/02/2016 10:18:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Zugriff verweigert
Error: (11/02/2016 10:18:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
Zugriff verweigert
Error: (11/02/2016 10:18:29 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 1004) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden des Dhcpv4-Clientdiensts. Fehlercode 5. Der ShutDown-Kennzeichenwert lautet 0.
Error: (11/02/2016 10:18:29 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 17270) (User: NT-AUTORITÄT)
Description: Fehler bei der DHCPv4-Initialisierung. Fehlercode: 5.
Error: (11/02/2016 10:17:37 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1068" in DCOM, als der Dienst "netprofm" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
Error: (11/02/2016 10:17:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM)2 Duo CPU U9400 @ 1.40GHz
Prozentuale Nutzung des RAM: 51%
Installierter physikalischer RAM: 1992.02 MB
Verfügbarer physikalischer RAM: 965.84 MB
Summe virtueller Speicher: 3272.02 MB
Verfügbarer virtueller Speicher: 2018.29 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:119.24 GB) (Free:47.37 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: ED1F86F7)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
06.11.2016, 11:41
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Diverse Trojaner, Windows 8.1 Pro Hallo und
__________________ +++ WICHTIGER HINWEIS +++ Während der Analyse und Bereinigung nimmst du KEINERLEI Änderungen auf eigene Faust vor, d.h. du installierst oder deinstallierst keine Software ohne Absprache. Auch veränderst du keine Systemeinstellungen, solange wir deinen Fall bearbeiten. Änderungen, Installationen oder Deinstallationen machst du AUSSCHLIESSLICH nur auf Anweisung! Es wird erforderlich sein, deinen Virenscanner zu deaktivieren und in bestimmten Fällen auch zu deinstallieren, damit vernünftig bereinigt werden kann. Dein System ist daher erst wenn wir hier fertig sind wieder für den alltäglichen Gebrauch wie surfen oder mailen von mir freigegeben. Gelesen und verstanden? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
06.11.2016, 12:35
| #3 |
| | Diverse Trojaner, Windows 8.1 Pro Hallo Cosinus
__________________Herzlichen Dank, dass du dich der Sache annimmst! Weitere Logs habe ich leider zur Zeit keine weiteren, ausser die Befunde von malwarebytes, die ich am Annfang meines Posts reingestellt habe. |
|
06.11.2016, 12:39
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Trojaner, Windows 8.1 Pro Bitte Avast deinstallieren. Das Teil können wir einfach nicht mehr guten Gewissens empfehlen. => Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog Auch andere Freewareanbieter wie Avira, AVG oder Panda springen auf diesen oder ähnlichen Zügen rauf, basteln Junkware in die Setups, arbeiten mit ASK zusammen etc; so was ist bei Sicherheitssoftware einfach inakzeptabel. Gib Bescheid wenn Avast weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.11.2016, 13:06
| #5 |
| | Diverse Trojaner, Windows 8.1 Pro Ok, Avast ist jetzt weg |
|
06.11.2016, 13:54
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Trojaner, Windows 8.1 Pro 1. Schritt: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers 2. Schritt: Kaspersky TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ --> Diverse Trojaner, Windows 8.1 Pro |
|
06.11.2016, 14:08
| #7 |
| | Diverse Trojaner, Windows 8.1 Pro Ich habe mit dem befallenen Rechner kein Internet-Zugang. Durch den Malware-Befall kann ich zwar noch ins WLAN, aber der I-Net Zugang wird verweigert. Kann ich das malware-anti-rrotkit auf meinen Rechner installieren und dann aktualisieren? Welche Dateien muss ich dann auf den befallenen Rechner kopieren damit ich die aktuellste Datenbank dort lokal habe? |
|
06.11.2016, 14:32
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Trojaner, Windows 8.1 Pro Ah, das hab ich überlesen/vergessen  In diesem Fall sollten wir erstmal die Internetverbindung fixen. Ohne ist das ein Generve ohne Ende bei der Reinigung. Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.11.2016, 14:41
| #9 |
| | Diverse Trojaner, Windows 8.1 Pro Habe ich gemacht. FSS.txt ergibt Code:
ATTFilter Farbar Service Scanner Version: 27-01-2016
Ran by Andri1 (administrator) on 06-11-2016 at 14:38:32
Running from "C:\Users\Andri1\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
|
|
06.11.2016, 14:51
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Trojaner, Windows 8.1 ProZitat:
Wenn der nicht läuft bekommst du diese Adressen für den Netzwerkadapter nicht und das ist auch der Grund dafür, dass du nicht ins Internet kommst trotz bestehender Verbindung. Geh mal bitte in die Computerverwaltung; dort in der Konfig die Dienste auswählen. Im rechten Teilfenster siehst du eine Vielzahl von Dienste, such dort nach DHCP-Client, doppelklick und dann auf starten klicken. Notiere die Fehlermeldung und poste sie.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.11.2016, 15:04
| #11 |
| | Diverse Trojaner, Windows 8.1 Pro Es kommt die gleiche Fehlermeldung wie wenn ich den Netzwerkdiagnosedienst versucht habe zu starten. Der Dienst "DHCP-Client" auf "Lokaler Computer" konnte nicht gestartet werden. Fehler 5: Zugriff verweigert Die Meldung kommt auch, wenn ich es als Administrator ausführe. Aufgrund dieser Fehlermeldung bin ich erst darauf gekommen, nach Malware zu suchen Irgendwelche Booster- oder Tuning-Software sollte meines Wissens nicht installiert sein |
|
06.11.2016, 19:32
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Trojaner, Windows 8.1 Pro Mach mal bitte das hier > Windows reparieren - so geht's - Anleitungen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.11.2016, 22:16
| #13 |
| | Diverse Trojaner, Windows 8.1 Pro So, hat eine Weile gedauert, aber die Reparatur hat funktioniert! Internetzugang geht wieder. Soll ich jetzt weiterfahren mit Anti-Rootkit und Kapersky TDSS-Killer? |
|
07.11.2016, 10:03
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Trojaner, Windows 8.1 Pro ja genau
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.11.2016, 20:29
| #15 |
| | Diverse Trojaner, Windows 8.1 Pro Also, malwarebytes anti-root kit ergab keinen Befund Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.11.07.07
rootkit: v2016.10.31.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18500
Andri1 :: ANDRI [administrator]
07.11.2016 19:16:37
mbar-log-2016-11-07 (19-16-37).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 392528
Time elapsed: 28 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 20:18:40.0989 0x0cb0 TDSS rootkit removing tool 3.1.0.11 Aug 5 2016 12:13:31
20:19:04.0702 0x0cb0 ============================================================
20:19:04.0702 0x0cb0 Current date / time: 2016/11/07 20:19:04.0702
20:19:04.0702 0x0cb0 SystemInfo:
20:19:04.0702 0x0cb0
20:19:04.0702 0x0cb0 OS Version: 6.3.9600 ServicePack: 0.0
20:19:04.0702 0x0cb0 Product type: Workstation
20:19:04.0702 0x0cb0 ComputerName: ANDRI
20:19:04.0702 0x0cb0 UserName: Andri1
20:19:04.0702 0x0cb0 Windows directory: C:\WINDOWS
20:19:04.0702 0x0cb0 System windows directory: C:\WINDOWS
20:19:04.0702 0x0cb0 Running under WOW64
20:19:04.0703 0x0cb0 Processor architecture: Intel x64
20:19:04.0703 0x0cb0 Number of processors: 2
20:19:04.0703 0x0cb0 Page size: 0x1000
20:19:04.0703 0x0cb0 Boot type: Normal boot
20:19:04.0703 0x0cb0 CodeIntegrityOptions = 0x00000001
20:19:04.0703 0x0cb0 ============================================================
20:19:04.0841 0x0cb0 KLMD registered as C:\WINDOWS\system32\drivers\35999307.sys
20:19:04.0841 0x0cb0 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18505, osProperties = 0x19
20:19:06.0735 0x0cb0 System UUID: {04D4D460-E1BA-63D0-2018-6D622ECFA616}
20:19:08.0592 0x0cb0 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:19:08.0599 0x0cb0 ============================================================
20:19:08.0599 0x0cb0 \Device\Harddisk0\DR0:
20:19:08.0599 0x0cb0 MBR partitions:
20:19:08.0600 0x0cb0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEE78761
20:19:08.0600 0x0cb0 ============================================================
20:19:08.0601 0x0cb0 C: <-> \Device\Harddisk0\DR0\Partition1
20:19:08.0601 0x0cb0 ============================================================
20:19:08.0602 0x0cb0 Initialize success
20:19:08.0602 0x0cb0 ============================================================
20:20:53.0919 0x0334 ============================================================
20:20:53.0919 0x0334 Scan started
20:20:53.0920 0x0334 Mode: Manual; SigCheck; TDLFS;
20:20:53.0920 0x0334 ============================================================
