| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unerwünschte automatische Aktivität durch Aufruf einer WebseiteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.05.2015, 14:25
| #1 |
| |  Unerwünschte automatische Aktivität durch Aufruf einer Webseite Guten Tag, ich bin vorhin durch einen Link auf die Seite hxxp://www.meetandfuckgames.com/index.html gekommen. Diese öffnete sich in einem neuen Tab, den ich sofort schloß (noch bevor die Seite geladen hatte). Unmittelbar daraufhin erschien oben links im Bildschirm ein paarmal ganz kurz ein kleines Fenter, das mir bekannterweise kommt, wenn man Dateien kopiert oder verschiebt. (allerdings war das Design des Fensters nicht im Win7-Stil, sondern im älteren (gelbe Ordner)). Was ist da vorhin passiert?! Was sollte ich nun unternehmen? Einen Komplett-Scan habe ich mit Antivir laufen lassen, allerdings wurde rein gar nichts gefunden. Darüber hinaus habe ich im Ordner AppData\Temp alle Dateien mit heutigem Änderungsdatum gelöscht (keine Ahnung ob das helfen könnte). Der PC scheint seitdem momentan teilweise ein klein wenig hinterherzuhinken, so als ob er etwas überlastet sei - Dazu muss gesagt werden: ich habe viele Prozesse offen und den Rechner nach dem Anti-Viren-Scan noch nicht runtergefahren (RAM-Auslastung derzeit bei knapp 4GB von 8GB verfügbar, CPU-Auslastung unter 10%) Eine kleine Anmerkung noch: Leider besitze ich in dem Bereich kein Fachwissen, daher würde ich mich über möglichst einfache Erklärungen freuen. Grüße! |
|
05.05.2015, 14:58
| #2 |
| /// the machine /// TB-Ausbilder    | Unerwünschte automatische Aktivität durch Aufruf einer Webseite hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
05.05.2015, 22:21
| #3 |
| | FRST.txt und Addition.txt FRST
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2015
Ran by Fabian (administrator) on BEST-PC on 05-05-2015 23:10:41
Running from C:\Users\Fabian\Downloads
Loaded Profiles: Fabian (Available profiles: Fabian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
() C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3351040 2013-04-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dare-U mouse] => C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe [786432 2012-08-21] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_Plugin.exe [962224 2015-03-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\...\MountPoints2: {1619161d-7106-11e3-a6ae-94de8027cf5c} - E:\AOESETUP.EXE /autorun
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=
SearchScopes: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=
SearchScopes: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-10] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-10] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3330181468-2195716113-3604754730-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: YouTube Unblocker - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\youtubeunblocker@unblocker.yt [2015-02-11]
FF Extension: Undo Closed Tabs Button - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2015-02-11]
FF Extension: {cfd61a71-5d8b-423c-99d3-cb9c245739be} - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{cfd61a71-5d8b-423c-99d3-cb9c245739be}.xpi [2015-03-18]
FF Extension: Adblock Plus - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-16] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-30] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-04-09] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-05 23:10 - 2015-05-05 23:11 - 00015718 _____ () C:\Users\Fabian\Downloads\FRST.txt
2015-05-05 23:10 - 2015-05-05 23:10 - 00000000 ____D () C:\FRST
2015-05-05 23:09 - 2015-05-05 23:09 - 02101248 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64.exe
2015-04-26 16:48 - 2015-04-26 16:48 - 00022538 ____H () C:\Users\Fabian\Desktop\~WRL3186.tmp
2015-04-25 22:44 - 2015-04-25 22:44 - 00027676 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2015-04-21 16:22 - 2015-05-04 12:39 - 00001522 _____ () C:\Users\Fabian\Desktop\Weiterkommen (Mitte April 2015).txt
2015-04-21 13:08 - 2015-05-03 15:50 - 00000000 ____D () C:\Users\Fabian\Desktop\soziale Modelle und sonstiges
2015-04-20 23:39 - 2015-05-02 21:36 - 00000313 _____ () C:\Users\Fabian\Desktop\Fahrt nach Köln.txt
2015-04-19 13:38 - 2015-04-19 13:40 - 00000249 _____ () C:\Users\Fabian\Desktop\Bewerbungsgestaltung und -inhaltsideen - Soziale Arbeit (Hochschule).txt
2015-04-19 13:27 - 2015-04-19 13:27 - 00001425 _____ () C:\Users\Fabian\Desktop\Bewerbung - 3. Seite Motivationsschreiben.lnk
2015-04-19 13:15 - 2015-04-21 16:22 - 00000325 _____ () C:\Users\Fabian\Desktop\Köln - wer hat wann Zeit.txt
2015-04-19 12:15 - 2015-04-19 12:24 - 00000188 _____ () C:\Users\Fabian\Desktop\Hochschul- Besichtigungen.txt
2015-04-19 12:15 - 2015-04-19 12:15 - 00000061 _____ () C:\Users\Fabian\Desktop\Hochschul- Bewerbungsfristen.txt
2015-04-19 00:10 - 2015-04-27 13:05 - 00000000 ____D () C:\Users\Fabian\Desktop\meine Ernährung
2015-04-17 14:56 - 2015-04-17 14:57 - 00000000 ____D () C:\Users\Fabian\Downloads\KnAuszüge
2015-04-17 00:05 - 2015-05-04 00:53 - 00000000 ____D () C:\Users\Fabian\Desktop\Bewerbungskram
2015-04-14 12:51 - 2015-04-28 22:44 - 00000158 _____ () C:\Users\Fabian\Desktop\Girokonto-Banken (empfohlene).txt
2015-04-13 16:40 - 2015-04-14 23:00 - 00001269 _____ () C:\Users\Fabian\Desktop\Finanzieller Bedarf (mein).txt
2015-04-12 01:05 - 2015-05-05 22:43 - 00001008 _____ () C:\Windows\setupact.log
2015-04-12 01:05 - 2015-04-12 01:05 - 00000000 _____ () C:\Windows\setuperr.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-05 23:06 - 2013-06-23 16:22 - 00000000 ____D () C:\Users\Fabian\Documents\Outlook-Dateien
2015-05-05 22:43 - 2013-06-17 01:14 - 01129128 _____ () C:\Windows\WindowsUpdate.log
2015-05-05 12:10 - 2015-03-05 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 12:08 - 2013-09-15 11:46 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 12:08 - 2013-09-15 11:46 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-05 10:18 - 2014-08-19 15:36 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Adobe
2015-04-27 10:52 - 2013-06-20 21:56 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2015-04-25 22:56 - 2014-03-26 23:51 - 00000000 ____D () C:\Users\Fabian\.gimp-2.8
2015-04-25 22:14 - 2014-03-26 23:56 - 00000000 ____D () C:\Users\Fabian\AppData\Local\gtk-2.0
2015-04-24 11:15 - 2015-04-04 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 12:21 - 2012-01-02 00:12 - 00000000 ____D () C:\Users\Fabian\Documents\Archiv
2015-04-15 21:24 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-15 21:24 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-15 21:24 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 13:35 - 2014-03-22 02:43 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 13:35 - 2013-09-15 11:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 13:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-09 13:42 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:42 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:35 - 2013-06-16 20:04 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2015-04-09 13:35 - 2013-06-16 20:03 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-04-09 13:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 23:03 - 2013-06-16 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-05 17:01 - 2015-03-17 18:57 - 00000265 _____ () C:\Users\Fabian\Desktop\Ordnungssystem - einzelne Themen.txt
==================== Files in the root of some directories =======
2015-04-25 22:44 - 2015-04-25 22:44 - 0027676 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2014-11-10 13:20 - 2015-03-06 00:53 - 0007597 _____ () C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 10:14
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2015
Ran by Fabian at 2015-05-05 23:11:14
Running from C:\Users\Fabian\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3330181468-2195716113-3604754730-500 - Administrator - Disabled)
Fabian (S-1-5-21-3330181468-2195716113-3604754730-1000 - Administrator - Enabled) => C:\Users\Fabian
Gast (S-1-5-21-3330181468-2195716113-3604754730-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3330181468-2195716113-3604754730-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Anker Precision Laser Gaming Mouse version 1.2 (HKLM-x32\...\{F9A7ED2C-34E1-4A96-9A25-B022C23C3361}_is1) (Version: 1.2 - ANKER Technology)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Autodesk 3ds Max Design 2013 64-bit (HKLM\...\Autodesk 3ds Max Design 2013 64-bit) (Version: 15.0.0.347 - Autodesk)
Autodesk 3ds Max Design 2013 64-bit (Version: 15.0.0.347 - Autodesk) Hidden
Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk Civil View for 3ds Max Design 2013 (HKLM-x32\...\{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}) (Version: 1.0.0.2 - Autodesk)
Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.)
Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit (HKLM\...\{62CBE596-1BB8-4D7B-A056-103287BAD1C4}) (Version: 1.0.0.1 - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit) (Version: - Autodesk)
Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit (HKLM\...\{BC66B242-DF13-1664-851B-00123612ED98}) (Version: 15.0 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit (HKLM\...\{06E18300-BB64-1664-8E6A-2593FC67BB74}) (Version: 1.0.0.1 - Autodesk)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - )
Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
Condemned - Criminal Origins (HKLM-x32\...\{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}) (Version: 1.00.0000 - Monolith Productions)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)
Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Dropbox (HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version: - Monolith )
Full Combat Rebalance v1.6a (HKLM-x32\...\Full Combat Rebalance_is1) (Version: 1.6a - Andrzej Kwiatkowski)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200091}) (Version: - )
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version: - )
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - )
Heroes of Might and Magic® III Complete (HKLM-x32\...\Heroes of Might and Magic® III) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
L.A. Noire (HKLM-x32\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games)
LBOTS Top mouse Driver (HKLM-x32\...\{F1A273BD-6A9E-41D8-A111-5E56ACD286F8}) (Version: 1.0 - Togran)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Medal of Honor(TM) Single Player (HKLM-x32\...\Steam App 47790) (Version: - Electronic Arts)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires Gold (HKLM-x32\...\Age of Empires Gold 1.0) (Version: - )
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Phase Shift (HKLM-x32\...\Phase Shift) (Version: 1.27 - DWSK)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Resident Evil Revelations (HKLM-x32\...\Resident Evil Revelations_is1) (Version: - Capcom)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.5.0 - Rockstar Games)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version: - Snowblind Studios)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
UltraStar Deluxe (HKLM-x32\...\UltraStar Deluxe) (Version: 1.1 - USDX Team)
Unity Web Player (HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unofficial Oblivion Patch v3.2.0 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.2.0 - Quarn and Kivan)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
02-04-2015 01:57:16 Geplanter Prüfpunkt
10-04-2015 14:24:33 Geplanter Prüfpunkt
17-04-2015 21:39:06 Geplanter Prüfpunkt
25-04-2015 15:10:40 Geplanter Prüfpunkt
04-05-2015 16:02:44 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {5A4382D6-2F18-4954-8EAF-5417E1157BB1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {64E67571-02AC-4353-B15C-2815515D4C5A} - System32\Tasks\AdobeAAMUpdater-1.0-Best-PC-Fabian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {8058DCE5-39BA-4986-8094-D38F8BD34E7E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {91E29AE2-4868-41A1-92EC-142BAAD9952D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {922B9A0F-6DDD-4A61-96BB-C069DB0315BB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9C140F20-0B57-45D2-A552-92EBC6AA63CA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A64BF5A6-45A6-444E-BB90-3B9E07AB0B7C} - System32\Tasks\{049BFE38-615A-4D88-8CFA-C7B272CAB85F} => pcalua.exe -a C:\Users\Fabian\Downloads\heroes_might_magic_5_3.01_eu.exe -d C:\Users\Fabian\Downloads
Task: {B2837671-E773-4E7E-B90A-F94475446176} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {B4549D20-0A2C-476B-8048-6BE56EE61B0E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
==================== Loaded Modules (whitelisted) ==============
2013-08-17 00:56 - 2014-07-16 14:26 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-06-16 19:53 - 2012-08-09 12:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-06-16 19:53 - 2012-08-09 12:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-06-23 17:40 - 2013-04-23 18:17 - 03351040 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
2013-06-16 19:26 - 2012-08-21 07:16 - 00786432 _____ () C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe
2013-06-23 17:40 - 2011-01-27 00:53 - 00028160 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\uiHook.dll
2013-06-16 19:26 - 2012-08-13 12:01 - 00057344 _____ () C:\Program Files (x86)\Gaming Mouse\lan.dll
2013-06-16 19:26 - 2012-04-19 17:15 - 00061440 _____ () C:\Program Files (x86)\Gaming Mouse\hiddriver.dll
2013-06-16 19:52 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-05-11 12:37 - 2013-05-11 12:37 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2015-03-18 14:24 - 2015-03-18 14:24 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.69.103.78 - 80.69.102.158
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: mi-raysat_3dsmax2013_64 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ADSK DLMSession => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Fabian\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{864ACA22-EE9C-49FE-BB26-D250F4796CDD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D3A9EE55-732E-4C2A-B9DB-502D69ED422C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{46545CC7-151B-4738-B3D2-13EE7F1AF838}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{1D91B37C-C1CB-4EC7-94A5-0C43B360791D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{4161889A-4095-4E3A-B9AF-783AD147EB2A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{E6062835-D9BE-4A0A-95FE-474E29015531}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{5861EB9E-D438-485F-8135-88C3459A3736}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