20:20:53.0920 0x0334 KSN ping started
20:20:55.0070 0x0334 KSN ping finished: true
20:20:55.0436 0x0334 ================ Scan system memory ========================
20:20:55.0437 0x0334 System memory - ok
20:20:55.0437 0x0334 ================ Scan services =============================
20:20:55.0534 0x0334 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
20:20:55.0626 0x0334 1394ohci - ok
20:20:55.0650 0x0334 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
20:20:55.0674 0x0334 3ware - ok
20:20:55.0712 0x0334 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
20:20:55.0764 0x0334 ACPI - ok
20:20:55.0777 0x0334 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
20:20:55.0798 0x0334 acpiex - ok
20:20:55.0807 0x0334 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
20:20:55.0827 0x0334 acpipagr - ok
20:20:55.0836 0x0334 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
20:20:55.0864 0x0334 AcpiPmi - ok
20:20:55.0872 0x0334 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
20:20:55.0892 0x0334 acpitime - ok
20:20:55.0904 0x0334 [ DC00FD73505DAEDD99CAF4533B0C05BD, 2863D1F0587B79254FBE093C191C73892768CF2AC59BEF97745EE66CEE3473AF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:20:55.0921 0x0334 AdobeARMservice - ok
20:20:55.0967 0x0334 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:20:56.0028 0x0334 ADP80XX - ok
20:20:56.0051 0x0334 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
20:20:56.0092 0x0334 AeLookupSvc - ok
20:20:56.0124 0x0334 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\WINDOWS\system32\drivers\afd.sys
20:20:56.0207 0x0334 AFD - ok
20:20:56.0221 0x0334 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
20:20:56.0240 0x0334 agp440 - ok
20:20:56.0252 0x0334 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:20:56.0305 0x0334 ahcache - ok
20:20:56.0317 0x0334 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
20:20:56.0348 0x0334 ALG - ok
20:20:56.0363 0x0334 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
20:20:56.0394 0x0334 AmdK8 - ok
20:20:56.0407 0x0334 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
20:20:56.0430 0x0334 AmdPPM - ok
20:20:56.0443 0x0334 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
20:20:56.0463 0x0334 amdsata - ok
20:20:56.0484 0x0334 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
20:20:56.0516 0x0334 amdsbs - ok
20:20:56.0526 0x0334 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
20:20:56.0543 0x0334 amdxata - ok
20:20:56.0561 0x0334 [ F41E7C078D07118EF7CBEA0A74FA1DEB, 83C4770C58D85EB6445250F5996B07D0F07CF56BAE1287762B3648B50505616F ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:20:56.0593 0x0334 ApfiltrService - ok
20:20:56.0606 0x0334 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
20:20:56.0638 0x0334 AppID - ok
20:20:56.0648 0x0334 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
20:20:56.0669 0x0334 AppIDSvc - ok
20:20:56.0687 0x0334 [ 734622FBA766DBD65B1803549B24A04A, 3B6872B87A60D4DA265D3B8AB0561A929CFE2C097419183E93D3843422363C89 ] Appinfo C:\WINDOWS\System32\appinfo.dll
20:20:56.0721 0x0334 Appinfo - ok
20:20:56.0731 0x0334 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:20:56.0745 0x0334 Apple Mobile Device - ok
20:20:56.0763 0x0334 [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10ED387A2B99EC216 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:20:56.0798 0x0334 AppMgmt - ok
20:20:56.0836 0x0334 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
20:20:56.0894 0x0334 AppReadiness - ok
20:20:56.0964 0x0334 [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
20:20:57.0054 0x0334 AppXSvc - ok
20:20:57.0065 0x0334 ApRunSvc - ok
20:20:57.0079 0x0334 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
20:20:57.0102 0x0334 arcsas - ok
20:20:57.0117 0x0334 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:20:57.0140 0x0334 AsyncMac - ok
20:20:57.0150 0x0334 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
20:20:57.0166 0x0334 atapi - ok
20:20:57.0225 0x0334 [ 23C140EA2ADA4F0E034F682C57F8DE62, ECF612263E2E98542551D975082D684FCB87B043093B10FC4AC5448712BB51C8 ] ATSwpWDF C:\WINDOWS\system32\DRIVERS\ATSwpWDF.sys
20:20:57.0295 0x0334 ATSwpWDF - ok
20:20:57.0316 0x0334 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:20:57.0355 0x0334 AudioEndpointBuilder - ok
20:20:57.0403 0x0334 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
20:20:57.0470 0x0334 Audiosrv - ok
20:20:57.0492 0x0334 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
20:20:57.0526 0x0334 AxInstSV - ok
20:20:57.0560 0x0334 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
20:20:57.0608 0x0334 b06bdrv - ok
20:20:57.0622 0x0334 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:20:57.0651 0x0334 BasicDisplay - ok
20:20:57.0662 0x0334 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
20:20:57.0691 0x0334 BasicRender - ok
20:20:57.0712 0x0334 [ F8FE7E12F8151E0A17C23CF840599F9A, 5D1AA3A5DAC08B521A7BE775F32434AFF1F5F19B69CD16D2D94B0D399E61C371 ] bcbtums C:\WINDOWS\system32\drivers\bcbtums.sys
20:20:57.0733 0x0334 bcbtums - ok
20:20:57.0840 0x0334 [ ACB44407FF63C3A5A22AB5782F209604, 86BE221F07EB49D2149710CCCE4F0C24677560FEFD41F093C6D2BA0C962CF5C3 ] BcmBtRSupport C:\WINDOWS\system32\BtwRSupportService.exe
20:20:57.0959 0x0334 BcmBtRSupport - ok
20:20:57.0978 0x0334 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
20:20:57.0991 0x0334 bcmfn2 - ok
20:20:58.0014 0x0334 [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC C:\WINDOWS\System32\bdesvc.dll
20:20:58.0059 0x0334 BDESVC - ok
20:20:58.0069 0x0334 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:20:58.0097 0x0334 Beep - ok
20:20:58.0141 0x0334 [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE C:\WINDOWS\System32\bfe.dll
20:20:58.0212 0x0334 BFE - ok
20:20:58.0265 0x0334 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
20:20:58.0364 0x0334 BITS - ok
20:20:58.0398 0x0334 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:20:58.0436 0x0334 Bonjour Service - ok
20:20:58.0450 0x0334 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
20:20:58.0485 0x0334 bowser - ok
20:20:58.0505 0x0334 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:20:58.0547 0x0334 BrokerInfrastructure - ok
20:20:58.0561 0x0334 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
20:20:58.0598 0x0334 Browser - ok
20:20:58.0609 0x0334 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:20:58.0642 0x0334 BthAvrcpTg - ok
20:20:58.0653 0x0334 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
20:20:58.0683 0x0334 BthEnum - ok
20:20:58.0696 0x0334 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
20:20:58.0762 0x0334 BthHFEnum - ok
20:20:58.0773 0x0334 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
20:20:58.0794 0x0334 bthhfhid - ok
20:20:58.0819 0x0334 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
20:20:58.0853 0x0334 BthHFSrv - ok
20:20:58.0866 0x0334 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
20:20:58.0896 0x0334 BTHMODEM - ok
20:20:58.0910 0x0334 [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
20:20:58.0943 0x0334 BthPan - ok
20:20:59.0012 0x0334 [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
20:20:59.0133 0x0334 BTHPORT - ok
20:20:59.0149 0x0334 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
20:20:59.0182 0x0334 bthserv - ok
20:20:59.0196 0x0334 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
20:20:59.0221 0x0334 BTHUSB - ok
20:20:59.0238 0x0334 [ BC279FCEE9FC8CBF991D5DE539771AA9, 5DE007672BFBFA78C44CC08251F495420402AFF4AD01541AA84AD37BD4A58190 ] btwampfl C:\WINDOWS\system32\DRIVERS\btwampfl.sys
20:20:59.0258 0x0334 btwampfl - ok
20:20:59.0271 0x0334 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:20:59.0306 0x0334 cdfs - ok
20:20:59.0325 0x0334 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
20:20:59.0350 0x0334 cdrom - ok
20:20:59.0366 0x0334 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
20:20:59.0403 0x0334 CertPropSvc - ok
20:20:59.0415 0x0334 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
20:20:59.0436 0x0334 circlass - ok
20:20:59.0462 0x0334 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
20:20:59.0501 0x0334 CLFS - ok
20:20:59.0521 0x0334 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
20:20:59.0550 0x0334 CmBatt - ok
20:20:59.0583 0x0334 [ 5CBF8B3E27D824D2AA2A34AFB406F1D0, 955AF1307C02D2B4DEEB150F37F77B8631C0F3C450037C233E9E27D6571B0265 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
20:20:59.0637 0x0334 CNG - ok
20:20:59.0653 0x0334 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
20:20:59.0674 0x0334 CompositeBus - ok
20:20:59.0684 0x0334 COMSysApp - ok
20:20:59.0694 0x0334 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
20:20:59.0718 0x0334 condrv - ok
20:20:59.0736 0x0334 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
20:20:59.0773 0x0334 CryptSvc - ok
20:20:59.0807 0x0334 [ 0270B74E1A81AB3A3E977A88B2B0438D, 0FB26EF768B5D925A4284179D43E2724D0748E54446573AC1323314733A64C66 ] CSC C:\WINDOWS\system32\drivers\csc.sys
20:20:59.0887 0x0334 CSC - ok
20:20:59.0933 0x0334 [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A332B31F2C0F8EB ] CscService C:\WINDOWS\System32\cscsvc.dll
20:21:00.0003 0x0334 CscService - ok
20:21:00.0016 0x0334 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
20:21:00.0036 0x0334 dam - ok
20:21:00.0086 0x0334 [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:21:00.0157 0x0334 DcomLaunch - ok
20:21:00.0191 0x0334 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
20:21:00.0245 0x0334 defragsvc - ok
20:21:00.0274 0x0334 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:21:00.0322 0x0334 DeviceAssociationService - ok
20:21:00.0337 0x0334 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
20:21:00.0374 0x0334 DeviceInstall - ok
20:21:00.0388 0x0334 [ FBFF94FC1FE0699A6BC5ACE270AB9EA1, 7D67E7BE539D9D515A1A6B9282C72114310E874DD1FE51E71F002DBB0E1439FB ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
20:21:00.0444 0x0334 Dfsc - ok
20:21:00.0469 0x0334 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
20:21:00.0517 0x0334 Dhcp - ok
20:21:00.0599 0x0334 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
20:21:00.0709 0x0334 DiagTrack - ok
20:21:00.0728 0x0334 [ 8B1E62881D5AC68E673CD94B136B34AC, A0C50F17041E43AC07B67A74F2C408820316201439F47CDEA37A4F5891CC0E6F ] disk C:\WINDOWS\system32\drivers\disk.sys
20:21:00.0753 0x0334 disk - ok
20:21:00.0763 0x0334 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
20:21:00.0791 0x0334 dmvsc - ok
20:21:00.0809 0x0334 [ 561CBB163EB3C8221D9B1D7D1E5CA477, 4D235E73CC127769A257B31A92180552276EC8DDD991F1106815FADEF385E72D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:21:00.0850 0x0334 Dnscache - ok
20:21:00.0869 0x0334 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
20:21:00.0911 0x0334 dot3svc - ok
20:21:00.0927 0x0334 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
20:21:00.0957 0x0334 DPS - ok
20:21:00.0970 0x0334 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:21:00.0988 0x0334 drmkaud - ok
20:21:01.0006 0x0334 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
20:21:01.0035 0x0334 DsmSvc - ok
20:21:01.0113 0x0334 [ F74B839FA0F4E6060CA1DA6B8DA17941, EF493E1F55FCD6A8C32B3D5D5809B7EFCCC9829E9A347522D1E6FE080D41BF37 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:21:01.0219 0x0334 DXGKrnl - ok
20:21:01.0245 0x0334 [ CFE0E3D5EFBF0649E5900CBFCC2B95F7, 8C6C4579048D0D9C43742DBD55CB2E704914D46016BBBF68FCD860320605C6F1 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y60x64.sys
20:21:01.0303 0x0334 e1yexpress - ok
20:21:01.0316 0x0334 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
20:21:01.0349 0x0334 Eaphost - ok
20:21:01.0501 0x0334 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
20:21:01.0712 0x0334 ebdrv - ok
20:21:01.0733 0x0334 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
20:21:01.0754 0x0334 EFS - ok
20:21:01.0766 0x0334 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
20:21:01.0787 0x0334 EhStorClass - ok
20:21:01.0802 0x0334 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:21:01.0826 0x0334 EhStorTcgDrv - ok
20:21:01.0834 0x0334 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
20:21:01.0853 0x0334 ErrDev - ok
20:21:01.0890 0x0334 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
20:21:01.0938 0x0334 EventSystem - ok
20:21:01.0956 0x0334 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
20:21:02.0012 0x0334 exfat - ok
20:21:02.0029 0x0334 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
20:21:02.0058 0x0334 fastfat - ok
20:21:02.0095 0x0334 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
20:21:02.0154 0x0334 Fax - ok
20:21:02.0166 0x0334 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
20:21:02.0188 0x0334 fdc - ok
20:21:02.0198 0x0334 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
20:21:02.0226 0x0334 fdPHost - ok
20:21:02.0235 0x0334 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
20:21:02.0261 0x0334 FDResPub - ok
20:21:02.0274 0x0334 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
20:21:02.0310 0x0334 fhsvc - ok
20:21:02.0322 0x0334 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
20:21:02.0343 0x0334 FileInfo - ok
20:21:02.0354 0x0334 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
20:21:02.0383 0x0334 Filetrace - ok
20:21:02.0393 0x0334 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
20:21:02.0414 0x0334 flpydisk - ok
20:21:02.0438 0x0334 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:21:02.0475 0x0334 FltMgr - ok
20:21:02.0544 0x0334 [ 1EFEF3B4EF2B241263F0F791EA128598, B6CADC254B0779E43E0D6AB6125A7E7ED8FF50C3158911681BA7B43160A08176 ] FontCache C:\WINDOWS\system32\FntCache.dll
20:21:02.0638 0x0334 FontCache - ok
20:21:02.0653 0x0334 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
20:21:02.0672 0x0334 FsDepends - ok
20:21:02.0682 0x0334 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:21:02.0700 0x0334 Fs_Rec - ok
20:21:02.0736 0x0334 [ D4AB6EE3D715BC44C00277FD934FAACF, DE8A8B14D7BA73BA1B5A833DE193CA65EDFE512A57D84F4F2CE19D9646D97F4E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:21:02.0789 0x0334 fvevol - ok
20:21:02.0802 0x0334 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
20:21:02.0821 0x0334 FxPPM - ok
20:21:02.0833 0x0334 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
20:21:02.0853 0x0334 gagp30kx - ok
20:21:02.0866 0x0334 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:21:02.0877 0x0334 GEARAspiWDM - ok
20:21:02.0887 0x0334 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
20:21:02.0906 0x0334 gencounter - ok
20:21:02.0923 0x0334 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:21:02.0948 0x0334 GPIOClx0101 - ok
20:21:03.0017 0x0334 [ 9678FD4747A4F2E2318245EE6099482E, C76AE30E8BA77DC330F9CFE5ECEA58FAE0995396742923B564A2257DE24D7B32 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
20:21:03.0112 0x0334 gpsvc - ok
20:21:03.0130 0x0334 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:21:03.0147 0x0334 gupdate - ok
20:21:03.0157 0x0334 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:21:03.0174 0x0334 gupdatem - ok
20:21:03.0190 0x0334 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:21:03.0212 0x0334 gusvc - ok
20:21:03.0241 0x0334 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
20:21:03.0283 0x0334 HdAudAddService - ok
20:21:03.0298 0x0334 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
20:21:03.0328 0x0334 HDAudBus - ok
20:21:03.0340 0x0334 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
20:21:03.0359 0x0334 HidBatt - ok
20:21:03.0374 0x0334 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
20:21:03.0419 0x0334 HidBth - ok
20:21:03.0430 0x0334 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
20:21:03.0451 0x0334 hidi2c - ok
20:21:03.0462 0x0334 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
20:21:03.0483 0x0334 HidIr - ok
20:21:03.0504 0x0334 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
20:21:03.0535 0x0334 hidserv - ok
20:21:03.0546 0x0334 [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
20:21:03.0596 0x0334 HidUsb - ok
20:21:03.0609 0x0334 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
20:21:03.0645 0x0334 hkmsvc - ok
20:21:03.0666 0x0334 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:21:03.0709 0x0334 HomeGroupListener - ok
20:21:03.0739 0x0334 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:21:03.0785 0x0334 HomeGroupProvider - ok
20:21:03.0806 0x0334 [ 0D0213498683414DDE29B1686A4C08D5, E9B64406C04B6E55CBD17E7C47B023CEA11FEE07B791154129D6F4F29D15AB7F ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:21:03.0829 0x0334 hpqcxs08 - ok
20:21:03.0842 0x0334 [ EE281DD6843F3F697C1AD7933EEB1E9B, 1ECE31C2150B92DDC1DCBBCECFE3E979F2C60B3F106280E3167BEC0269BF7A41 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:21:03.0857 0x0334 hpqddsvc - ok
20:21:03.0873 0x0334 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
20:21:03.0893 0x0334 HpSAMD - ok
20:21:03.0946 0x0334 [ C995EA1C6915D897E06D41AF95B9312C, 65DE6599F1C735BBDCCE4728F7F98167BCA0BF1B8D4218BBF7546B025C9A38BD ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:21:04.0009 0x0334 HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
20:21:05.0210 0x0334 Detect skipped due to KSN trusted
20:21:05.0211 0x0334 HPSLPSVC - ok