FirewallRules: [{9D1108E7-8D92-49C5-B41D-7DD3D20C27DB}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{7FE5A562-333A-4AEA-9B9D-3DFE4575CA9E}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{0DF07BD5-3C02-4F87-B161-46AB93D0AEFE}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{55E440C3-DE30-41BA-9792-96578487EDBE}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{45810D03-24A9-4BA0-A506-CCFDC3CE94C1}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{C5D767EE-2481-4C7E-9726-57782A926AB3}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{81F5F312-510F-46CE-B8E1-1407F9288A46}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\3dsmax.exe
FirewallRules: [{F317A43B-4DEE-4C3C-96C1-6DC8E7F50FCA}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\3dsmax.exe
FirewallRules: [{C4834614-E9E6-42B4-B927-9632DA9606C3}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{D7C8B317-673C-4B45-8AF3-989B99B4182F}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{3DF861BD-DAFB-4F7B-9367-4BC74AD2F483}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{9FEE4A67-17D8-45CA-A3F0-A7674B7FC5D7}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{FF92C1DC-177F-4753-9953-28EDFD59407D}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{A15F6C70-0E68-49AE-BD8D-64E3CA178F5E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [TCP Query User{37B8CDDF-67CE-476A-9DDA-E53A2A150779}C:\users\fabian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\fabian\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D459B808-F8EB-4590-AE24-D7857E9FEAA0}C:\users\fabian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\fabian\appdata\local\akamai\netsession_win.exe
FirewallRules: [{00102A56-EA56-43CE-8679-632EBBBAB5CC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CE9FD126-0840-4880-AD07-2F42ACFC1619}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{A624DEEB-1A03-415F-85D9-F402426B47FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{42B66CE7-D8C4-43A5-8935-759FB556CC06}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{64250D66-A7B0-4C9B-9671-02E0AE3BC31B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3B035F44-859C-4039-9DB5-22980993543D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{72EF14F4-192E-4B1E-AA03-A941305B1D53}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1667AB4F-DDBF-473F-8B5F-EB7B62B247FB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{E1B4AFB0-5A6C-429F-B505-DB29C4389DD4}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{94C852DE-3DDC-4E0C-80DE-26E81FA9A55E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{6343F80E-3A1B-404B-873A-CACB13D91A73}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{A6188730-8B63-41D8-A0F9-38B856026C01}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{1FC4ADFE-AABB-421F-9269-A2E10DA4D5B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{4C5F0B1D-F62D-4657-B0AF-63EB1C5CD8B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{3FAD88A0-886F-45DB-99A4-D729FA8B9BD5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{29214F6F-6590-49D2-863C-AE568592CB69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{3B3099CF-ACA7-4544-A5EB-98677F25754C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [TCP Query User{5FCE0096-0A24-407A-A3EA-67C645E99D82}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{70E4227A-61DE-478C-9B49-A2B1C8202038}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{5646F340-F944-411F-8144-43404CC0B293}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{E8668FCC-2CCB-4851-B5EF-6BB6FC379336}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{4D07257B-B562-48AF-971C-F0DCE5DDDCAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War in the North\witn.exe
FirewallRules: [{751A23F9-8490-486E-AAC1-0B17F1B5F9A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War in the North\witn.exe
FirewallRules: [{3B758A7C-3541-4E81-8460-759745F1E389}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{2F09EFA2-4B8B-4312-860D-100B6ED8F695}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{FB27FC8C-9FF2-4827-8270-0050D5D88D78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space\Dead Space.exe
FirewallRules: [{AA5C7A8E-5421-4CF2-94D6-99AD3F2AA298}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space\Dead Space.exe
FirewallRules: [{E2C5609F-FDE0-424F-A26A-9CB5A9985D6C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{9D07D451-5E78-418A-8125-9F79543FD0A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{93120DDC-B26F-490F-9D26-8502DC3110B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medal of Honor\Binaries\moh.exe
FirewallRules: [{BA948AA6-DE3D-441C-A348-F9B20CB996B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medal of Honor\Binaries\moh.exe
FirewallRules: [{5772FB33-8226-4B46-AD75-154E739BAA2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medal of Honor\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{2F265FC1-5CEC-44A4-9FEA-7A52EB7848AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medal of Honor\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{C1E5621C-DE4E-4983-9F91-5DEAB100433C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{95AE107D-77E8-4614-B8A3-12DE9A6DEC6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7C1184EB-D170-46AB-B2AA-E67BDE995733}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{536E6355-BC7B-447B-B69C-A4C99B429E7F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{9C7C51E1-1FC8-4AE9-AD22-24707702DADF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{3A0B8C94-450C-4A31-AD14-745236C89765}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{95C8AE8F-1BD7-498B-AF46-7277C9AC4FB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{6AB58FE4-A523-44F8-A51F-16E9286A0540}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{A96EC40F-E65D-44EF-BB2F-9A86DB89931B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{E5889A93-9CBD-4772-AE21-C6898F8CB908}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{BD1AB9F5-3B8C-4A70-9C20-706AEFC97482}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6459E587-4BE7-4135-99FF-399F65314580}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{460F9DC6-FD09-43CF-A59F-A29E5FF83569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E1A25053-920E-428E-8C85-BB7BAB7201F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{17C502EF-9D71-4FB8-9D5B-595096A824C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{883CF1BF-B927-4B39-92F5-EA04931F22E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{162B8170-E3B3-4A26-A4D2-08DCF3A8A7E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{1618D4C0-F51A-4C91-80BD-D21012E6E26B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{7793A43E-FA94-4ECA-8D24-DB98286F313D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{48621708-C3B0-4F4E-BA89-3A42AF762220}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{BE790AA6-AEF2-4173-A5C2-F6A1A9D4C531}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEAR Ultimate Shooter Edition\FEAR.exe
FirewallRules: [{DBF1C6F1-91EA-4E7F-8A40-1FC4D5310256}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEAR Ultimate Shooter Edition\FEAR.exe
FirewallRules: [TCP Query User{E3104A4B-30DC-49B7-A0CB-A42C0E935EF7}C:\users\fabian\documents\archiv\games\isos und so\age of empires\age of empires i\aoe\aoe\empiresx.exe] => (Block) C:\users\fabian\documents\archiv\games\isos und so\age of empires\age of empires i\aoe\aoe\empiresx.exe
FirewallRules: [UDP Query User{89384479-BA77-4B57-9686-7B017B60CBD2}C:\users\fabian\documents\archiv\games\isos und so\age of empires\age of empires i\aoe\aoe\empiresx.exe] => (Block) C:\users\fabian\documents\archiv\games\isos und so\age of empires\age of empires i\aoe\aoe\empiresx.exe
FirewallRules: [TCP Query User{210D40D7-CDFF-4B08-A363-4848952CAEFB}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe
FirewallRules: [UDP Query User{F1C04055-4649-4A3B-8D0D-5E72AA64C442}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe
FirewallRules: [TCP Query User{217BD9B8-86A8-4B9B-9442-CF44F5D12CE4}C:\program files (x86)\microsoft games\age of empires\empiresx.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires\empiresx.exe
FirewallRules: [UDP Query User{0E30F193-1B64-40CE-ACC6-F55A1F2BF78C}C:\program files (x86)\microsoft games\age of empires\empiresx.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires\empiresx.exe
FirewallRules: [TCP Query User{1D20EF5D-F50A-4450-B650-7FD70C500D6E}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Block) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [UDP Query User{8438EC7D-5363-44CB-B8C7-73D2B02E72E2}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Block) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [{7E790438-AE00-4C09-8DCC-155978FAD6E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D5A09752-3253-44C4-A097-73420FCD23D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0BEA47CE-7604-47B4-A459-98F770E2A348}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{53333A9D-35C2-424D-BEC7-E2E0F108E2C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{CAF9F774-72EE-401F-9AFF-794427B6E502}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3E715680-3B76-4374-B079-9F692B532B28}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{385CE9F2-A94F-45BA-BEDC-268A7B26FCEF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C82E18D0-AE59-4160-B49C-73CBB9A19938}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CEC181C4-5035-42C8-8DED-033355D0F86B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{D9A1076D-1B71-4523-A3C2-FA13A2C16632}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{FA24521C-B48A-46EE-ACF0-1D1B9F54987F}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{37464ED6-781A-4CB1-BEA5-9AC19D322D5B}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A697D406-3BF8-41FB-A183-91CFB2B60AA9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{66E799FD-F6F0-4D54-9715-14D68140C581}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{25369D60-E85C-46AF-8939-8CCD1E74BD7F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{B6B94D69-5558-4C08-81CF-27B7EC1E145C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{46DFEB27-752C-4AB3-9D1A-FB9033F87A63}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{3DCC8566-1197-4688-B7BE-12BF4FDAF1FF}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{1CBB4D91-7415-4FF7-99E7-597567BB7314}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{E84690FC-5418-4032-9077-08D2EA9851D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{733ED84A-C12A-49E0-949B-8FD35A1F4BA9}] => (Allow) C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B12D8E7D-5E78-4929-8527-646159B6C9A1}] => (Allow) C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{1F1C49D2-D226-4D1D-BC52-6AFB4CAE47FE}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [UDP Query User{27565289-5A5E-404F-9F37-296BACD917E2}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [{3D2CA41E-C805-43FE-B674-288A773DDE15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{5A90F5D4-2878-4A74-88D3-D9BEAFC0D1BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [TCP Query User{D4CD6783-DFC5-48F4-AAE6-A8FA7236FBC5}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [UDP Query User{37B15BA8-3E93-4F23-9CFB-238565500BD7}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [{B31E1E9B-5F08-4B72-B75C-4C5EB153528F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{AC36CEF6-D073-4438-9CB8-B9A6090893C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{2D1B507A-21B5-4AB4-A46A-350A2FAE0C0B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{C2C80CD0-181A-48B8-B035-8DA9CC2F11AF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{E8AF6762-1A52-4D3C-94D9-070788C0A857}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{B2A13123-FE12-4E9B-BF8F-5D1B3A27A387}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{93193D7A-399A-47F5-82EA-15CBEF96AE01}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{F95F9E13-9D57-44A7-9390-FBB5DEA41CEC}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{486AFD25-1C43-45D5-8D3E-C94D5D7C1460}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{1354BDEC-605B-41E8-A20D-BCFC83D68BFF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{6B5EC50F-159F-4A59-BEEC-63DE3146147F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{A8CE64DA-EBE6-4347-B563-7BF9688BF85E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{A413A964-77F7-40EF-9DA5-D2ED02F50E9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C886878-D214-43E1-978D-D2792542D243}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1945A323-B66B-48FA-A963-CE02F14151B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{BFC6B811-CB3C-4983-9DDA-06F3C6B4FBEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{09225990-3598-4F1F-9868-E964A1A6306D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{54705617-DC8E-49E3-BE8F-2CDA052C1D38}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [TCP Query User{2B256E2F-1D6B-476B-9627-DDA27EBE2A50}C:\programdata\battle.net\agent\agent.3689\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3689\agent.exe
FirewallRules: [UDP Query User{25D831AC-7D4F-4003-A569-B75433825B7B}C:\programdata\battle.net\agent\agent.3689\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3689\agent.exe
FirewallRules: [{607B7CF2-8981-4C8B-816C-92B3749CDD05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{539ACC55-40D5-476B-93F6-C0D16B7D7C6A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{04BA04EA-92A7-47CB-AEE9-D9CB1CB8FFFD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1842E901-AC06-47D6-AB83-788245A9CE2C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{205C3CF1-8963-49A4-A584-D89B092AC7F8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2015 00:39:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17631, Zeitstempel: 0x54b31a70
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.489, Zeitstempel: 0x5154f613
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003cd5a8
ID des fehlerhaften Prozesses: 0xcc4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (04/25/2015 01:45:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/14/2015 00:52:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GUI.exe, Version: 1.0.0.1, Zeitstempel: 0x4f0fc8d2
Name des fehlerhaften Moduls: HM.dll, Version: 1.0.0.1, Zeitstempel: 0x5058eb74
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000087a3
ID des fehlerhaften Prozesses: 0xc38
Startzeit der fehlerhaften Anwendung: 0xGUI.exe0
Pfad der fehlerhaften Anwendung: GUI.exe1
Pfad des fehlerhaften Moduls: GUI.exe2
Berichtskennung: GUI.exe3
Error: (04/10/2015 02:18:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/09/2015 01:36:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/09/2015 01:34:59 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (04/08/2015 04:39:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/07/2015 11:46:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/07/2015 11:44:58 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (04/06/2015 11:04:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/02/2015 11:34:21 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.