20:21:05.0224 0x0334 [ 02F1253476B7F5F818364443DFED3264, 645F51A6781E9DEB381694718EDEF38B02F5345ADCE8860EC2D9483F7C1C7CC2 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
20:21:05.0244 0x0334 HPSupportSolutionsFrameworkService - ok
20:21:05.0294 0x0334 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
20:21:05.0367 0x0334 HTTP - ok
20:21:05.0381 0x0334 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
20:21:05.0399 0x0334 hwpolicy - ok
20:21:05.0409 0x0334 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
20:21:05.0429 0x0334 hyperkbd - ok
20:21:05.0438 0x0334 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
20:21:05.0458 0x0334 HyperVideo - ok
20:21:05.0473 0x0334 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
20:21:05.0530 0x0334 i8042prt - ok
20:21:05.0540 0x0334 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:21:05.0554 0x0334 iaLPSSi_GPIO - ok
20:21:05.0567 0x0334 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:21:05.0584 0x0334 iaLPSSi_I2C - ok
20:21:05.0622 0x0334 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
20:21:05.0669 0x0334 iaStorAV - ok
20:21:05.0698 0x0334 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
20:21:05.0737 0x0334 iaStorV - ok
20:21:05.0748 0x0334 [ 16A43ABB5A334C7842F4A60CF9FF8041, 4AA4BB159CD5940D59597E15C9E960828ACCA9D1E409A8FBD2520A01A4417485 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
20:21:05.0761 0x0334 IBMPMDRV - ok
20:21:05.0771 0x0334 [ 32B778CCF1F3B1458EDDA98FB8431EAC, EEFB85C9A7F1EF3A1ECCB427E993EE39358F80A2D12A8F6576219C804A69351C ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
20:21:05.0784 0x0334 IBMPMSVC - ok
20:21:05.0792 0x0334 IEEtwCollectorService - ok
20:21:06.0273 0x0334 [ 83915E05E168AB63B48302F7DC5D8E00, CD7300A5FFD5A8CE47690CDC1223F4693C536D5667F842CA457CC8716AA3F618 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:21:06.0913 0x0334 igfx - ok
20:21:07.0004 0x0334 [ 5697FD05EC6915A1E7193D658D8D6E05, 0179C3AF29880AA21F609CB471034EA5FA49324ACCE12736866675C037EBEC7A ] IKEEXT C:\WINDOWS\System32\ikeext.dll
20:21:07.0078 0x0334 IKEEXT - ok
20:21:07.0092 0x0334 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
20:21:07.0111 0x0334 intelide - ok
20:21:07.0121 0x0334 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
20:21:07.0140 0x0334 intelpep - ok
20:21:07.0154 0x0334 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
20:21:07.0177 0x0334 intelppm - ok
20:21:07.0190 0x0334 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:21:07.0217 0x0334 IpFilterDriver - ok
20:21:07.0264 0x0334 [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
20:21:07.0339 0x0334 iphlpsvc - ok
20:21:07.0352 0x0334 [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:21:07.0406 0x0334 IPMIDRV - ok
20:21:07.0420 0x0334 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
20:21:07.0451 0x0334 IPNAT - ok
20:21:07.0484 0x0334 [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:21:07.0523 0x0334 iPod Service - ok
20:21:07.0533 0x0334 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
20:21:07.0558 0x0334 IRENUM - ok
20:21:07.0568 0x0334 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
20:21:07.0587 0x0334 isapnp - ok
20:21:07.0610 0x0334 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
20:21:07.0643 0x0334 iScsiPrt - ok
20:21:07.0655 0x0334 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
20:21:07.0675 0x0334 kbdclass - ok
20:21:07.0685 0x0334 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
20:21:07.0727 0x0334 kbdhid - ok
20:21:07.0736 0x0334 [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr C:\WINDOWS\system32\drivers\kbldfltr.sys
20:21:07.0755 0x0334 kbldfltr - ok
20:21:07.0764 0x0334 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
20:21:07.0795 0x0334 kdnic - ok
20:21:07.0805 0x0334 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
20:21:07.0826 0x0334 KeyIso - ok
20:21:07.0839 0x0334 [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
20:21:07.0861 0x0334 KSecDD - ok
20:21:07.0877 0x0334 [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:21:07.0905 0x0334 KSecPkg - ok
20:21:07.0914 0x0334 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
20:21:07.0935 0x0334 ksthunk - ok
20:21:07.0960 0x0334 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
20:21:08.0298 0x0334 KtmRm - ok
20:21:08.0431 0x0334 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
20:21:08.0486 0x0334 LanmanServer - ok
20:21:08.0521 0x0334 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:21:09.0103 0x0334 LanmanWorkstation - ok
20:21:09.0361 0x0334 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
20:21:09.0413 0x0334 lfsvc - ok
20:21:09.0426 0x0334 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
20:21:09.0449 0x0334 lltdio - ok
20:21:09.0468 0x0334 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
20:21:09.0502 0x0334 lltdsvc - ok
20:21:09.0512 0x0334 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
20:21:09.0542 0x0334 lmhosts - ok
20:21:09.0558 0x0334 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
20:21:09.0579 0x0334 LSI_SAS - ok
20:21:09.0846 0x0334 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
20:21:09.0879 0x0334 LSI_SAS2 - ok
20:21:09.0893 0x0334 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
20:21:09.0916 0x0334 LSI_SAS3 - ok
20:21:09.0927 0x0334 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
20:21:09.0948 0x0334 LSI_SSS - ok
20:21:09.0988 0x0334 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
20:21:10.0101 0x0334 LSM - ok
20:21:10.0117 0x0334 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
20:21:10.0151 0x0334 luafv - ok
20:21:10.0162 0x0334 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
20:21:10.0182 0x0334 megasas - ok
20:21:10.0215 0x0334 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
20:21:10.0267 0x0334 megasr - ok
20:21:10.0543 0x0334 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
20:21:10.0584 0x0334 MMCSS - ok
20:21:10.0594 0x0334 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
20:21:10.0617 0x0334 Modem - ok
20:21:10.0627 0x0334 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
20:21:10.0654 0x0334 monitor - ok
20:21:10.0664 0x0334 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
20:21:10.0684 0x0334 mouclass - ok
20:21:10.0694 0x0334 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
20:21:10.0722 0x0334 mouhid - ok
20:21:10.0734 0x0334 [ 24DABC0A77FAFDC0E379AB3B30F61BB6, E66624ABBF1D742879035F9161F9D3713DE7B759B3D3CF8B96C9E397A02FCF82 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
20:21:10.0756 0x0334 mountmgr - ok
20:21:10.0767 0x0334 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
20:21:10.0798 0x0334 mpsdrv - ok
20:21:10.0846 0x0334 [ D1418745A5472F3930A288E05B9E2C05, 95785F0FA7EE239459C0288DB37E9E54648029FD6FE45A61E6343526D67FFA32 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
20:21:10.0930 0x0334 MpsSvc - ok
20:21:10.0948 0x0334 [ 3F818C1518DA702C8F10259095C9BDE0, B98C1A6F9A3C01A10503B2B2C45CC89AFF17B346B15990F4DB4820F68BDC62C8 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
20:21:11.0005 0x0334 MRxDAV - ok
20:21:11.0030 0x0334 [ 3AF30CEB99E581E2FADA0B5FC4B551D8, 59BDE83C10D6F31E13B81FC317F1DE0E00793FBA288EAF844E29CFA0EB184502 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:21:11.0103 0x0334 mrxsmb - ok
20:21:11.0125 0x0334 [ 15D7AF1A26CCEBA32DF21A8E2098F463, 84390806AD3A9651DAB803E9257EEE851B898ED2AB56D8936E8C9F6B41967243 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:21:11.0189 0x0334 mrxsmb10 - ok
20:21:11.0208 0x0334 [ 0790EEB1EC199F8BE8259E47B373ED23, F9330F43B40675CCB60804182EF04BFBA3837ED14C798788A4B27D65A646D1C7 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:21:11.0257 0x0334 mrxsmb20 - ok
20:21:11.0270 0x0334 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
20:21:11.0294 0x0334 MsBridge - ok
20:21:11.0309 0x0334 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:21:11.0337 0x0334 MSDTC - ok
20:21:11.0364 0x0334 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:21:11.0419 0x0334 Msfs - ok
20:21:11.0713 0x0334 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:21:11.0746 0x0334 msgpiowin32 - ok
20:21:11.0782 0x0334 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:21:11.0801 0x0334 mshidkmdf - ok
20:21:11.0810 0x0334 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
20:21:11.0828 0x0334 mshidumdf - ok
20:21:11.0839 0x0334 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
20:21:11.0856 0x0334 msisadrv - ok
20:21:11.0870 0x0334 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
20:21:11.0897 0x0334 MSiSCSI - ok
20:21:11.0906 0x0334 msiserver - ok