Error: (04/17/2015 03:12:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (04/17/2015 03:12:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (04/17/2015 03:12:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (04/17/2015 03:12:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (04/17/2015 03:12:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (04/16/2015 11:31:47 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (04/16/2015 11:31:47 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (04/16/2015 11:31:46 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (04/16/2015 11:31:46 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Microsoft Office Sessions:
=========================
Error: (04/27/2015 00:39:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1763154b31a70atidxx32.dll8.17.10.4895154f613c0000005003cd5a8cc401d080d447842045C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dllb392600e-ecc9-11e4-be30-94de8027cf5c
Error: (04/25/2015 01:45:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2013\python\lib\distutils\command\wininst-8_d.exe
Error: (04/14/2015 00:52:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GUI.exe1.0.0.14f0fc8d2HM.dll1.0.0.15058eb74c0000005000087a3c3801d072b94921421aC:\Program Files (x86)\GIGABYTE\ET6\GUI.exeC:\Program Files (x86)\GIGABYTE\ET6\HM.dll59d4bd3e-e294-11e4-be30-94de8027cf5c
Error: (04/10/2015 02:18:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2013\python\lib\distutils\command\wininst-8_d.exe
Error: (04/09/2015 01:36:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/09/2015 01:34:59 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (04/08/2015 04:39:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2013\python\lib\distutils\command\wininst-8_d.exe
Error: (04/07/2015 11:46:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/07/2015 11:44:58 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (04/06/2015 11:04:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-08-16 13:54:53.677
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AUDIOKSE.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E3-1230 V2 @ 3.30GHz
Percentage of memory in use: 38%
Total physical RAM: 8150.19 MB
Available physical RAM: 4981.11 MB
Total Pagefile: 16298.57 MB
Available Pagefile: 8611.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:891.51 GB) (Free:495.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6DBF8A36)
Partition 1: (Active) - (Size=39.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=891.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
06.05.2015, 09:02
| #4 |
| /// the machine /// TB-Ausbilder | Unerwünschte automatische Aktivität durch Aufruf einer Webseite So sehe ich mal nix, graben wir mal tiefer: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.05.2015, 12:33
| #5 |
| | kein Fund mit mbar.exe Habe mbar drüberlaufen lassen, es wurde nichts gefunden und dementsprechend gab es keinen 'CleanUp'-Button, nur 'Prev' und 'Exit'. Nun: Den PC neustarten? TDSSKILLER starten? Anmerkung: Der PC wurde noch immer nicht heruntergefahren, befand sich stattdessen im StanBy-Modus (da ich nicht weiß ob er nach dem Herunterfahren mit möglichem Infekt vielleicht Probleme beim nächsten Start macht). Der Rechner hinkt immer noch hinterher. Danke schonmal für die bisherige Hilfe :-) Falls das mbar-Log dennoch von Bedeutung ist: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.06.02
rootkit: v2015.04.21.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Fabian :: BEST-PC [administrator]
06.05.2015 13:12:34
mbar-log-2015-05-06 (13-12-34).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 379625
Time elapsed: 8 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Geändert von ThomasLanger (06.05.2015 um 12:38 Uhr) |
|
06.05.2015, 14:38
| #6 |
| /// the machine /// TB-Ausbilder | Unerwünschte automatische Aktivität durch Aufruf einer Webseite Dann jetzt einfach TDSSKiller 
__________________ --> Unerwünschte automatische Aktivität durch Aufruf einer Webseite |
|
06.05.2015, 15:08
| #7 |
| | TDSSkiller-Scan So, alles gemacht, wie vorgeschrieben. TDSSKiller: Code:
ATTFilter 15:57:31.0537 0x0558 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
15:57:55.0646 0x0558 ============================================================
15:57:55.0646 0x0558 Current date / time: 2015/05/06 15:57:55.0646
15:57:55.0646 0x0558 SystemInfo:
15:57:55.0646 0x0558
15:57:55.0646 0x0558 OS Version: 6.1.7601 ServicePack: 1.0
15:57:55.0646 0x0558 Product type: Workstation
15:57:55.0646 0x0558 ComputerName: BEST-PC
15:57:55.0647 0x0558 UserName: Fabian
15:57:55.0647 0x0558 Windows directory: C:\Windows
15:57:55.0647 0x0558 System windows directory: C:\Windows
15:57:55.0647 0x0558 Running under WOW64
15:57:55.0647 0x0558 Processor architecture: Intel x64
15:57:55.0647 0x0558 Number of processors: 8
15:57:55.0647 0x0558 Page size: 0x1000
15:57:55.0647 0x0558 Boot type: Normal boot
15:57:55.0647 0x0558 ============================================================
15:57:57.0790 0x0558 KLMD registered as C:\Windows\system32\drivers\05207237.sys
15:57:57.0990 0x0558 System UUID: {B6927025-5AD8-B428-265D-28F961F40CB1}
15:57:58.0317 0x0558 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:58.0322 0x0558 ============================================================
15:57:58.0322 0x0558 \Device\Harddisk0\DR0:
15:57:58.0323 0x0558 MBR partitions:
15:57:58.0323 0x0558 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4FCD800
15:57:58.0323 0x0558 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5000000, BlocksNum 0x6F706000
15:57:58.0323 0x0558 ============================================================
15:57:58.0356 0x0558 C: <-> \Device\Harddisk0\DR0\Partition2
15:57:58.0357 0x0558 ============================================================
15:57:58.0357 0x0558 Initialize success
15:57:58.0357 0x0558 ============================================================
15:58:43.0006 0x17d4 ============================================================
15:58:43.0006 0x17d4 Scan started
15:58:43.0006 0x17d4 Mode: Manual; SigCheck; TDLFS;
15:58:43.0006 0x17d4 ============================================================
15:58:43.0006 0x17d4 KSN ping started
15:58:45.0931 0x17d4 KSN ping finished: true
15:58:46.0878 0x17d4 ================ Scan system memory ========================
15:58:46.0878 0x17d4 System memory - ok
15:58:46.0879 0x17d4 ================ Scan services =============================
15:58:46.0980 0x17d4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:58:47.0059 0x17d4 1394ohci - ok
15:58:47.0082 0x17d4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:58:47.0094 0x17d4 ACPI - ok
15:58:47.0102 0x17d4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:58:47.0165 0x17d4 AcpiPmi - ok
15:58:47.0248 0x17d4 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:58:47.0261 0x17d4 AdobeARMservice - ok
15:58:47.0278 0x17d4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:58:47.0300 0x17d4 adp94xx - ok
15:58:47.0325 0x17d4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:58:47.0336 0x17d4 adpahci - ok
15:58:47.0347 0x17d4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:58:47.0356 0x17d4 adpu320 - ok
15:58:47.0381 0x17d4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:58:47.0482 0x17d4 AeLookupSvc - ok
15:58:47.0577 0x17d4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
15:58:47.0639 0x17d4 AFD - ok
15:58:47.0659 0x17d4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
15:58:47.0673 0x17d4 agp440 - ok
15:58:47.0689 0x17d4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
15:58:47.0736 0x17d4 ALG - ok
15:58:47.0772 0x17d4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
15:58:47.0780 0x17d4 aliide - ok
15:58:47.0803 0x17d4 [ 310F86335B0505DDC6D2DD48E66EF06B, 936273CA046B3AE0944E6C1557CECB2A0C61D034977BBB9FACBE062617CF3A2C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:58:47.0870 0x17d4 AMD External Events Utility - ok
15:58:47.0898 0x17d4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
15:58:47.0904 0x17d4 amdide - ok
15:58:47.0916 0x17d4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:58:47.0960 0x17d4 AmdK8 - ok
15:58:48.0209 0x17d4 [ 79CC9BE187E3144E1B58A54B842475E7, 89DD3177B5CE649AC0093603CE13FBFD93AC24F8E16C52672549110141106F4A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:58:48.0517 0x17d4 amdkmdag - ok
15:58:48.0553 0x17d4 [ 07561D3B7FD99F6E186C49C2D0628E38, D2D72EB45EAD29A3099C040E99A4F1F4902D3BDC0466800C63ECD33343DC1224 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:58:48.0594 0x17d4 amdkmdap - ok
15:58:48.0616 0x17d4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:58:48.0644 0x17d4 AmdPPM - ok
15:58:48.0673 0x17d4 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:58:48.0685 0x17d4 amdsata - ok
15:58:48.0712 0x17d4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:58:48.0721 0x17d4 amdsbs - ok
15:58:48.0734 0x17d4 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:58:48.0740 0x17d4 amdxata - ok
15:58:48.0830 0x17d4 [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
15:58:48.0872 0x17d4 AntiVirMailService - ok
15:58:48.0920 0x17d4 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:58:48.0930 0x17d4 AntiVirSchedulerService - ok
15:58:48.0978 0x17d4 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:58:48.0989 0x17d4 AntiVirService - ok
15:58:49.0043 0x17d4 [ 0F3D12E5FAE0082DB3F306095CA6B027, 726D054357031F45B43C87D798E84FA93439ECA6C691EB8C76FE524B50C25B32 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
15:58:49.0064 0x17d4 AntiVirWebService - ok
15:58:49.0096 0x17d4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
15:58:49.0192 0x17d4 AppID - ok
15:58:49.0209 0x17d4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:58:49.0243 0x17d4 AppIDSvc - ok
15:58:49.0267 0x17d4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
15:58:49.0311 0x17d4 Appinfo - ok
15:58:49.0391 0x17d4 [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:58:49.0402 0x17d4 Apple Mobile Device Service - ok
15:58:49.0437 0x17d4 [ CC19A6452BA688EA32D14D8DBEC190F4, 6D52B63926E1766DB8BD00CC5CC0AD9EA3B68FC1E6C66FAF4E899606437468A3 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
15:58:49.0476 0x17d4 AppleCharger - ok
15:58:49.0492 0x17d4 [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
15:58:49.0503 0x17d4 AppleChargerSrv - ok
15:58:49.0522 0x17d4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
15:58:49.0569 0x17d4 AppMgmt - ok
15:58:49.0585 0x17d4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
15:58:49.0598 0x17d4 arc - ok
15:58:49.0607 0x17d4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:58:49.0619 0x17d4 arcsas - ok
15:58:49.0708 0x17d4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:58:49.0725 0x17d4 aspnet_state - ok
15:58:49.0738 0x17d4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:58:49.0789 0x17d4 AsyncMac - ok
15:58:49.0815 0x17d4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
15:58:49.0827 0x17d4 atapi - ok
15:58:49.0861 0x17d4 [ ED3A041014FBBFDC23D6C04F9C7A5D79, A039D8F4C0EA2101898A253E13DFED5FA8500C412ACC47835415E27C9BD068FF ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:58:49.0884 0x17d4 AtiHDAudioService - ok
15:58:49.0927 0x17d4 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:58:49.0954 0x17d4 AudioEndpointBuilder - ok
15:58:49.0966 0x17d4 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:58:49.0984 0x17d4 AudioSrv - ok
15:58:50.0053 0x17d4 [ 43B6D229C7DBA9F0FC0FC0C318DB5350, F5A525DBD71FC4A323E92839C6D27F323FB304B7E9FFA35E89E9B419570AA4C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:58:50.0068 0x17d4 avgntflt - ok
15:58:50.0099 0x17d4 [ 626D1BAD7A1975A8FEE8876A8AD0EEA7, 59772746A2DF3B7E8D021756B8A64569AC8468CA1C802EB594494224354F1E60 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:58:50.0113 0x17d4 avipbb - ok
15:58:50.0210 0x17d4 [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
15:58:50.0225 0x17d4 Avira.OE.ServiceHost - ok
15:58:50.0243 0x17d4 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:58:50.0255 0x17d4 avkmgr - ok
15:58:50.0313 0x17d4 [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
15:58:50.0325 0x17d4 avnetflt - ok
15:58:50.0352 0x17d4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:58:50.0420 0x17d4 AxInstSV - ok
15:58:50.0456 0x17d4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:58:50.0513 0x17d4 b06bdrv - ok
15:58:50.0533 0x17d4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:58:50.0572 0x17d4 b57nd60a - ok
15:58:50.0578 0x17d4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
15:58:50.0610 0x17d4 BDESVC - ok
15:58:50.0645 0x17d4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
15:58:50.0694 0x17d4 Beep - ok
15:58:50.0721 0x17d4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
15:58:50.0781 0x17d4 BFE - ok
15:58:50.0835 0x17d4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
15:58:50.0891 0x17d4 BITS - ok
15:58:50.0911 0x17d4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:58:50.0920 0x17d4 blbdrive - ok
15:58:50.0946 0x17d4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:58:50.0984 0x17d4 bowser - ok
15:58:50.0990 0x17d4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:58:50.0999 0x17d4 BrFiltLo - ok
15:58:51.0003 0x17d4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:58:51.0030 0x17d4 BrFiltUp - ok
15:58:51.0061 0x17d4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
15:58:51.0076 0x17d4 Browser - ok
15:58:51.0096 0x17d4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:58:51.0143 0x17d4 Brserid - ok
15:58:51.0155 0x17d4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:58:51.0193 0x17d4 BrSerWdm - ok
15:58:51.0214 0x17d4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:58:51.0240 0x17d4 BrUsbMdm - ok
15:58:51.0256 0x17d4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:58:51.0263 0x17d4 BrUsbSer - ok
15:58:51.0281 0x17d4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:58:51.0291 0x17d4 BTHMODEM - ok
15:58:51.0305 0x17d4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
15:58:51.0326 0x17d4 bthserv - ok
15:58:51.0340 0x17d4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:58:51.0376 0x17d4 cdfs - ok
15:58:51.0413 0x17d4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:58:51.0433 0x17d4 cdrom - ok
15:58:51.0458 0x17d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
15:58:51.0479 0x17d4 CertPropSvc - ok
15:58:51.0487 0x17d4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
15:58:51.0497 0x17d4 circlass - ok
15:58:51.0514 0x17d4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
15:58:51.0545 0x17d4 CLFS - ok
15:58:51.0600 0x17d4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:58:51.0615 0x17d4 clr_optimization_v2.0.50727_32 - ok
15:58:51.0643 0x17d4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:58:51.0657 0x17d4 clr_optimization_v2.0.50727_64 - ok
15:58:51.0720 0x17d4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:58:51.0747 0x17d4 clr_optimization_v4.0.30319_32 - ok
15:58:51.0763 0x17d4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:58:51.0775 0x17d4 clr_optimization_v4.0.30319_64 - ok
15:58:51.0786 0x17d4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:58:51.0814 0x17d4 CmBatt - ok
15:58:51.0834 0x17d4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:58:51.0842 0x17d4 cmdide - ok
15:58:51.0891 0x17d4 [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG C:\Windows\system32\Drivers\cng.sys
15:58:51.0927 0x17d4 CNG - ok
15:58:51.0937 0x17d4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:58:51.0943 0x17d4 Compbatt - ok
15:58:51.0957 0x17d4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:58:51.0989 0x17d4 CompositeBus - ok
15:58:51.0991 0x17d4 COMSysApp - ok
15:58:52.0013 0x17d4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:58:52.0027 0x17d4 crcdisk - ok
15:58:52.0065 0x17d4 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:58:52.0083 0x17d4 CryptSvc - ok
15:58:52.0103 0x17d4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
15:58:52.0160 0x17d4 CSC - ok
15:58:52.0194 0x17d4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
15:58:52.0223 0x17d4 CscService - ok
15:58:52.0253 0x17d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:58:52.0294 0x17d4 DcomLaunch - ok
15:58:52.0325 0x17d4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
15:58:52.0351 0x17d4 defragsvc - ok
15:58:52.0371 0x17d4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:58:52.0406 0x17d4 DfsC - ok
15:58:52.0438 0x17d4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:58:52.0547 0x17d4 Dhcp - ok
15:58:52.0554 0x17d4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
15:58:52.0613 0x17d4 discache - ok
15:58:52.0631 0x17d4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
15:58:52.0639 0x17d4 Disk - ok
15:58:52.0657 0x17d4 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:58:52.0675 0x17d4 dmvsc - ok
15:58:52.0719 0x17d4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:58:52.0771 0x17d4 Dnscache - ok
15:58:52.0781 0x17d4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
15:58:52.0820 0x17d4 dot3svc - ok
15:58:52.0864 0x17d4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
15:58:52.0922 0x17d4 DPS - ok
15:58:52.0955 0x17d4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:58:52.0999 0x17d4 drmkaud - ok
15:58:53.0028 0x17d4 [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:58:53.0038 0x17d4 dtsoftbus01 - ok
15:58:53.0091 0x17d4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:58:53.0113 0x17d4 DXGKrnl - ok
15:58:53.0129 0x17d4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
15:58:53.0170 0x17d4 EapHost - ok
15:58:53.0243 0x17d4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:58:53.0342 0x17d4 ebdrv - ok
15:58:53.0377 0x17d4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS C:\Windows\System32\lsass.exe
15:58:53.0400 0x17d4 EFS - ok
15:58:53.0463 0x17d4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:58:53.0535 0x17d4 ehRecvr - ok
15:58:53.0547 0x17d4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
15:58:53.0578 0x17d4 ehSched - ok
15:58:53.0628 0x17d4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:58:53.0649 0x17d4 elxstor - ok
15:58:53.0659 0x17d4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:58:53.0667 0x17d4 ErrDev - ok
15:58:53.0688 0x17d4 [ 84486624268E078255BC7AA47F0960BC, EC2540698B974572F0AC4A93D57C63295BAF66BF50F7416B9DFF5DE790EBDBE7 ] etdrv C:\Windows\etdrv.sys
15:58:53.0693 0x17d4 etdrv - ok
15:58:53.0721 0x17d4 [ 3DBC10CBC436288801FAEE66DE91AE47, CE50732C43AEB8ACF977DF7CF609C88CB022E596EBE0C0AA9DDBC4D6BB25B804 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
15:58:53.0771 0x17d4 EtronHub3 - ok
15:58:53.0785 0x17d4 [ DE261095A2220D400D9603E1E42D4185, F5C4493EDCE92EC46BC7940764F719131FE27AE695201EDF143D678881CD239D ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
15:58:53.0795 0x17d4 EtronXHCI - ok
15:58:53.0813 0x17d4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
15:58:53.0855 0x17d4 EventSystem - ok
15:58:53.0874 0x17d4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
15:58:53.0897 0x17d4 exfat - ok
15:58:53.0911 0x17d4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:58:53.0954 0x17d4 fastfat - ok
15:58:54.0011 0x17d4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
15:58:54.0072 0x17d4 Fax - ok
15:58:54.0081 0x17d4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
15:58:54.0104 0x17d4 fdc - ok
15:58:54.0121 0x17d4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
15:58:54.0143 0x17d4 fdPHost - ok
15:58:54.0153 0x17d4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
15:58:54.0191 0x17d4 FDResPub - ok
15:58:54.0208 0x17d4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:58:54.0215 0x17d4 FileInfo - ok
15:58:54.0226 0x17d4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:58:54.0261 0x17d4 Filetrace - ok
15:58:54.0330 0x17d4 [ 64AB6F28047744B9B19C97459C2AB31B, B1F3FEE6DF1E72003DEAC8712C3E29D82DF67A095C4AC16A379BCD995C2F3833 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:58:54.0358 0x17d4 FLEXnet Licensing Service 64 - ok
15:58:54.0362 0x17d4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:58:54.0369 0x17d4 flpydisk - ok
15:58:54.0385 0x17d4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:58:54.0395 0x17d4 FltMgr - ok
15:58:54.0442 0x17d4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
15:58:54.0479 0x17d4 FontCache - ok
15:58:54.0510 0x17d4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:58:54.0516 0x17d4 FontCache3.0.0.0 - ok
15:58:54.0526 0x17d4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:58:54.0534 0x17d4 FsDepends - ok
15:58:54.0547 0x17d4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:58:54.0554 0x17d4 Fs_Rec - ok
15:58:54.0604 0x17d4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:58:54.0616 0x17d4 fvevol - ok
15:58:54.0637 0x17d4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:58:54.0645 0x17d4 gagp30kx - ok
15:58:54.0705 0x17d4 [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv C:\Windows\gdrv.sys
15:58:54.0711 0x17d4 gdrv - ok
15:58:54.0755 0x17d4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:58:54.0761 0x17d4 GEARAspiWDM - ok
15:58:54.0782 0x17d4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
15:58:54.0830 0x17d4 gpsvc - ok
15:58:54.0852 0x17d4 [ 8126331FBD4ED29EB3B356F9C905064D, A58BCE904591DD762410E99960FD956FB579C2CE78FA7BF1406075D29537EF82 ] GVTDrv64 C:\Windows\GVTDrv64.sys
15:58:54.0858 0x17d4 GVTDrv64 - ok
15:58:54.0873 0x17d4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:58:54.0917 0x17d4 hcw85cir - ok
15:58:54.0945 0x17d4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:58:54.0978 0x17d4 HdAudAddService - ok
15:58:55.0016 0x17d4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:58:55.0046 0x17d4 HDAudBus - ok
15:58:55.0066 0x17d4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:58:55.0091 0x17d4 HidBatt - ok
15:58:55.0109 0x17d4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:58:55.0138 0x17d4 HidBth - ok
15:58:55.0156 0x17d4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
15:58:55.0165 0x17d4 HidIr - ok
15:58:55.0180 0x17d4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
15:58:55.0201 0x17d4 hidserv - ok
15:58:55.0232 0x17d4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:58:55.0251 0x17d4 HidUsb - ok
15:58:55.0274 0x17d4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:58:55.0295 0x17d4 hkmsvc - ok
15:58:55.0304 0x17d4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:58:55.0319 0x17d4 HomeGroupListener - ok
15:58:55.0330 0x17d4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:58:55.0355 0x17d4 HomeGroupProvider - ok
15:58:55.0401 0x17d4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:58:55.0416 0x17d4 HpSAMD - ok
15:58:55.0456 0x17d4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:58:55.0508 0x17d4 HTTP - ok
15:58:55.0529 0x17d4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:58:55.0536 0x17d4 hwpolicy - ok
15:58:55.0559 0x17d4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:58:55.0568 0x17d4 i8042prt - ok
15:58:55.0583 0x17d4 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:58:55.0595 0x17d4 iaStorV - ok
15:58:55.0648 0x17d4 [ 33D4D4A24791587E83F7EE05A446FB7E, 081E48AF76D7D3A71850A4C910EFBB0B280235E2A5303178B0338230F4BA2DE2 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
15:58:55.0667 0x17d4 ICCS - detected UnsignedFile.Multi.Generic ( 1 )
15:58:58.0083 0x17d4 Detect skipped due to KSN trusted
15:58:58.0083 0x17d4 ICCS - ok
15:58:58.0132 0x17d4 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:58:58.0155 0x17d4 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
15:59:00.0570 0x17d4 Detect skipped due to KSN trusted
15:59:00.0570 0x17d4 IDriverT - ok
15:59:00.0626 0x17d4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:59:00.0655 0x17d4 idsvc - ok
15:59:00.0682 0x17d4 IEEtwCollectorService - ok
15:59:00.0690 0x17d4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:59:00.0697 0x17d4 iirsp - ok
15:59:00.0730 0x17d4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
15:59:00.0753 0x17d4 IKEEXT - ok
15:59:00.0803 0x17d4 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:59:00.0829 0x17d4 Intel(R) Capability Licensing Service Interface - ok
15:59:00.0856 0x17d4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
15:59:00.0868 0x17d4 intelide - ok
15:59:00.0883 0x17d4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:59:00.0909 0x17d4 intelppm - ok
15:59:00.0941 0x17d4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:59:00.0979 0x17d4 IPBusEnum - ok
15:59:00.0994 0x17d4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:01.0015 0x17d4 IpFilterDriver - ok
15:59:01.0055 0x17d4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:59:01.0111 0x17d4 iphlpsvc - ok
15:59:01.0125 0x17d4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:59:01.0154 0x17d4 IPMIDRV - ok
15:59:01.0160 0x17d4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:59:01.0194 0x17d4 IPNAT - ok
15:59:01.0230 0x17d4 [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:59:01.0244 0x17d4 iPod Service - ok
15:59:01.0260 0x17d4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:59:01.0293 0x17d4 IRENUM - ok
15:59:01.0309 0x17d4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:59:01.0322 0x17d4 isapnp - ok
15:59:01.0352 0x17d4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:59:01.0367 0x17d4 iScsiPrt - ok
15:59:01.0379 0x17d4 [ D596D915CF091DA1F8CE4BD38BB5D509, 9B4D246B6886FFD9BE329F3543B819FC010661B0F70206F16ECBF25A7B12AA6F ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
15:59:01.0384 0x17d4 iusb3hcs - ok
15:59:01.0401 0x17d4 [ 023896E23B61543A15A230EED996D911, 2F8D15B67AB2C1E87EA46F2CB9DBA564865D89DEA93A83B44A9B148883B96731 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
15:59:01.0412 0x17d4 iusb3hub - ok
15:59:01.0434 0x17d4 [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E, E7ED64DD26FD4EA04C2C32C33BDA16FB985F3C6F1F8451480A0D24375B7F57AC ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:59:01.0452 0x17d4 iusb3xhc - ok
15:59:01.0513 0x17d4 [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:59:01.0521 0x17d4 jhi_service - ok
15:59:01.0530 0x17d4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:59:01.0538 0x17d4 kbdclass - ok
15:59:01.0561 0x17d4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:59:01.0592 0x17d4 kbdhid - ok
15:59:01.0612 0x17d4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso C:\Windows\system32\lsass.exe
15:59:01.0627 0x17d4 KeyIso - ok
15:59:01.0666 0x17d4 [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:59:01.0682 0x17d4 KSecDD - ok
15:59:01.0696 0x17d4 [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:59:01.0706 0x17d4 KSecPkg - ok
15:59:01.0715 0x17d4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:59:01.0755 0x17d4 ksthunk - ok
15:59:01.0796 0x17d4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
15:59:01.0848 0x17d4 KtmRm - ok
15:59:01.0865 0x17d4 [ A43A9920D2409BB9DA747D2FD20A2E61, 6D48897F3B9F0D04FC0C09017A34F1614C708476829F275682963F162BCBE8A0 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:59:01.0872 0x17d4 L1C - ok
15:59:01.0900 0x17d4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:59:01.0942 0x17d4 LanmanServer - ok
15:59:01.0966 0x17d4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:59:02.0008 0x17d4 LanmanWorkstation - ok
15:59:02.0039 0x17d4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:59:02.0060 0x17d4 lltdio - ok
15:59:02.0092 0x17d4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:59:02.0146 0x17d4 lltdsvc - ok
15:59:02.0163 0x17d4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:59:02.0211 0x17d4 lmhosts - ok
15:59:02.0246 0x17d4 [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:59:02.0255 0x17d4 LMS - ok
15:59:02.0284 0x17d4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:59:02.0292 0x17d4 LSI_FC - ok
15:59:02.0299 0x17d4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:59:02.0307 0x17d4 LSI_SAS - ok
15:59:02.0318 0x17d4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:59:02.0325 0x17d4 LSI_SAS2 - ok
15:59:02.0329 0x17d4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:59:02.0336 0x17d4 LSI_SCSI - ok
15:59:02.0354 0x17d4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
15:59:02.0393 0x17d4 luafv - ok
15:59:02.0426 0x17d4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:59:02.0436 0x17d4 Mcx2Svc - ok
15:59:02.0451 0x17d4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
15:59:02.0457 0x17d4 megasas - ok
15:59:02.0473 0x17d4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:59:02.0484 0x17d4 MegaSR - ok
15:59:02.0521 0x17d4 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:59:02.0528 0x17d4 MEIx64 - ok
15:59:02.0631 0x17d4 [ 0AF89452A8CE3928168F4E5B2208C68B, 571F1A9F1F0B31DB5FFAE7FB7F98C16958439D6666A9F2131B0F2E496BF3D2AC ] mi-raysat_3dsmax2013_64 C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
15:59:02.0639 0x17d4 mi-raysat_3dsmax2013_64 - detected UnsignedFile.Multi.Generic ( 1 )
15:59:05.0172 0x17d4 Detect skipped due to KSN trusted
15:59:05.0172 0x17d4 mi-raysat_3dsmax2013_64 - ok
15:59:05.0228 0x17d4 Microsoft SharePoint Workspace Audit Service - ok
15:59:05.0246 0x17d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
15:59:05.0280 0x17d4 MMCSS - ok
15:59:05.0295 0x17d4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
15:59:05.0316 0x17d4 Modem - ok
15:59:05.0354 0x17d4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:59:05.0387 0x17d4 monitor - ok
15:59:05.0405 0x17d4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:59:05.0417 0x17d4 mouclass - ok
15:59:05.0424 0x17d4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:59:05.0456 0x17d4 mouhid - ok
15:59:05.0477 0x17d4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:59:05.0489 0x17d4 mountmgr - ok
15:59:05.0535 0x17d4 [ 269BDB3CB77EB77BABE2862BEAB1F208, EC693365C73D59244CB77E181042128A9901BA5C1109CD4F1B9A2008DF1F9582 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:59:05.0544 0x17d4 MozillaMaintenance - ok
15:59:05.0564 0x17d4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
15:59:05.0572 0x17d4 mpio - ok
15:59:05.0584 0x17d4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:59:05.0605 0x17d4 mpsdrv - ok
15:59:05.0634 0x17d4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:59:05.0669 0x17d4 MpsSvc - ok
15:59:05.0697 0x17d4 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:59:05.0737 0x17d4 MRxDAV - ok
15:59:05.0772 0x17d4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:05.0826 0x17d4 mrxsmb - ok
15:59:05.0844 0x17d4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:05.0867 0x17d4 mrxsmb10 - ok