20:21:11.0920 0x0334 [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66D121655AF27614 ] MsKeyboardFilter C:\WINDOWS\System32\KeyboardFilterSvc.dll
20:21:11.0943 0x0334 MsKeyboardFilter - ok
20:21:11.0952 0x0334 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:21:11.0973 0x0334 MSKSSRV - ok
20:21:11.0985 0x0334 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
20:21:12.0013 0x0334 MsLldp - ok
20:21:12.0023 0x0334 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:21:12.0043 0x0334 MSPCLOCK - ok
20:21:12.0051 0x0334 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:21:12.0072 0x0334 MSPQM - ok
20:21:12.0098 0x0334 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
20:21:12.0136 0x0334 MsRPC - ok
20:21:12.0151 0x0334 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
20:21:12.0170 0x0334 mssmbios - ok
20:21:12.0179 0x0334 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:21:12.0200 0x0334 MSTEE - ok
20:21:12.0210 0x0334 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
20:21:12.0230 0x0334 MTConfig - ok
20:21:12.0243 0x0334 [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup C:\WINDOWS\system32\Drivers\mup.sys
20:21:12.0265 0x0334 Mup - ok
20:21:12.0278 0x0334 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
20:21:12.0298 0x0334 mvumis - ok
20:21:12.0327 0x0334 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
20:21:12.0372 0x0334 napagent - ok
20:21:12.0400 0x0334 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:21:12.0449 0x0334 NativeWifiP - ok
20:21:12.0466 0x0334 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
20:21:12.0502 0x0334 NcaSvc - ok
20:21:12.0518 0x0334 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
20:21:12.0552 0x0334 NcbService - ok
20:21:12.0564 0x0334 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
20:21:12.0595 0x0334 NcdAutoSetup - ok
20:21:12.0653 0x0334 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
20:21:12.0733 0x0334 NDIS - ok
20:21:12.0747 0x0334 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
20:21:12.0768 0x0334 NdisCap - ok
20:21:12.0783 0x0334 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
20:21:12.0815 0x0334 NdisImPlatform - ok
20:21:12.0825 0x0334 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:21:12.0853 0x0334 NdisTapi - ok
20:21:12.0865 0x0334 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:21:12.0896 0x0334 Ndisuio - ok
20:21:12.0905 0x0334 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:21:12.0928 0x0334 NdisVirtualBus - ok
20:21:12.0946 0x0334 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:21:13.0005 0x0334 NdisWan - ok
20:21:13.0020 0x0334 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:21:13.0045 0x0334 NdisWanLegacy - ok
20:21:13.0058 0x0334 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:21:13.0082 0x0334 NDProxy - ok
20:21:13.0094 0x0334 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
20:21:13.0128 0x0334 Ndu - ok
20:21:13.0139 0x0334 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
20:21:13.0152 0x0334 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
20:21:14.0346 0x0334 Detect skipped due to KSN trusted
20:21:14.0347 0x0334 Net Driver HPZ12 - ok
20:21:14.0367 0x0334 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:21:14.0389 0x0334 NetBIOS - ok
20:21:14.0409 0x0334 [ 9DC17B7D9D84C37C102D379FCC7D4942, D522022ED4395686837E96F57EE29F8065FB749D1195B60D2A406FB33F696C09 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:21:14.0477 0x0334 NetBT - ok
20:21:14.0488 0x0334 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
20:21:14.0509 0x0334 Netlogon - ok
20:21:14.0529 0x0334 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
20:21:14.0563 0x0334 Netman - ok
20:21:14.0596 0x0334 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
20:21:14.0646 0x0334 netprofm - ok
20:21:14.0664 0x0334 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:21:14.0690 0x0334 NetTcpPortSharing - ok
20:21:14.0702 0x0334 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
20:21:14.0735 0x0334 netvsc - ok
20:21:15.0105 0x0334 [ 57B9C04D673F236D41FAB03842C8640B, 898DCBBBF94875059CD328B0FC75BE36A4E3DD471C6E28BFAE064BCF84349518 ] NETwNs64 C:\WINDOWS\system32\DRIVERS\NETwNs64.sys
20:21:15.0590 0x0334 NETwNs64 - ok
20:21:15.0644 0x0334 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
20:21:15.0691 0x0334 NlaSvc - ok
20:21:15.0701 0x0334 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:21:15.0726 0x0334 Npfs - ok
20:21:15.0735 0x0334 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
20:21:15.0763 0x0334 npsvctrig - ok
20:21:15.0772 0x0334 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
20:21:15.0806 0x0334 nsi - ok
20:21:15.0815 0x0334 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
20:21:15.0837 0x0334 nsiproxy - ok
20:21:15.0934 0x0334 [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:21:16.0066 0x0334 Ntfs - ok
20:21:16.0079 0x0334 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
20:21:16.0102 0x0334 Null - ok
20:21:16.0117 0x0334 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
20:21:16.0141 0x0334 nvraid - ok
20:21:16.0155 0x0334 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
20:21:16.0181 0x0334 nvstor - ok
20:21:16.0194 0x0334 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
20:21:16.0217 0x0334 nv_agp - ok
20:21:16.0232 0x0334 [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:21:16.0252 0x0334 ose64 - ok
20:21:16.0483 0x0334 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:21:16.0749 0x0334 osppsvc - ok
20:21:16.0794 0x0334 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
20:21:16.0841 0x0334 p2pimsvc - ok
20:21:16.0869 0x0334 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
20:21:16.0920 0x0334 p2psvc - ok
20:21:16.0934 0x0334 [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport C:\WINDOWS\System32\drivers\parport.sys
20:21:16.0969 0x0334 Parport - ok
20:21:16.0981 0x0334 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
20:21:17.0001 0x0334 partmgr - ok
20:21:17.0029 0x0334 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
20:21:17.0074 0x0334 PcaSvc - ok
20:21:17.0098 0x0334 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
20:21:17.0131 0x0334 pci - ok
20:21:17.0140 0x0334 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
20:21:17.0159 0x0334 pciide - ok
20:21:17.0173 0x0334 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
20:21:17.0197 0x0334 pcmcia - ok
20:21:17.0207 0x0334 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
20:21:17.0228 0x0334 pcw - ok
20:21:17.0240 0x0334 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
20:21:17.0261 0x0334 pdc - ok
20:21:17.0297 0x0334 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
20:21:17.0359 0x0334 PEAUTH - ok
20:21:17.0462 0x0334 [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC30D6D7A07475D83 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
20:21:17.0595 0x0334 PeerDistSvc - ok
20:21:17.0641 0x0334 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
20:21:17.0674 0x0334 PerfHost - ok
20:21:17.0756 0x0334 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
20:21:17.0855 0x0334 pla - ok
20:21:17.0873 0x0334 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
20:21:17.0900 0x0334 PlugPlay - ok
20:21:17.0912 0x0334 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
20:21:17.0923 0x0334 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
20:21:19.0124 0x0334 Detect skipped due to KSN trusted
20:21:19.0124 0x0334 Pml Driver HPZ12 - ok
20:21:19.0143 0x0334 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
20:21:19.0165 0x0334 PNRPAutoReg - ok
20:21:19.0189 0x0334 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
20:21:19.0223 0x0334 PNRPsvc - ok
20:21:19.0248 0x0334 [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
20:21:19.0295 0x0334 PolicyAgent - ok
20:21:19.0314 0x0334 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
20:21:19.0347 0x0334 Power - ok
20:21:19.0360 0x0334 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:21:19.0387 0x0334 PptpMiniport - ok
20:21:19.0526 0x0334 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:21:19.0695 0x0334 PrintNotify - ok
20:21:19.0718 0x0334 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
20:21:19.0742 0x0334 Processor - ok
20:21:19.0759 0x0334 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
20:21:19.0799 0x0334 ProfSvc - ok
20:21:19.0814 0x0334 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
20:21:19.0839 0x0334 Psched - ok
20:21:19.0860 0x0334 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
20:21:19.0906 0x0334 QWAVE - ok
20:21:19.0918 0x0334 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