15:59:05.0879 0x17d4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:05.0907 0x17d4 mrxsmb20 - ok
15:59:05.0929 0x17d4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
15:59:05.0942 0x17d4 msahci - ok
15:59:05.0959 0x17d4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:59:05.0967 0x17d4 msdsm - ok
15:59:05.0981 0x17d4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
15:59:06.0009 0x17d4 MSDTC - ok
15:59:06.0030 0x17d4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:59:06.0081 0x17d4 Msfs - ok
15:59:06.0103 0x17d4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:59:06.0139 0x17d4 mshidkmdf - ok
15:59:06.0143 0x17d4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:59:06.0149 0x17d4 msisadrv - ok
15:59:06.0172 0x17d4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:59:06.0209 0x17d4 MSiSCSI - ok
15:59:06.0211 0x17d4 msiserver - ok
15:59:06.0241 0x17d4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:59:06.0289 0x17d4 MSKSSRV - ok
15:59:06.0307 0x17d4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:59:06.0340 0x17d4 MSPCLOCK - ok
15:59:06.0360 0x17d4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:59:06.0380 0x17d4 MSPQM - ok
15:59:06.0398 0x17d4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:59:06.0410 0x17d4 MsRPC - ok
15:59:06.0416 0x17d4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:59:06.0422 0x17d4 mssmbios - ok
15:59:06.0428 0x17d4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:59:06.0448 0x17d4 MSTEE - ok
15:59:06.0457 0x17d4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:59:06.0465 0x17d4 MTConfig - ok
15:59:06.0478 0x17d4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
15:59:06.0484 0x17d4 Mup - ok
15:59:06.0509 0x17d4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
15:59:06.0557 0x17d4 napagent - ok
15:59:06.0608 0x17d4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:59:06.0625 0x17d4 NativeWifiP - ok
15:59:06.0665 0x17d4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
15:59:06.0686 0x17d4 NDIS - ok
15:59:06.0700 0x17d4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:59:06.0720 0x17d4 NdisCap - ok
15:59:06.0743 0x17d4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:59:06.0764 0x17d4 NdisTapi - ok
15:59:06.0779 0x17d4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:59:06.0800 0x17d4 Ndisuio - ok
15:59:06.0815 0x17d4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:59:06.0853 0x17d4 NdisWan - ok
15:59:06.0875 0x17d4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:59:06.0895 0x17d4 NDProxy - ok
15:59:06.0908 0x17d4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:59:06.0947 0x17d4 NetBIOS - ok
15:59:06.0969 0x17d4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:59:06.0993 0x17d4 NetBT - ok
15:59:07.0004 0x17d4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon C:\Windows\system32\lsass.exe
15:59:07.0011 0x17d4 Netlogon - ok
15:59:07.0031 0x17d4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
15:59:07.0057 0x17d4 Netman - ok
15:59:07.0096 0x17d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:07.0114 0x17d4 NetMsmqActivator - ok
15:59:07.0121 0x17d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:07.0131 0x17d4 NetPipeActivator - ok
15:59:07.0146 0x17d4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
15:59:07.0189 0x17d4 netprofm - ok
15:59:07.0193 0x17d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:07.0201 0x17d4 NetTcpActivator - ok
15:59:07.0204 0x17d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:07.0212 0x17d4 NetTcpPortSharing - ok
15:59:07.0240 0x17d4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:59:07.0247 0x17d4 nfrd960 - ok
15:59:07.0288 0x17d4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
15:59:07.0343 0x17d4 NlaSvc - ok
15:59:07.0361 0x17d4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:59:07.0397 0x17d4 Npfs - ok
15:59:07.0414 0x17d4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
15:59:07.0462 0x17d4 nsi - ok
15:59:07.0479 0x17d4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:59:07.0516 0x17d4 nsiproxy - ok
15:59:07.0594 0x17d4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:59:07.0630 0x17d4 Ntfs - ok
15:59:07.0637 0x17d4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
15:59:07.0677 0x17d4 Null - ok
15:59:07.0704 0x17d4 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:59:07.0712 0x17d4 nvraid - ok
15:59:07.0744 0x17d4 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:59:07.0753 0x17d4 nvstor - ok
15:59:07.0786 0x17d4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:59:07.0794 0x17d4 nv_agp - ok
15:59:07.0801 0x17d4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:59:07.0823 0x17d4 ohci1394 - ok
15:59:07.0946 0x17d4 [ 4E2D0656946F2A19FED1C60E0E4FC1AF, 5551D5BD89EB650C5485BBB58DAA5473044B7C967B72687A27430FA9A1E812FE ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
15:59:07.0982 0x17d4 Origin Client Service - ok
15:59:08.0040 0x17d4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:59:08.0055 0x17d4 ose - ok
15:59:08.0192 0x17d4 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:59:08.0266 0x17d4 osppsvc - ok
15:59:08.0299 0x17d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:59:08.0348 0x17d4 p2pimsvc - ok
15:59:08.0378 0x17d4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
15:59:08.0402 0x17d4 p2psvc - ok
15:59:08.0407 0x17d4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
15:59:08.0418 0x17d4 Parport - ok
15:59:08.0441 0x17d4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:59:08.0448 0x17d4 partmgr - ok
15:59:08.0455 0x17d4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
15:59:08.0485 0x17d4 PcaSvc - ok
15:59:08.0503 0x17d4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
15:59:08.0512 0x17d4 pci - ok
15:59:08.0542 0x17d4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
15:59:08.0548 0x17d4 pciide - ok
15:59:08.0554 0x17d4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:59:08.0563 0x17d4 pcmcia - ok
15:59:08.0572 0x17d4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
15:59:08.0579 0x17d4 pcw - ok
15:59:08.0595 0x17d4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:59:08.0642 0x17d4 PEAUTH - ok
15:59:08.0693 0x17d4 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:59:08.0747 0x17d4 PeerDistSvc - ok
15:59:08.0806 0x17d4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:59:08.0832 0x17d4 PerfHost - ok
15:59:08.0875 0x17d4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
15:59:08.0937 0x17d4 pla - ok
15:59:09.0003 0x17d4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:59:09.0062 0x17d4 PlugPlay - ok
15:59:09.0090 0x17d4 PnkBstrA - ok
15:59:09.0115 0x17d4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:59:09.0142 0x17d4 PNRPAutoReg - ok
15:59:09.0169 0x17d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:59:09.0188 0x17d4 PNRPsvc - ok
15:59:09.0222 0x17d4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:59:09.0266 0x17d4 PolicyAgent - ok
15:59:09.0308 0x17d4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
15:59:09.0351 0x17d4 Power - ok
15:59:09.0382 0x17d4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:59:09.0427 0x17d4 PptpMiniport - ok
15:59:09.0448 0x17d4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
15:59:09.0468 0x17d4 Processor - ok
15:59:09.0509 0x17d4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
15:59:09.0542 0x17d4 ProfSvc - ok
15:59:09.0555 0x17d4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:59:09.0567 0x17d4 ProtectedStorage - ok
15:59:09.0587 0x17d4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:59:09.0617 0x17d4 Psched - ok
15:59:09.0665 0x17d4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:59:09.0696 0x17d4 ql2300 - ok
15:59:09.0709 0x17d4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:59:09.0717 0x17d4 ql40xx - ok
15:59:09.0732 0x17d4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
15:59:09.0747 0x17d4 QWAVE - ok
15:59:09.0759 0x17d4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:59:09.0770 0x17d4 QWAVEdrv - ok
15:59:09.0776 0x17d4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:59:09.0808 0x17d4 RasAcd - ok
15:59:09.0838 0x17d4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:59:09.0879 0x17d4 RasAgileVpn - ok
15:59:09.0896 0x17d4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
15:59:09.0920 0x17d4 RasAuto - ok
15:59:09.0929 0x17d4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:09.0951 0x17d4 Rasl2tp - ok
15:59:09.0962 0x17d4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
15:59:09.0988 0x17d4 RasMan - ok
15:59:09.0996 0x17d4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:10.0031 0x17d4 RasPppoe - ok
15:59:10.0060 0x17d4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:59:10.0112 0x17d4 RasSstp - ok
15:59:10.0136 0x17d4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:59:10.0161 0x17d4 rdbss - ok
15:59:10.0166 0x17d4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:59:10.0191 0x17d4 rdpbus - ok
15:59:10.0215 0x17d4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:10.0235 0x17d4 RDPCDD - ok
15:59:10.0264 0x17d4 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:59:10.0285 0x17d4 RDPDR - ok
15:59:10.0287 0x17d4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:59:10.0328 0x17d4 RDPENCDD - ok
15:59:10.0366 0x17d4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:59:10.0424 0x17d4 RDPREFMP - ok
15:59:10.0503 0x17d4 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:59:10.0548 0x17d4 RdpVideoMiniport - ok
15:59:10.0589 0x17d4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:59:10.0645 0x17d4 RDPWD - ok
15:59:10.0666 0x17d4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:59:10.0676 0x17d4 rdyboost - ok
15:59:10.0696 0x17d4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:59:10.0735 0x17d4 RemoteAccess - ok
15:59:10.0776 0x17d4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:59:10.0818 0x17d4 RemoteRegistry - ok
15:59:10.0837 0x17d4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:59:10.0859 0x17d4 RpcEptMapper - ok
15:59:10.0876 0x17d4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
15:59:10.0904 0x17d4 RpcLocator - ok
15:59:10.0938 0x17d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
15:59:10.0971 0x17d4 RpcSs - ok
15:59:10.0980 0x17d4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:59:11.0014 0x17d4 rspndr - ok
15:59:11.0040 0x17d4 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:59:11.0047 0x17d4 s3cap - ok
15:59:11.0064 0x17d4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs C:\Windows\system32\lsass.exe
15:59:11.0071 0x17d4 SamSs - ok
15:59:11.0084 0x17d4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:59:11.0093 0x17d4 sbp2port - ok
15:59:11.0109 0x17d4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:59:11.0132 0x17d4 SCardSvr - ok
15:59:11.0137 0x17d4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:59:11.0175 0x17d4 scfilter - ok
15:59:11.0211 0x17d4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
15:59:11.0271 0x17d4 Schedule - ok
15:59:11.0296 0x17d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:59:11.0316 0x17d4 SCPolicySvc - ok
15:59:11.0329 0x17d4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:59:11.0374 0x17d4 SDRSVC - ok
15:59:11.0384 0x17d4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:59:11.0423 0x17d4 secdrv - ok
15:59:11.0448 0x17d4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
15:59:11.0468 0x17d4 seclogon - ok
15:59:11.0479 0x17d4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
15:59:11.0519 0x17d4 SENS - ok
15:59:11.0522 0x17d4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:59:11.0551 0x17d4 SensrSvc - ok
15:59:11.0571 0x17d4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:59:11.0586 0x17d4 Serenum - ok
15:59:11.0601 0x17d4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:59:11.0633 0x17d4 Serial - ok
15:59:11.0653 0x17d4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:59:11.0664 0x17d4 sermouse - ok
15:59:11.0678 0x17d4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
15:59:11.0722 0x17d4 SessionEnv - ok
15:59:11.0738 0x17d4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:59:11.0748 0x17d4 sffdisk - ok
15:59:11.0758 0x17d4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:59:11.0768 0x17d4 sffp_mmc - ok
15:59:11.0779 0x17d4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:59:11.0805 0x17d4 sffp_sd - ok
15:59:11.0819 0x17d4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:59:11.0827 0x17d4 sfloppy - ok
15:59:11.0843 0x17d4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:59:11.0870 0x17d4 SharedAccess - ok
15:59:11.0882 0x17d4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:59:11.0909 0x17d4 ShellHWDetection - ok
15:59:11.0927 0x17d4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:59:11.0933 0x17d4 SiSRaid2 - ok
15:59:11.0949 0x17d4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:59:11.0956 0x17d4 SiSRaid4 - ok
15:59:12.0030 0x17d4 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:59:12.0050 0x17d4 SkypeUpdate - ok
15:59:12.0072 0x17d4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:59:12.0105 0x17d4 Smb - ok
15:59:12.0132 0x17d4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:59:12.0167 0x17d4 SNMPTRAP - ok
15:59:12.0184 0x17d4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
15:59:12.0193 0x17d4 spldr - ok
15:59:12.0229 0x17d4 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
15:59:12.0264 0x17d4 Spooler - ok
15:59:12.0325 0x17d4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
15:59:12.0420 0x17d4 sppsvc - ok
15:59:12.0459 0x17d4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:59:12.0481 0x17d4 sppuinotify - ok
15:59:12.0522 0x17d4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:59:12.0546 0x17d4 srv - ok
15:59:12.0562 0x17d4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:59:12.0592 0x17d4 srv2 - ok
15:59:12.0622 0x17d4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:59:12.0632 0x17d4 srvnet - ok
15:59:12.0643 0x17d4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:59:12.0682 0x17d4 SSDPSRV - ok
15:59:12.0707 0x17d4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:59:12.0728 0x17d4 SstpSvc - ok
15:59:12.0778 0x17d4 [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:59:12.0795 0x17d4 Steam Client Service - ok
15:59:12.0811 0x17d4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:59:12.0817 0x17d4 stexstor - ok
15:59:12.0845 0x17d4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
15:59:12.0887 0x17d4 stisvc - ok
15:59:12.0916 0x17d4 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:59:12.0923 0x17d4 storflt - ok
15:59:12.0944 0x17d4 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
15:59:12.0954 0x17d4 StorSvc - ok
15:59:12.0966 0x17d4 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:59:12.0972 0x17d4 storvsc - ok
15:59:12.0984 0x17d4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:59:12.0990 0x17d4 swenum - ok
15:59:13.0003 0x17d4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
15:59:13.0033 0x17d4 swprv - ok
15:59:13.0072 0x17d4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
15:59:13.0130 0x17d4 SysMain - ok
15:59:13.0154 0x17d4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:59:13.0166 0x17d4 TabletInputService - ok
15:59:13.0182 0x17d4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
15:59:13.0228 0x17d4 TapiSrv - ok