20:21:19.0938 0x0334 QWAVEdrv - ok
20:21:19.0946 0x0334 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:21:19.0969 0x0334 RasAcd - ok
20:21:19.0984 0x0334 [ D5ECE7E7F349EB3C4B152AFF3577280D, 3A5D3E440D1ED72D654BBFE30A73667F055C0AD04375C22C202F21BF75B612B2 ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
20:21:20.0043 0x0334 RasAgileVpn - ok
20:21:20.0057 0x0334 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:21:20.0084 0x0334 RasAuto - ok
20:21:20.0097 0x0334 [ 235624C147E3CB4C288D5D3D8E8D64A2, B3F182019DBAD9C761FE9F62EAED34AD5902B41A13A766D814FC3E2EA29D8D92 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:21:20.0152 0x0334 Rasl2tp - ok
20:21:20.0186 0x0334 [ 15C0034561FE5B03FA376F1A6232478B, 0F9B5C2BD7D8803FF3C5ED957D3F0859F2A59B74510E4659FBF05EDCBF230208 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:21:20.0235 0x0334 RasMan - ok
20:21:20.0248 0x0334 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:21:20.0276 0x0334 RasPppoe - ok
20:21:20.0289 0x0334 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
20:21:20.0311 0x0334 RasSstp - ok
20:21:20.0339 0x0334 [ D67ED4AB59D1EF66B05AD1A81AC28B26, 72E750A9A6B484D8BEDE52FA6DABEF4D95765DE491152E1F6C856D0590B50C28 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:21:20.0413 0x0334 rdbss - ok
20:21:20.0427 0x0334 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
20:21:20.0455 0x0334 rdpbus - ok
20:21:20.0471 0x0334 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
20:21:20.0507 0x0334 RDPDR - ok
20:21:20.0524 0x0334 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:21:20.0544 0x0334 RdpVideoMiniport - ok
20:21:20.0563 0x0334 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
20:21:20.0594 0x0334 rdyboost - ok
20:21:20.0644 0x0334 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
20:21:20.0715 0x0334 ReFS - ok
20:21:20.0740 0x0334 [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:21:20.0771 0x0334 RemoteAccess - ok
20:21:20.0787 0x0334 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:21:20.0824 0x0334 RemoteRegistry - ok
20:21:20.0844 0x0334 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
20:21:20.0896 0x0334 RFCOMM - ok
20:21:20.0908 0x0334 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
20:21:20.0935 0x0334 RpcEptMapper - ok
20:21:20.0943 0x0334 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
20:21:20.0973 0x0334 RpcLocator - ok
20:21:21.0016 0x0334 [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:21:21.0070 0x0334 RpcSs - ok
20:21:21.0085 0x0334 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
20:21:21.0112 0x0334 rspndr - ok
20:21:21.0121 0x0334 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
20:21:21.0140 0x0334 s3cap - ok
20:21:21.0152 0x0334 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
20:21:21.0173 0x0334 SamSs - ok
20:21:21.0188 0x0334 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
20:21:21.0211 0x0334 sbp2port - ok
20:21:21.0229 0x0334 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
20:21:21.0260 0x0334 SCardSvr - ok
20:21:21.0274 0x0334 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
20:21:21.0304 0x0334 ScDeviceEnum - ok
20:21:21.0314 0x0334 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:21:21.0341 0x0334 scfilter - ok
20:21:21.0403 0x0334 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:21:21.0495 0x0334 Schedule - ok
20:21:21.0513 0x0334 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
20:21:21.0540 0x0334 SCPolicySvc - ok
20:21:21.0561 0x0334 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
20:21:21.0593 0x0334 sdbus - ok
20:21:21.0607 0x0334 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
20:21:21.0628 0x0334 sdstor - ok
20:21:21.0639 0x0334 [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\WINDOWS\system32\seclogon.dll
20:21:21.0673 0x0334 seclogon - ok
20:21:21.0685 0x0334 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
20:21:21.0712 0x0334 SENS - ok
20:21:21.0731 0x0334 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
20:21:21.0771 0x0334 SensrSvc - ok
20:21:21.0783 0x0334 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
20:21:21.0803 0x0334 SerCx - ok
20:21:21.0818 0x0334 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
20:21:21.0842 0x0334 SerCx2 - ok
20:21:21.0853 0x0334 [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
20:21:21.0874 0x0334 Serenum - ok
20:21:21.0887 0x0334 [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial C:\WINDOWS\System32\drivers\serial.sys
20:21:21.0912 0x0334 Serial - ok
20:21:21.0923 0x0334 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
20:21:21.0943 0x0334 sermouse - ok
20:21:21.0967 0x0334 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
20:21:22.0015 0x0334 SessionEnv - ok
20:21:22.0026 0x0334 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
20:21:22.0046 0x0334 sfloppy - ok
20:21:22.0075 0x0334 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:21:22.0119 0x0334 SharedAccess - ok
20:21:22.0158 0x0334 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:21:22.0222 0x0334 ShellHWDetection - ok
20:21:22.0233 0x0334 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:21:22.0253 0x0334 SiSRaid2 - ok
20:21:22.0264 0x0334 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
20:21:22.0285 0x0334 SiSRaid4 - ok
20:21:22.0307 0x0334 [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:21:22.0340 0x0334 SkypeUpdate - ok
20:21:22.0351 0x0334 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
20:21:22.0384 0x0334 smphost - ok
20:21:22.0396 0x0334 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
20:21:22.0423 0x0334 SNMPTRAP - ok
20:21:22.0454 0x0334 [ B312191DCBECE3C07DF9A99DE433B126, D9D9028331C703CE9B9EC75772D29BB04FE43B3A7895F8CBB3AC701CA0548F8D ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
20:21:22.0498 0x0334 spaceport - ok
20:21:22.0511 0x0334 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
20:21:22.0532 0x0334 SpbCx - ok
20:21:22.0577 0x0334 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
20:21:22.0649 0x0334 Spooler - ok
20:21:22.0950 0x0334 [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
20:21:23.0346 0x0334 sppsvc - ok
20:21:23.0395 0x0334 [ 36B082C7A764A34FB1DC72D975870B61, 572CB632D9FDC1183F7BF8BFCBC51765C647945E0C13D1C91ADE3D0E76DF83BC ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:21:23.0471 0x0334 srv - ok
20:21:23.0509 0x0334 [ F5849909D4B29B4E3D4445F943E5C7E3, 3FCA1423753716FE1AFDD27EE1E13C4D779A3C976185B5C998EF1A9A39BFC186 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
20:21:23.0594 0x0334 srv2 - ok
20:21:23.0616 0x0334 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\WINDOWS\system32\DRIVERS\VSTAZL6.SYS
20:21:23.0687 0x0334 SrvHsfHDA - ok
20:21:23.0759 0x0334 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\WINDOWS\system32\DRIVERS\VSTDPV6.SYS
20:21:23.0886 0x0334 SrvHsfV92 - ok
20:21:23.0930 0x0334 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\WINDOWS\system32\DRIVERS\VSTCNXT6.SYS
20:21:24.0011 0x0334 SrvHsfWinac - ok
20:21:24.0031 0x0334 [ FABC49666708EA562549E78E6FBF3191, BE1FEBFC259308B39C727915C41A67CD50720A6E2A68D148F4F2F926AED43B02 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:21:24.0084 0x0334 srvnet - ok
20:21:24.0103 0x0334 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:21:24.0136 0x0334 SSDPSRV - ok
20:21:24.0152 0x0334 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
20:21:24.0179 0x0334 SstpSvc - ok
20:21:24.0189 0x0334 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
20:21:24.0208 0x0334 stexstor - ok
20:21:24.0217 0x0334 [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
20:21:24.0265 0x0334 StillCam - ok
20:21:24.0302 0x0334 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
20:21:24.0366 0x0334 stisvc - ok
20:21:24.0381 0x0334 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
20:21:24.0403 0x0334 storahci - ok
20:21:24.0413 0x0334 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
20:21:24.0433 0x0334 storflt - ok
20:21:24.0444 0x0334 [ 0EDD1F4D470C775740625B06A60C9DD5, 94964D0A793B1C984E87095249EE383A5E669D05BA6BF9F655587887E6CE3C19 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
20:21:24.0464 0x0334 stornvme - ok
20:21:24.0474 0x0334 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
20:21:24.0504 0x0334 StorSvc - ok
20:21:24.0515 0x0334 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
20:21:24.0534 0x0334 storvsc - ok
20:21:24.0545 0x0334 [ 74B2D810FC976CCDB80193AB8BFBF281, 67D2016AF2311A0D5EC7EBE8F2A089C48BCB7F14472E1FF954377AF7ACBBC800 ] storvsp C:\WINDOWS\System32\drivers\storvsp.sys
20:21:24.0596 0x0334 storvsp - ok