15:59:13.0247 0x17d4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
15:59:13.0268 0x17d4 TBS - ok
15:59:13.0346 0x17d4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:59:13.0382 0x17d4 Tcpip - ok
15:59:13.0424 0x17d4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:59:13.0455 0x17d4 TCPIP6 - ok
15:59:13.0492 0x17d4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:59:13.0507 0x17d4 tcpipreg - ok
15:59:13.0518 0x17d4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:59:13.0552 0x17d4 TDPIPE - ok
15:59:13.0579 0x17d4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:59:13.0592 0x17d4 TDTCP - ok
15:59:13.0605 0x17d4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:59:13.0640 0x17d4 tdx - ok
15:59:13.0649 0x17d4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:59:13.0656 0x17d4 TermDD - ok
15:59:13.0690 0x17d4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
15:59:13.0717 0x17d4 TermService - ok
15:59:13.0734 0x17d4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
15:59:13.0745 0x17d4 Themes - ok
15:59:13.0764 0x17d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
15:59:13.0785 0x17d4 THREADORDER - ok
15:59:13.0799 0x17d4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
15:59:13.0842 0x17d4 TrkWks - ok
15:59:13.0890 0x17d4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:59:13.0913 0x17d4 TrustedInstaller - ok
15:59:13.0937 0x17d4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:13.0965 0x17d4 tssecsrv - ok
15:59:13.0995 0x17d4 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:59:14.0013 0x17d4 TsUsbFlt - ok
15:59:14.0042 0x17d4 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:59:14.0083 0x17d4 TsUsbGD - ok
15:59:14.0100 0x17d4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:59:14.0152 0x17d4 tunnel - ok
15:59:14.0166 0x17d4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:59:14.0173 0x17d4 uagp35 - ok
15:59:14.0192 0x17d4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:59:14.0229 0x17d4 udfs - ok
15:59:14.0254 0x17d4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:59:14.0288 0x17d4 UI0Detect - ok
15:59:14.0311 0x17d4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:59:14.0326 0x17d4 uliagpkx - ok
15:59:14.0343 0x17d4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:59:14.0376 0x17d4 umbus - ok
15:59:14.0393 0x17d4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
15:59:14.0403 0x17d4 UmPass - ok
15:59:14.0431 0x17d4 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
15:59:14.0465 0x17d4 UmRdpService - ok
15:59:14.0568 0x17d4 [ E1A119AD21F5AFE22EB516C549306D3D, 48769D5E7A78B7A2C00F1F6798AC133CF3E0B2C76F71D3719BD741DDD8F2D229 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:59:14.0586 0x17d4 UNS - ok
15:59:14.0600 0x17d4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
15:59:14.0645 0x17d4 upnphost - ok
15:59:14.0705 0x17d4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:59:14.0757 0x17d4 usbaudio - ok
15:59:14.0774 0x17d4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:59:14.0797 0x17d4 usbccgp - ok
15:59:14.0828 0x17d4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:59:14.0873 0x17d4 usbcir - ok
15:59:14.0903 0x17d4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:59:14.0910 0x17d4 usbehci - ok
15:59:14.0923 0x17d4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:59:14.0955 0x17d4 usbhub - ok
15:59:14.0989 0x17d4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:59:14.0997 0x17d4 usbohci - ok
15:59:15.0008 0x17d4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:59:15.0037 0x17d4 usbprint - ok
15:59:15.0055 0x17d4 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:59:15.0065 0x17d4 USBSTOR - ok
15:59:15.0100 0x17d4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:59:15.0120 0x17d4 usbuhci - ok
15:59:15.0137 0x17d4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
15:59:15.0186 0x17d4 UxSms - ok
15:59:15.0206 0x17d4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc C:\Windows\system32\lsass.exe
15:59:15.0213 0x17d4 VaultSvc - ok
15:59:15.0220 0x17d4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:59:15.0227 0x17d4 vdrvroot - ok
15:59:15.0243 0x17d4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
15:59:15.0273 0x17d4 vds - ok
15:59:15.0287 0x17d4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:15.0299 0x17d4 vga - ok
15:59:15.0301 0x17d4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:59:15.0336 0x17d4 VgaSave - ok
15:59:15.0353 0x17d4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:59:15.0362 0x17d4 vhdmp - ok
15:59:15.0425 0x17d4 [ 3CCC0D9607419AC28B4216C18F6FA5E9, D51049B48EAC426C78C0651630BE6995E78E3E0E045AA4A8C7285A9941BF22A3 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
15:59:15.0478 0x17d4 VIAHdAudAddService - ok
15:59:15.0507 0x17d4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
15:59:15.0513 0x17d4 viaide - ok
15:59:15.0525 0x17d4 [ 888450E821E7A66CB8A4E5B7A01BA5C5, 9D78E82F533D045CB47E4BF452C1BF3F5451A71171D7D11E744CFA03C154D242 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
15:59:15.0531 0x17d4 VIAKaraokeService - ok
15:59:15.0555 0x17d4 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:59:15.0564 0x17d4 vmbus - ok
15:59:15.0575 0x17d4 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:59:15.0583 0x17d4 VMBusHID - ok
15:59:15.0594 0x17d4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:59:15.0601 0x17d4 volmgr - ok
15:59:15.0613 0x17d4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:59:15.0624 0x17d4 volmgrx - ok
15:59:15.0633 0x17d4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:59:15.0644 0x17d4 volsnap - ok
15:59:15.0669 0x17d4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:59:15.0677 0x17d4 vsmraid - ok
15:59:15.0750 0x17d4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
15:59:15.0818 0x17d4 VSS - ok
15:59:15.0841 0x17d4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:59:15.0871 0x17d4 vwifibus - ok
15:59:15.0911 0x17d4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
15:59:15.0938 0x17d4 W32Time - ok
15:59:15.0952 0x17d4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:59:15.0961 0x17d4 WacomPen - ok
15:59:15.0970 0x17d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:59:16.0007 0x17d4 WANARP - ok
15:59:16.0011 0x17d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:59:16.0031 0x17d4 Wanarpv6 - ok
15:59:16.0077 0x17d4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
15:59:16.0121 0x17d4 wbengine - ok
15:59:16.0130 0x17d4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:59:16.0144 0x17d4 WbioSrvc - ok
15:59:16.0159 0x17d4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:59:16.0192 0x17d4 wcncsvc - ok
15:59:16.0195 0x17d4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:59:16.0222 0x17d4 WcsPlugInService - ok
15:59:16.0235 0x17d4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
15:59:16.0242 0x17d4 Wd - ok
15:59:16.0293 0x17d4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:59:16.0319 0x17d4 Wdf01000 - ok
15:59:16.0333 0x17d4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:59:16.0410 0x17d4 WdiServiceHost - ok
15:59:16.0415 0x17d4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:59:16.0432 0x17d4 WdiSystemHost - ok
15:59:16.0467 0x17d4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
15:59:16.0495 0x17d4 WebClient - ok
15:59:16.0501 0x17d4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:59:16.0532 0x17d4 Wecsvc - ok
15:59:16.0552 0x17d4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:59:16.0574 0x17d4 wercplsupport - ok
15:59:16.0581 0x17d4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
15:59:16.0602 0x17d4 WerSvc - ok
15:59:16.0614 0x17d4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:59:16.0634 0x17d4 WfpLwf - ok
15:59:16.0647 0x17d4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:59:16.0653 0x17d4 WIMMount - ok
15:59:16.0672 0x17d4 WinDefend - ok
15:59:16.0675 0x17d4 WinHttpAutoProxySvc - ok
15:59:16.0716 0x17d4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:59:16.0773 0x17d4 Winmgmt - ok
15:59:16.0826 0x17d4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
15:59:16.0896 0x17d4 WinRM - ok
15:59:16.0959 0x17d4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:59:16.0969 0x17d4 WinUsb - ok
15:59:17.0000 0x17d4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:59:17.0041 0x17d4 Wlansvc - ok
15:59:17.0059 0x17d4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:59:17.0067 0x17d4 WmiAcpi - ok
15:59:17.0084 0x17d4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:59:17.0108 0x17d4 wmiApSrv - ok
15:59:17.0129 0x17d4 WMPNetworkSvc - ok
15:59:17.0136 0x17d4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:59:17.0151 0x17d4 WPCSvc - ok
15:59:17.0160 0x17d4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:59:17.0181 0x17d4 WPDBusEnum - ok
15:59:17.0187 0x17d4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:59:17.0226 0x17d4 ws2ifsl - ok
15:59:17.0230 0x17d4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
15:59:17.0248 0x17d4 wscsvc - ok
15:59:17.0250 0x17d4 WSearch - ok
15:59:17.0319 0x17d4 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
15:59:17.0382 0x17d4 wuauserv - ok
15:59:17.0411 0x17d4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:59:17.0432 0x17d4 WudfPf - ok
15:59:17.0466 0x17d4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:17.0496 0x17d4 WUDFRd - ok
15:59:17.0531 0x17d4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:59:17.0562 0x17d4 wudfsvc - ok
15:59:17.0602 0x17d4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
15:59:17.0654 0x17d4 WwanSvc - ok
15:59:17.0727 0x17d4 [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
15:59:17.0780 0x17d4 xnacc - ok
15:59:17.0832 0x17d4 [ 2C6BC21B2D5B58D8B1D638C1704CB494, 0AABCEB627E274E338DDD9BA664BAA128D7C00AF04C95C776C2AFFA6BB17F680 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
15:59:17.0843 0x17d4 xusb21 - ok
15:59:17.0846 0x17d4 ================ Scan global ===============================
15:59:17.0861 0x17d4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:59:17.0903 0x17d4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:59:17.0919 0x17d4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:59:17.0942 0x17d4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:59:17.0967 0x17d4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:59:17.0978 0x17d4 [ Global ] - ok
15:59:17.0978 0x17d4 ================ Scan MBR ==================================
15:59:17.0992 0x17d4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:59:18.0178 0x17d4 \Device\Harddisk0\DR0 - ok
15:59:18.0178 0x17d4 ================ Scan VBR ==================================
15:59:18.0205 0x17d4 [ 1DA35835AA6A65036E9D67D0BCA0C410 ] \Device\Harddisk0\DR0\Partition1
15:59:18.0250 0x17d4 \Device\Harddisk0\DR0\Partition1 - ok
15:59:18.0253 0x17d4 [ 7A44738D7B51F0D2876C7734B5C1C538 ] \Device\Harddisk0\DR0\Partition2
15:59:18.0287 0x17d4 \Device\Harddisk0\DR0\Partition2 - ok
15:59:18.0288 0x17d4 ================ Scan generic autorun ======================
15:59:18.0451 0x17d4 [ EB02DAC756DEF2FADB8B63933473006C, 2590C6E5AE69FA29A91347C2D41FD940B984A8A2B8AD4F1B90FF4F107E7DDA7C ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
15:59:18.0527 0x17d4 HDAudDeck - ok
15:59:18.0581 0x17d4 [ A005676B30AEB3C7703C317D992B193A, 446155F3AB94BF33DB91E7C2C1EED57ED449D82710BFC96DFA07DBA1D346399E ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
15:59:18.0595 0x17d4 USB3MON - ok
15:59:18.0683 0x17d4 [ 23DFBFC713C67C9A33D8171CF130C71F, F270A7E61D9C6F6663BE2B2C125812DB41533792DA60E30C764D6BCB665E4083 ] C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
15:59:18.0778 0x17d4 EsternTimesMouseExRun - detected UnsignedFile.Multi.Generic ( 1 )
15:59:21.0365 0x17d4 EsternTimesMouseExRun ( UnsignedFile.Multi.Generic ) - warning
15:59:23.0791 0x17d4 [ 7C73B5C50CAEDB1771A049142026906B, A4992339D71A9297963C70616C4124BD701E46AEE439E09C392C2B2EBAE624E6 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
15:59:23.0815 0x17d4 StartCCC - ok
15:59:23.0857 0x17d4 [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
15:59:23.0873 0x17d4 avgnt - ok
15:59:23.0898 0x17d4 [ 9FC37280F3693413D14CB7DEC890257B, BBFAE8669FEB63CDFD7AEBD180B74F84A2DD4D8685B9DFAE9EDE52FF1497113A ] C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe
15:59:23.0929 0x17d4 Dare-U mouse - detected UnsignedFile.Multi.Generic ( 1 )
15:59:26.0455 0x17d4 Dare-U mouse ( UnsignedFile.Multi.Generic ) - warning
15:59:28.0863 0x17d4 [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
15:59:28.0876 0x17d4 Avira Systray - ok
15:59:28.0899 0x17d4 [ 6A188ECFCA5A2A6F41CA145FC93F96A6, 48D70FAA4C4F6F1F6542E2C54085857CE6906A69C0412E8A08BF69010FDF07CF ] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
15:59:28.0920 0x17d4 EasyTuneVI - detected UnsignedFile.Multi.Generic ( 1 )
15:59:31.0340 0x17d4 Detect skipped due to KSN trusted
15:59:31.0340 0x17d4 EasyTuneVI - ok
15:59:31.0410 0x17d4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:59:31.0473 0x17d4 Sidebar - ok
15:59:31.0491 0x17d4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:59:31.0515 0x17d4 mctadmin - ok
15:59:31.0534 0x17d4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:59:31.0560 0x17d4 Sidebar - ok
15:59:31.0564 0x17d4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:59:31.0575 0x17d4 mctadmin - ok
15:59:31.0682 0x17d4 [ 77F425FD2051D4CE8F32B21A76190EDD, AA1778E87CBEA1B7900E3423DA7E778FDC9133896362646927B4A59086600DDD ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_Plugin.exe
15:59:31.0708 0x17d4 FlashPlayerUpdate - ok
15:59:31.0709 0x17d4 Waiting for KSN requests completion. In queue: 6
15:59:32.0709 0x17d4 Waiting for KSN requests completion. In queue: 6
15:59:33.0709 0x17d4 Waiting for KSN requests completion. In queue: 5
15:59:34.0823 0x17d4 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x41000 ( enabled : updated )
15:59:34.0851 0x17d4 Win FW state via NFP2: enabled
15:59:37.0201 0x17d4 ============================================================
15:59:37.0201 0x17d4 Scan finished
15:59:37.0201 0x17d4 ============================================================
15:59:37.0212 0x1cd0 Detected object count: 2
15:59:37.0212 0x1cd0 Actual detected object count: 2
16:03:21.0103 0x1cd0 EsternTimesMouseExRun ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0103 0x1cd0 EsternTimesMouseExRun ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:21.0104 0x1cd0 Dare-U mouse ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0104 0x1cd0 Dare-U mouse ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:04:17.0609 0x2504 Deinitialize success
|
|
07.05.2015, 07:15
| #8 |
| /// the machine /// TB-Ausbilder | Unerwünschte automatische Aktivität durch Aufruf einer Webseite Passt Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.05.2015, 11:22
| #9 |
| | ComboFix So sieht der ComboFix-Log aus: Code:
ATTFilter ComboFix 15-05-07.01 - Fabian 07.05.2015 11:54:00.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8150.6585 [GMT 2:00]
ausgeführt von:: c:\users\Fabian\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fabian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Fabian\Favorites\bookmarks-2011-12-31.json
c:\users\Fabian\Favorites\bookmarks.html
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-04-07 bis 2015-05-07 ))))))))))))))))))))))))))))))
.