20:21:24.0605 0x0334 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
20:21:24.0637 0x0334 svsvc - ok
20:21:24.0648 0x0334 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
20:21:24.0665 0x0334 swenum - ok
20:21:24.0704 0x0334 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
20:21:24.0765 0x0334 swprv - ok
20:21:24.0825 0x0334 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
20:21:24.0915 0x0334 SysMain - ok
20:21:24.0939 0x0334 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:21:24.0984 0x0334 SystemEventsBroker - ok
20:21:25.0000 0x0334 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:21:25.0036 0x0334 TabletInputService - ok
20:21:25.0059 0x0334 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:21:25.0105 0x0334 TapiSrv - ok
20:21:25.0218 0x0334 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
20:21:25.0374 0x0334 Tcpip - ok
20:21:25.0495 0x0334 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:21:25.0624 0x0334 TCPIP6 - ok
20:21:25.0646 0x0334 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
20:21:25.0674 0x0334 tcpipreg - ok
20:21:25.0691 0x0334 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
20:21:25.0737 0x0334 tdx - ok
20:21:25.0747 0x0334 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
20:21:25.0766 0x0334 terminpt - ok
20:21:25.0822 0x0334 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
20:21:25.0899 0x0334 TermService - ok
20:21:25.0914 0x0334 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
20:21:25.0941 0x0334 Themes - ok
20:21:25.0953 0x0334 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
20:21:25.0977 0x0334 THREADORDER - ok
20:21:25.0996 0x0334 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
20:21:26.0039 0x0334 TimeBroker - ok
20:21:26.0057 0x0334 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
20:21:26.0084 0x0334 TPM - ok
20:21:26.0098 0x0334 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
20:21:26.0127 0x0334 TrkWks - ok
20:21:26.0138 0x0334 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:21:26.0171 0x0334 TrustedInstaller - ok
20:21:26.0186 0x0334 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
20:21:26.0217 0x0334 TsUsbFlt - ok
20:21:26.0228 0x0334 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:21:26.0256 0x0334 TsUsbGD - ok
20:21:26.0271 0x0334 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
20:21:26.0336 0x0334 tunnel - ok
20:21:26.0349 0x0334 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
20:21:26.0371 0x0334 uagp35 - ok
20:21:26.0384 0x0334 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
20:21:26.0408 0x0334 UASPStor - ok
20:21:26.0425 0x0334 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
20:21:26.0455 0x0334 UCX01000 - ok
20:21:26.0478 0x0334 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
20:21:26.0545 0x0334 udfs - ok
20:21:26.0555 0x0334 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
20:21:26.0574 0x0334 UEFI - ok
20:21:26.0590 0x0334 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
20:21:26.0623 0x0334 UI0Detect - ok
20:21:26.0634 0x0334 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
20:21:26.0653 0x0334 uliagpkx - ok
20:21:26.0665 0x0334 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
20:21:26.0686 0x0334 umbus - ok
20:21:26.0695 0x0334 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
20:21:26.0717 0x0334 UmPass - ok
20:21:26.0737 0x0334 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
20:21:26.0785 0x0334 UmRdpService - ok
20:21:26.0813 0x0334 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:21:26.0858 0x0334 upnphost - ok
20:21:26.0868 0x0334 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
20:21:26.0932 0x0334 USBAAPL64 - ok
20:21:26.0948 0x0334 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
20:21:26.0975 0x0334 usbccgp - ok
20:21:26.0988 0x0334 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
20:21:27.0012 0x0334 usbcir - ok
20:21:27.0025 0x0334 [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
20:21:27.0047 0x0334 usbehci - ok
20:21:27.0079 0x0334 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
20:21:27.0127 0x0334 usbhub - ok
20:21:27.0160 0x0334 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
20:21:27.0207 0x0334 USBHUB3 - ok
20:21:27.0218 0x0334 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
20:21:27.0269 0x0334 usbohci - ok
20:21:27.0279 0x0334 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
20:21:27.0310 0x0334 usbprint - ok
20:21:27.0326 0x0334 [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:21:27.0354 0x0334 USBSTOR - ok
20:21:27.0365 0x0334 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
20:21:27.0407 0x0334 usbuhci - ok
20:21:27.0426 0x0334 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
20:21:27.0456 0x0334 usbvideo - ok
20:21:27.0483 0x0334 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:21:27.0519 0x0334 USBXHCI - ok
20:21:27.0529 0x0334 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
20:21:27.0550 0x0334 VaultSvc - ok
20:21:27.0560 0x0334 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
20:21:27.0580 0x0334 vdrvroot - ok
20:21:27.0642 0x0334 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
20:21:27.0731 0x0334 vds - ok
20:21:27.0750 0x0334 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
20:21:27.0776 0x0334 VerifierExt - ok
20:21:27.0812 0x0334 [ 5DB4AFA10A488EC4DDB3DA09B0425BE5, 480AFB6A6BCC95E86C5087C3D9DCD6058D48659A5A63F524A0B9ED3A8FEF6B9B ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
20:21:27.0865 0x0334 vhdmp - ok
20:21:27.0875 0x0334 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
20:21:27.0894 0x0334 viaide - ok
20:21:27.0911 0x0334 [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid C:\WINDOWS\System32\drivers\Vid.sys
20:21:27.0947 0x0334 Vid - ok
20:21:27.0959 0x0334 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
20:21:27.0981 0x0334 vmbus - ok
20:21:27.0990 0x0334 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
20:21:28.0011 0x0334 VMBusHID - ok
20:21:28.0024 0x0334 [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr C:\WINDOWS\System32\drivers\vmbusr.sys
20:21:28.0049 0x0334 vmbusr - ok
20:21:28.0079 0x0334 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
20:21:28.0124 0x0334 vmicguestinterface - ok
20:21:28.0153 0x0334 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
20:21:28.0193 0x0334 vmicheartbeat - ok
20:21:28.0222 0x0334 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
20:21:28.0262 0x0334 vmickvpexchange - ok
20:21:28.0291 0x0334 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
20:21:28.0330 0x0334 vmicrdv - ok
20:21:28.0359 0x0334 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
20:21:28.0398 0x0334 vmicshutdown - ok
20:21:28.0427 0x0334 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
20:21:28.0466 0x0334 vmictimesync - ok
20:21:28.0497 0x0334 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
20:21:28.0536 0x0334 vmicvss - ok
20:21:28.0550 0x0334 [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
20:21:28.0571 0x0334 volmgr - ok
20:21:28.0595 0x0334 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
20:21:28.0633 0x0334 volmgrx - ok
20:21:28.0658 0x0334 [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
20:21:28.0693 0x0334 volsnap - ok
20:21:28.0705 0x0334 [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
20:21:28.0726 0x0334 vpci - ok
20:21:28.0737 0x0334 [ BEE38B3B44364E01BF28640EE8B5617E, 72A2515F68031FA98DFCA9BB9E595D2306FB9ECE5F36869486C46E35C845F844 ] vpcivsp C:\WINDOWS\System32\drivers\vpcivsp.sys
20:21:28.0790 0x0334 vpcivsp - ok
20:21:28.0805 0x0334 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
20:21:28.0830 0x0334 vsmraid - ok
20:21:28.0900 0x0334 [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS C:\WINDOWS\system32\vssvc.exe
20:21:29.0000 0x0334 VSS - ok
20:21:29.0026 0x0334 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
20:21:29.0059 0x0334 VSTXRAID - ok
20:21:29.0069 0x0334 [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
20:21:29.0118 0x0334 vwifibus - ok
20:21:29.0129 0x0334 [ 29AB43937FFDA0B0FB56984226E698C6, 6A1A559964FE5D594E54988C46149969E6FFD5A8D5A6862E14648B608794CC29 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
20:21:29.0179 0x0334 vwififlt - ok
20:21:29.0189 0x0334 [ 8B8624A93E3F88CB923AEB05B6313227, 2856B63CD376BF2B1A9129581E7B9207588D4EAFD29A2C8D98F176FEAFDE26A9 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
20:21:29.0234 0x0334 vwifimp - ok
20:21:29.0260 0x0334 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
20:21:29.0311 0x0334 W32Time - ok
20:21:29.0322 0x0334 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