.
2015-05-06 11:12 . 2015-05-06 11:12 -------- d-----w- c:\programdata\Malwarebytes
2015-05-06 11:12 . 2015-05-06 11:21 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-06 11:12 . 2015-05-06 11:12 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-06 11:11 . 2015-05-06 11:11 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-05 21:10 . 2015-05-05 21:13 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-07 09:59 . 2013-06-16 18:03 25640 ----a-w- c:\windows\gdrv.sys
2015-05-05 10:08 . 2013-09-15 09:46 152744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-05-05 10:08 . 2013-09-15 09:46 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-04-09 11:35 . 2013-06-16 18:04 30528 ----a-w- c:\windows\GVTDrv64.sys
2015-04-03 13:32 . 2013-06-20 15:47 25640 ----a-w- c:\windows\etdrv.sys
2015-03-20 21:19 . 2013-08-16 23:21 348672 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-03-20 21:19 . 2013-08-16 22:56 348672 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-03-20 21:15 . 2013-08-16 22:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-03-18 12:24 . 2013-06-16 20:29 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-18 12:24 . 2013-06-16 20:29 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-05 13:17 . 2013-09-15 09:46 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"EsternTimesMouseExRun"="c:\program files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe" [2013-04-23 3351040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-05 728312]
"Dare-U mouse"="c:\program files (x86)\Gaming Mouse\DareUMonitor.exe" [2012-08-21 786432]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R4 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.69.103.78 80.69.102.158
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,d1,12,1d,35,16,ec,34,bd,9b,29,33,56,db,45,ba,22,1f,a4,c0,64,
17,cd,4f,9a,6e,b1,3f,79,a7,6e,bd,b3,f3,17,fa,b4,58,49,fd,cc,5e,53,0a,2a,55,\
"rkeysecu"=hex:6b,21,4a,e0,20,c7,4b,44,01,43,c0,6d,2d,03,ef,d9
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-07 12:04:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-05-07 10:04
.
Vor Suchlauf: 12 Verzeichnis(se), 530.608.525.312 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 530.244.562.944 Bytes frei
.
- - End Of File - - F654DE16D21930C6FAF4092DAC3B382F
A36C5E4F47E84449FF07ED3517B43A31
(hatte sowas bisher noch nie)  Ob das Löschen der Dateien wohl die Probleme beseitigt haben kann? |
|
08.05.2015, 08:51
| #10 |
| /// the machine /// TB-Ausbilder | Unerwünschte automatische Aktivität durch Aufruf einer Webseite Logg dich bei Amazaon normal ein, wenn dort keine Meldung kommt dieser Art ist die Mail Fake und einfach zu löschen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.05.2015, 10:59
| #11 |
| | mbam | AdwCleaner | JRT mbam hat ein paar Sachen rausgeworfen, die anderen Programme haben nichts weiter gefunden. mbam-Log: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.05.2015 Suchlauf-Zeit: 11:12:32 Logdatei: mbamlog.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.08.02 Rootkit Datenbank: v2015.04.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Fabian Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 394893 Verstrichene Zeit: 8 Min, 31 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 1 PUP.Optional.Binkiland.A, HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\Binkiland Browser, In Quarantäne, [c07288095f2b9c9a5fb6f96538cd14ec], Registrierungswerte: 9 PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=, In Quarantäne, [f53d91009febdd59d12491409c67e51b] PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=, In Quarantäne, [72c0eca5018943f3aa4b4d84847fdb25] PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Binkiland, In Quarantäne, [ab87dcb52c5e54e2777e706117ec10f0] PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Binkiland, In Quarantäne, [62d0e1b07d0dfc3afef79b3653b06a96] PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Binkiland\\, In Quarantäne, [f73b345df496e551838e537c38cb926e] PUP.Optional.Binkiland.A, HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=, In Quarantäne, [c66c1f72aedc41f552a4d9f8e02311ef] PUP.Optional.Binkiland.A, HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=, In Quarantäne, [f141c1d07c0e79bd8f671cb5897a8779] PUP.Optional.Binkiland.A, HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Binkiland, In Quarantäne, [38fa8e03f39746f02fc74f8208fbe41c] PUP.Optional.Binkiland.A, HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Binkiland, In Quarantäne, [42f0eba6e5a5d6609165a62b61a2a15f] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 08/05/2015 um 11:38:44
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-08.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Fabian - BEST-PC
# Gestarted von : C:\Users\Fabian\Desktop\AdwCleaner_4.203.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Program Files (x86)\DriverToolkit
Ordner Gelöscht : C:\Users\Fabian\AppData\Local\DriverToolkit
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\DriverToolkit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v37.0.2 (x86 de)
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [1471 Bytes] - [08/05/2015 11:37:28]
AdwCleaner[S0].txt - [1235 Bytes] - [08/05/2015 11:38:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1294 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.8 (05.06.2015:1)
OS: Windows 7 Professional x64
Ran by Fabian on 08.05.2015 at 11:43:52,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2015 at 11:45:42,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Eine Zwischenfrage für die Zukunft: Ist es generell ungefährlich, mit den bisherigen Programmen bloß zu scannen, soweit ich weitere Maßnahmen nur auf Nachfrage hin ergreife? (allein um zu schauen ob sich etwas auf dem PC finden lässt) Fast hätte ich das FRST-Log vergessen  FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Fabian (administrator) on BEST-PC on 08-05-2015 12:00:19
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available profiles: Fabian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3351040 2013-04-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dare-U mouse] => C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe [786432 2012-08-21] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-10] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-10] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158
FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3330181468-2195716113-3604754730-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: YouTube Unblocker - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\youtubeunblocker@unblocker.yt [2015-02-11]
FF Extension: Undo Closed Tabs Button - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2015-02-11]
FF Extension: Tab Notifier Free - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{1a94bb10-95a5-43e3-a933-808cd0a6e5fc}.xpi [2015-05-07]
FF Extension: {cfd61a71-5d8b-423c-99d3-cb9c245739be} - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{cfd61a71-5d8b-423c-99d3-cb9c245739be}.xpi [2015-03-18]
FF Extension: Adblock Plus - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-16] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-30] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-04-09] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-08 12:00 - 2015-05-08 12:00 - 00000000 ____D () C:\Users\Fabian\Desktop\FRST-OlderVersion
2015-05-08 11:57 - 2015-05-08 11:38 - 00001374 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S0].txt
2015-05-08 11:45 - 2015-05-08 11:45 - 00000601 _____ () C:\Users\Fabian\Desktop\JRT.txt
2015-05-08 11:44 - 2015-05-08 11:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BEST-PC-Windows-7-Professional-(64-bit).dat
2015-05-08 11:43 - 2015-05-08 11:43 - 00000000 ____D () C:\RegBackup
2015-05-08 11:37 - 2015-05-08 11:38 - 00000000 ____D () C:\AdwCleaner
2015-05-08 11:09 - 2015-05-08 11:09 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-08 11:09 - 2015-05-08 11:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-08 11:09 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-08 11:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-08 11:06 - 2015-05-08 11:06 - 02716843 _____ (Thisisu) C:\Users\Fabian\Desktop\JRT.exe
2015-05-08 11:05 - 2015-05-08 11:05 - 02204160 _____ () C:\Users\Fabian\Desktop\AdwCleaner_4.203.exe
2015-05-08 11:04 - 2015-05-08 11:05 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Fabian\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-07 12:04 - 2015-05-07 12:04 - 00014557 _____ () C:\Users\Fabian\Desktop\ComboFix.txt
2015-05-07 11:59 - 2015-05-08 11:35 - 00003056 _____ () C:\Windows\PFRO.log
2015-05-07 11:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-07 11:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-07 11:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-07 11:50 - 2015-05-07 12:04 - 00000000 ____D () C:\Qoobox
2015-05-07 11:50 - 2015-05-07 12:02 - 00000000 ____D () C:\Windows\erdnt
2015-05-07 11:45 - 2015-05-07 11:45 - 05621999 ____R (Swearware) C:\Users\Fabian\Desktop\ComboFix.exe
2015-05-06 13:12 - 2015-05-08 11:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 13:12 - 2015-05-08 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-06 13:12 - 2015-05-06 13:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-06 13:11 - 2015-05-06 13:21 - 00000000 ____D () C:\Users\Fabian\Desktop\mbar
2015-05-06 13:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-06 12:21 - 2015-05-06 12:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Fabian\Desktop\tdsskiller.exe
2015-05-06 01:18 - 2015-05-06 01:18 - 00026429 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2015-05-05 23:11 - 2015-05-05 23:13 - 00056342 _____ () C:\Users\Fabian\Desktop\Addition.txt
2015-05-05 23:10 - 2015-05-08 12:00 - 00013569 _____ () C:\Users\Fabian\Desktop\FRST.txt
2015-05-05 23:10 - 2015-05-08 12:00 - 00000000 ____D () C:\FRST
2015-05-05 23:09 - 2015-05-08 12:00 - 02102272 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2015-04-24 11:15 - 2015-04-24 11:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 16:22 - 2015-05-04 12:39 - 00001522 _____ () C:\Users\Fabian\Desktop\Weiterkommen (Mitte April 2015).txt
2015-04-21 13:08 - 2015-05-03 15:50 - 00000000 ____D () C:\Users\Fabian\Desktop\soziale Modelle und sonstiges
2015-04-20 23:39 - 2015-05-02 21:36 - 00000313 _____ () C:\Users\Fabian\Desktop\Fahrt nach Köln.txt
2015-04-19 13:38 - 2015-04-19 13:40 - 00000249 _____ () C:\Users\Fabian\Desktop\Bewerbungsgestaltung und -inhaltsideen - Soziale Arbeit (Hochschule).txt
2015-04-19 13:27 - 2015-04-19 13:27 - 00001425 _____ () C:\Users\Fabian\Desktop\Bewerbung - 3. Seite Motivationsschreiben.lnk
2015-04-19 13:15 - 2015-04-21 16:22 - 00000325 _____ () C:\Users\Fabian\Desktop\Köln - wer hat wann Zeit.txt
2015-04-19 12:15 - 2015-04-19 12:24 - 00000188 _____ () C:\Users\Fabian\Desktop\Hochschul- Besichtigungen.txt
2015-04-19 12:15 - 2015-04-19 12:15 - 00000061 _____ () C:\Users\Fabian\Desktop\Hochschul- Bewerbungsfristen.txt
2015-04-19 00:10 - 2015-05-06 22:27 - 00000000 ____D () C:\Users\Fabian\Desktop\meine Ernährung
2015-04-17 14:56 - 2015-04-17 14:57 - 00000000 ____D () C:\Users\Fabian\Downloads\KnAuszüge
2015-04-17 00:05 - 2015-05-06 12:19 - 00000000 ____D () C:\Users\Fabian\Desktop\Bewerbungskram
2015-04-14 12:51 - 2015-04-28 22:44 - 00000158 _____ () C:\Users\Fabian\Desktop\Girokonto-Banken (empfohlene).txt
2015-04-13 16:40 - 2015-04-14 23:00 - 00001269 _____ () C:\Users\Fabian\Desktop\Finanzieller Bedarf (mein).txt
2015-04-12 01:05 - 2015-05-08 11:46 - 00001736 _____ () C:\Windows\setupact.log
2015-04-12 01:05 - 2015-04-12 01:05 - 00000000 _____ () C:\Windows\setuperr.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-08 11:54 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 11:54 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 11:51 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-05-08 11:51 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-05-08 11:51 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 11:46 - 2013-06-17 01:14 - 01146693 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 11:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-08 11:00 - 2013-06-23 16:22 - 00000000 ____D () C:\Users\Fabian\Documents\Outlook-Dateien
2015-05-08 10:57 - 2014-08-19 15:36 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Adobe
2015-05-07 12:26 - 2013-06-16 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-07 12:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-07 11:59 - 2013-06-16 20:03 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-05-07 11:59 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-07 01:21 - 2015-03-17 18:57 - 00000330 _____ () C:\Users\Fabian\Desktop\Ordnungssystem - einzelne Themen.txt
2015-05-06 01:19 - 2014-03-26 23:51 - 00000000 ____D () C:\Users\Fabian\.gimp-2.8
2015-05-06 01:17 - 2014-03-26 23:56 - 00000000 ____D () C:\Users\Fabian\AppData\Local\gtk-2.0
2015-05-05 12:10 - 2015-03-05 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 12:08 - 2013-09-15 11:46 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 12:08 - 2013-09-15 11:46 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-20 12:21 - 2012-01-02 00:12 - 00000000 ____D () C:\Users\Fabian\Documents\Archiv
2015-04-10 13:35 - 2014-03-22 02:43 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 13:35 - 2013-09-15 11:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 13:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-09 13:35 - 2013-06-16 20:04 - 00030528 _____ () C:\Windows\GVTDrv64.sys
==================== Files in the root of some directories =======
2015-05-06 01:18 - 2015-05-06 01:18 - 0026429 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2014-11-10 13:20 - 2015-03-06 00:53 - 0007597 _____ () C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
C:\Users\Fabian\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-06 14:15
==================== End Of Log ============================
Geändert von ThomasLanger (08.05.2015 um 11:03 Uhr) Grund: nachträglich: frisches FRST log |
|
09.05.2015, 08:10
| #12 |
| /// the machine /// TB-Ausbilder | Unerwünschte automatische Aktivität durch Aufruf einer WebseiteESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.05.2015, 15:21
| #13 |
| | ESET | SecurityCheck | frisches FRST-Log Keine neuen Funde. ESET-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dc34d7da2d7f8f4a8a4c9bc6a38cd4b3
# engine=23777
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-10 01:55:23
# local_time=2015-05-10 03:55:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 52028784 182895973 0 0
# scanned=445498
# found=0
# cleaned=0
# scan_time=5841
Code:
ATTFilter Results of screen317's Security Check version 1.001
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 67
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.134
Adobe Reader XI
Mozilla Firefox (37.0.2)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Fabian (administrator) on BEST-PC on 10-05-2015 16:03:56
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available profiles: Fabian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3351040 2013-04-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dare-U mouse] => C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe [786432 2012-08-21] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-10] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-10] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158
FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3330181468-2195716113-3604754730-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: YouTube Unblocker - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\youtubeunblocker@unblocker.yt [2015-02-11]
FF Extension: Undo Closed Tabs Button - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2015-02-11]
FF Extension: Tab Notifier Free - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{1a94bb10-95a5-43e3-a933-808cd0a6e5fc}.xpi [2015-05-07]
FF Extension: {cfd61a71-5d8b-423c-99d3-cb9c245739be} - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{cfd61a71-5d8b-423c-99d3-cb9c245739be}.xpi [2015-03-18]
FF Extension: Adblock Plus - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-16] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-30] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-04-09] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-10 16:03 - 2015-05-10 16:03 - 00000000 ____D () C:\Users\Fabian\Desktop\FRST-OlderVersion
2015-05-10 16:02 - 2015-05-10 16:02 - 00000843 _____ () C:\Users\Fabian\Desktop\checkup.txt
2015-05-10 14:15 - 2015-05-10 14:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-09 22:53 - 2015-05-09 22:53 - 00852630 _____ () C:\Users\Fabian\Desktop\SecurityCheck.exe
2015-05-09 22:52 - 2015-05-09 22:52 - 02347384 _____ (ESET) C:\Users\Fabian\Desktop\esetsmartinstaller_deu.exe
2015-05-08 11:57 - 2015-05-08 11:38 - 00001374 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S0].txt
2015-05-08 11:45 - 2015-05-08 11:45 - 00000601 _____ () C:\Users\Fabian\Desktop\JRT.txt
2015-05-08 11:44 - 2015-05-08 11:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BEST-PC-Windows-7-Professional-(64-bit).dat
2015-05-08 11:43 - 2015-05-08 11:43 - 00000000 ____D () C:\RegBackup
2015-05-08 11:37 - 2015-05-08 11:38 - 00000000 ____D () C:\AdwCleaner
2015-05-08 11:09 - 2015-05-08 11:09 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-08 11:09 - 2015-05-08 11:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-08 11:09 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-08 11:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-08 11:06 - 2015-05-08 11:06 - 02716843 _____ (Thisisu) C:\Users\Fabian\Desktop\JRT.exe
2015-05-08 11:05 - 2015-05-08 11:05 - 02204160 _____ () C:\Users\Fabian\Desktop\AdwCleaner_4.203.exe
2015-05-07 12:04 - 2015-05-07 12:04 - 00014557 _____ () C:\Users\Fabian\Desktop\ComboFix.txt
2015-05-07 11:59 - 2015-05-08 11:35 - 00003056 _____ () C:\Windows\PFRO.log
2015-05-07 11:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-07 11:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-07 11:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-07 11:50 - 2015-05-07 12:04 - 00000000 ____D () C:\Qoobox
2015-05-07 11:50 - 2015-05-07 12:02 - 00000000 ____D () C:\Windows\erdnt
2015-05-07 11:45 - 2015-05-07 11:45 - 05621999 ____R (Swearware) C:\Users\Fabian\Desktop\ComboFix.exe
2015-05-06 13:12 - 2015-05-08 11:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 13:12 - 2015-05-08 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-06 13:12 - 2015-05-06 13:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-06 13:11 - 2015-05-06 13:21 - 00000000 ____D () C:\Users\Fabian\Desktop\mbar
2015-05-06 13:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-06 12:21 - 2015-05-06 12:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Fabian\Desktop\tdsskiller.exe
2015-05-06 01:18 - 2015-05-06 01:18 - 00026429 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2015-05-05 23:11 - 2015-05-05 23:13 - 00056342 _____ () C:\Users\Fabian\Desktop\Addition.txt
2015-05-05 23:10 - 2015-05-10 16:03 - 00013851 _____ () C:\Users\Fabian\Desktop\FRST.txt
2015-05-05 23:10 - 2015-05-10 16:03 - 00000000 ____D () C:\FRST
2015-05-05 23:09 - 2015-05-10 16:03 - 02102784 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2015-04-24 11:15 - 2015-04-24 11:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 16:22 - 2015-05-04 12:39 - 00001522 _____ () C:\Users\Fabian\Desktop\Weiterkommen (Mitte April 2015).txt
2015-04-21 13:08 - 2015-05-03 15:50 - 00000000 ____D () C:\Users\Fabian\Desktop\soziale Modelle und sonstiges
2015-04-20 23:39 - 2015-05-02 21:36 - 00000313 _____ () C:\Users\Fabian\Desktop\Fahrt nach Köln.txt
2015-04-19 13:38 - 2015-04-19 13:40 - 00000249 _____ () C:\Users\Fabian\Desktop\Bewerbungsgestaltung und -inhaltsideen - Soziale Arbeit (Hochschule).txt
2015-04-19 13:27 - 2015-04-19 13:27 - 00001425 _____ () C:\Users\Fabian\Desktop\Bewerbung - 3. Seite Motivationsschreiben.lnk
2015-04-19 13:15 - 2015-04-21 16:22 - 00000325 _____ () C:\Users\Fabian\Desktop\Köln - wer hat wann Zeit.txt
2015-04-19 12:15 - 2015-04-19 12:24 - 00000188 _____ () C:\Users\Fabian\Desktop\Hochschul- Besichtigungen.txt
2015-04-19 12:15 - 2015-04-19 12:15 - 00000061 _____ () C:\Users\Fabian\Desktop\Hochschul- Bewerbungsfristen.txt
2015-04-19 00:10 - 2015-05-06 22:27 - 00000000 ____D () C:\Users\Fabian\Desktop\meine Ernährung
2015-04-17 14:56 - 2015-04-17 14:57 - 00000000 ____D () C:\Users\Fabian\Downloads\KnAuszüge
2015-04-17 00:05 - 2015-05-08 17:29 - 00000000 ____D () C:\Users\Fabian\Desktop\Bewerbungskram
2015-04-14 12:51 - 2015-04-28 22:44 - 00000158 _____ () C:\Users\Fabian\Desktop\Girokonto-Banken (empfohlene).txt
2015-04-13 16:40 - 2015-04-14 23:00 - 00001269 _____ () C:\Users\Fabian\Desktop\Finanzieller Bedarf (mein).txt
2015-04-12 01:05 - 2015-05-08 11:46 - 00001736 _____ () C:\Windows\setupact.log
2015-04-12 01:05 - 2015-04-12 01:05 - 00000000 _____ () C:\Windows\setuperr.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-10 14:16 - 2014-08-19 15:36 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Adobe
2015-05-10 14:07 - 2013-06-23 16:22 - 00000000 ____D () C:\Users\Fabian\Documents\Outlook-Dateien
2015-05-10 14:07 - 2013-06-17 01:14 - 01148628 _____ () C:\Windows\WindowsUpdate.log
2015-05-09 22:51 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-05-09 22:51 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-05-09 22:51 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 11:54 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 11:54 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 11:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-07 12:26 - 2013-06-16 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-07 12:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-07 11:59 - 2013-06-16 20:03 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-05-07 11:59 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-07 01:21 - 2015-03-17 18:57 - 00000330 _____ () C:\Users\Fabian\Desktop\Ordnungssystem - einzelne Themen.txt
2015-05-06 01:19 - 2014-03-26 23:51 - 00000000 ____D () C:\Users\Fabian\.gimp-2.8
2015-05-06 01:17 - 2014-03-26 23:56 - 00000000 ____D () C:\Users\Fabian\AppData\Local\gtk-2.0
2015-05-05 12:10 - 2015-03-05 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 12:08 - 2013-09-15 11:46 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 12:08 - 2013-09-15 11:46 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-20 12:21 - 2012-01-02 00:12 - 00000000 ____D () C:\Users\Fabian\Documents\Archiv
2015-04-10 13:35 - 2014-03-22 02:43 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 13:35 - 2013-09-15 11:46 - 00000000 ____D () C:\Program Files (x86)\Avira
==================== Files in the root of some directories =======
2015-05-06 01:18 - 2015-05-06 01:18 - 0026429 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2014-11-10 13:20 - 2015-03-06 00:53 - 0007597 _____ () C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
C:\Users\Fabian\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-06 14:15
==================== End Of Log ============================
--- --- --- Probleme habe ich keine mehr mit dem Rechner. Ist die Operation damit beendet?  Eine Frage für die Zukunft wäre noch offen: Ist es generell ungefährlich, mit den bisherigen Programmen bloß zu scannen, soweit ich weitere Maßnahmen nur auf Nachfrage hin ergreife? (allein um zu schauen ob sich etwas auf dem PC finden lässt) Freundlichen Gruß |
|
11.05.2015, 09:43
| #14 |
| /// the machine /// TB-Ausbilder | Unerwünschte automatische Aktivität durch Aufruf einer Webseite AdwCleaner und MBAM kann man schon mal benutzen Java updaten. Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.05.2015, 12:14
| #15 |
| | Danke! Super, vielen Dank für die Hilfe! |
|
| Themen zu Unerwünschte automatische Aktivität durch Aufruf einer Webseite |
| antivir, appdata, aufruf, automatische, bildschirm, cpu-auslastung, dateien, design, gelöscht, gen, kleines, link, links, neue, neuen, nichts, offen, ordner, prozesse, rechner, seite, tab, temp, unerwünschte aktivität, viele prozesse, win |
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