20:21:29.0344 0x0334 WacomPen - ok
20:21:29.0355 0x0334 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:21:29.0378 0x0334 Wanarp - ok
20:21:29.0386 0x0334 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:21:29.0407 0x0334 Wanarpv6 - ok
20:21:29.0482 0x0334 [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine C:\WINDOWS\system32\wbengine.exe
20:21:29.0591 0x0334 wbengine - ok
20:21:29.0622 0x0334 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
20:21:29.0675 0x0334 WbioSrvc - ok
20:21:29.0700 0x0334 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
20:21:29.0741 0x0334 Wcmsvc - ok
20:21:29.0769 0x0334 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
20:21:29.0813 0x0334 wcncsvc - ok
20:21:29.0823 0x0334 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
20:21:29.0854 0x0334 WcsPlugInService - ok
20:21:29.0864 0x0334 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
20:21:29.0884 0x0334 WdBoot - ok
20:21:29.0926 0x0334 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
20:21:29.0984 0x0334 Wdf01000 - ok
20:21:30.0008 0x0334 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
20:21:30.0040 0x0334 WdFilter - ok
20:21:30.0052 0x0334 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
20:21:30.0081 0x0334 WdiServiceHost - ok
20:21:30.0090 0x0334 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
20:21:30.0118 0x0334 WdiSystemHost - ok
20:21:30.0131 0x0334 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:21:30.0154 0x0334 WdNisDrv - ok
20:21:30.0161 0x0334 WdNisSvc - ok
20:21:30.0181 0x0334 [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient C:\WINDOWS\System32\webclnt.dll
20:21:30.0223 0x0334 WebClient - ok
20:21:30.0240 0x0334 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
20:21:30.0272 0x0334 Wecsvc - ok
20:21:30.0281 0x0334 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
20:21:30.0305 0x0334 WEPHOSTSVC - ok
20:21:30.0317 0x0334 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
20:21:30.0357 0x0334 wercplsupport - ok
20:21:30.0370 0x0334 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
20:21:30.0400 0x0334 WerSvc - ok
20:21:30.0413 0x0334 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
20:21:30.0437 0x0334 WFPLWFS - ok
20:21:30.0448 0x0334 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
20:21:30.0474 0x0334 WiaRpc - ok
20:21:30.0484 0x0334 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
20:21:30.0503 0x0334 WIMMount - ok
20:21:30.0509 0x0334 WinDefend - ok
20:21:30.0557 0x0334 [ 0E70990EC2E5D2331AA5E88DB0CFB826, 79DFF565C3FCBC691E8FEB669CEC00E340FD2A2AFA4488D23A7CC63A2A98A5C1 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:21:30.0627 0x0334 WinHttpAutoProxySvc - ok
20:21:30.0651 0x0334 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:21:30.0688 0x0334 Winmgmt - ok
20:21:30.0800 0x0334 [ 427873F889F2F508BE8BE982219CE578, CA8DCFB774BF0F747295A7A0CB46A6177DE12AD6BD58266182206C41A3C9001E ] WinRM C:\WINDOWS\system32\WsmSvc.dll
20:21:30.0963 0x0334 WinRM - ok
20:21:30.0989 0x0334 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb C:\WINDOWS\system32\DRIVERS\WinUsb.sys
20:21:31.0041 0x0334 WinUsb - ok
20:21:31.0115 0x0334 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
20:21:31.0211 0x0334 WlanSvc - ok
20:21:31.0293 0x0334 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
20:21:31.0387 0x0334 wlidsvc - ok
20:21:31.0403 0x0334 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
20:21:31.0421 0x0334 WmiAcpi - ok
20:21:31.0441 0x0334 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:21:31.0468 0x0334 wmiApSrv - ok
20:21:31.0474 0x0334 WMPNetworkSvc - ok
20:21:31.0492 0x0334 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
20:21:31.0517 0x0334 Wof - ok
20:21:31.0603 0x0334 [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
20:21:31.0710 0x0334 workfolderssvc - ok
20:21:31.0725 0x0334 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
20:21:31.0748 0x0334 wpcfltr - ok
20:21:31.0756 0x0334 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
20:21:31.0788 0x0334 WPCSvc - ok
20:21:31.0800 0x0334 [ DBDCE2378F65F0A07D4644AC103037E7, 99714F0CD31297C9831BAF04768F467F6E0BF710C859CEDCA83069226BF1A68A ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
20:21:31.0835 0x0334 WPDBusEnum - ok
20:21:31.0844 0x0334 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:21:31.0862 0x0334 WpdUpFltr - ok
20:21:31.0872 0x0334 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:21:31.0896 0x0334 ws2ifsl - ok
20:21:31.0911 0x0334 [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc C:\WINDOWS\System32\wscsvc.dll
20:21:31.0950 0x0334 wscsvc - ok
20:21:31.0959 0x0334 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
20:21:31.0981 0x0334 WSDPrintDevice - ok
20:21:31.0989 0x0334 WSearch - ok
20:21:32.0146 0x0334 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
20:21:32.0372 0x0334 WSService - ok
20:21:32.0545 0x0334 [ F3F60C88A6BBC8D0C68FE5B1C91181AF, AF9A4D282CD4BB1127BC3F48AB89DC294408D96F7906553C636F37D1503CFA48 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
20:21:32.0755 0x0334 wuauserv - ok
20:21:32.0780 0x0334 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
20:21:32.0811 0x0334 WudfPf - ok
20:21:32.0828 0x0334 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
20:21:32.0856 0x0334 WUDFRd - ok
20:21:32.0873 0x0334 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:21:32.0900 0x0334 WUDFSensorLP - ok
20:21:32.0915 0x0334 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
20:21:32.0942 0x0334 wudfsvc - ok
20:21:32.0959 0x0334 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:21:32.0985 0x0334 WUDFWpdFs - ok
20:21:33.0000 0x0334 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:21:33.0027 0x0334 WUDFWpdMtp - ok
20:21:33.0057 0x0334 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
20:21:33.0104 0x0334 WwanSvc - ok
20:21:33.0129 0x0334 ================ Scan global ===============================
20:21:33.0145 0x0334 [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\WINDOWS\system32\basesrv.dll
20:21:33.0163 0x0334 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
20:21:33.0182 0x0334 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
20:21:33.0210 0x0334 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
20:21:33.0227 0x0334 [ Global ] - ok
20:21:33.0228 0x0334 ================ Scan MBR ==================================
20:21:33.0232 0x0334 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:21:33.0385 0x0334 \Device\Harddisk0\DR0 - ok
20:21:33.0386 0x0334 ================ Scan VBR ==================================
20:21:33.0390 0x0334 [ A2E1FAE1EC35AE12DE7A07BE12D0BBC7 ] \Device\Harddisk0\DR0\Partition1
20:21:33.0392 0x0334 \Device\Harddisk0\DR0\Partition1 - ok
20:21:33.0393 0x0334 ================ Scan generic autorun ======================
20:21:33.0408 0x0334 [ B6FAB44AE3205A2FE262DFB6DFC6A2D9, 11DBD62A05EDA61D09B0740DE466134421DE47C6050762F51821B72DDA4E9DEB ] C:\Program Files\Apoint2K\Apoint.exe
20:21:33.0442 0x0334 Apoint - ok
20:21:33.0449 0x0334 [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:21:33.0462 0x0334 APSDaemon - ok
20:21:33.0475 0x0334 [ D2E3E6D94A9E1CFA1561D9C748136FD0, C8CD851F1872086D18A329B47C7DEFAD2CE2E3A8F4321411247D06D07B2DB1D3 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
20:21:33.0490 0x0334 iTunesHelper - ok
20:21:33.0500 0x0334 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
20:21:33.0515 0x0334 HP Software Update - ok
20:21:33.0530 0x0334 [ CC436BB2A26391F3DEBE316F6FB0474F, 2DA63827AD1449CA5F2888ADFA9645F1EAF8B39D26EC214441EE80F3A56E6E72 ] C:\Users\Andri1\AppData\Local\Microsoft\BingSvc\BingSvc.exe
20:21:33.0550 0x0334 BingSvc - ok
20:21:33.0552 0x0334 Waiting for KSN requests completion. In queue: 132
20:21:34.0553 0x0334 Waiting for KSN requests completion. In queue: 132
20:21:35.0621 0x0334 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x61100 ( enabled : updated )
20:21:35.0627 0x0334 Win FW state via NFP2: enabled ( trusted )
20:21:36.0752 0x0334 ============================================================
20:21:36.0752 0x0334 Scan finished
20:21:36.0752 0x0334 ============================================================
20:21:36.0778 0x0804 Detected object count: 0
20:21:36.0778 0x0804 Actual detected object count: 0
|
|
| Themen zu Diverse Trojaner, Windows 8.1 Pro |
| .dll, appdata, c:\windows, code, dienst, diverse, erkannt, folge, installation, internetverbindung, laptop, malwarebytes, neuer, nicht mehr, officejet, quarantäne, rechner, script, sekunden, services, software, temp, trojaner, websites, windows, wlan |
Linear-Darstellung
