| |
| |||||||
Log-Analyse und Auswertung: Datenleck Aufsprüfen PC1Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.06.2015, 15:21
| #1 |
 |  Datenleck Aufsprüfen PC1 Vor kurzem sind mir Zugangsdaten für einige Dienste und konnten abhanden gekommen. Aufgefallen ist die erst nach Missbrauch. Die Kennwörter waren niemandem bekannt und auch nirgends niedergeschrieben oder in jedweder Form gespeichert. Nun möchte ich beide Geräte überprüfen an dem die Kennwörter eingegeben wurden. PC1 - Laptop mit Win 8 Grundsätzlich mit gratisvariante von Avira geschützt. Nun Mit der neusten Desinfect aus der aktuellen CT gescannt. Außerdem defogger, FRST und Gmaer ausgeführt. - Gmer hat 2 Fehlermeldungen ausgegeben: -- Beim Start: C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen,da sie von einem anderen Prozess verwendet wird. --- Während des Scans: C:\Users\Profilname\ntuser.dat  er Prozess kann nicht auf die Datei zugreifen,da sie von einem anderen Prozess verwendet wird. Logs stehen am Ende des Beitrags: Username und Gerätename wurden durch "Profilname" ersetzt. Ich hoffe das zumindest dieses System sauber ist  Additions.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Profilname at 2015-06-20 15:05:03
Running from C:\Users\Profilname\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1767951355-1007739754-1276474970-500 - Administrator - Disabled)
Profilname (S-1-5-21-1767951355-1007739754-1276474970-1001 - Administrator - Enabled) => C:\Users\Profilname
Gast (S-1-5-21-1767951355-1007739754-1276474970-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1767951355-1007739754-1276474970-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ASUS Gaming Center (HKLM-x32\...\{23C8A788-4790-4F3C-B103-0ACC7D9DC5BE}) (Version: 1.0.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS ROG MacroKey (HKLM-x32\...\{348022C5-F497-4333-AFEE-208F22F169F2}_is1) (Version: 1.0.0.28 - G-spy Co., Ltd)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Command and Conquer 3: Kane's Wrath (HKLM-x32\...\Steam App 24810) (Version: - EA Los Angeles)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: - Arkane Studios)
ETDWare PS/2-X64 11.5.13.9_WHQL (HKLM\...\Elantech) (Version: 11.5.13.9 - ELAN Microelectronic Corp.)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.1 - Genesys Logic)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version: - Kojima Productions)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
NVIDIA 3D Vision Treiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
ROG Game First III (HKLM-x32\...\{0C6E32E1-31D9-49F1-B67F-2941994002D5}) (Version: 1.00.16 - ASUSTeK Computer Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.21 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version: - Digital Extremes)
Thief (HKLM-x32\...\Steam App 239160) (Version: - Eidos-Montréal)
Thunderbolt(TM) Software (HKLM\...\{BED2816F-D47A-41DA-AFCF-44E1B257C368}) (Version: 2.0.4.250 - Intel(R) Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
02-06-2015 20:35:43 Windows Update
09-06-2015 18:46:46 DirectX wurde installiert
12-06-2015 20:44:10 Windows Update
14-06-2015 23:07:16 DirectX wurde installiert
20-06-2015 00:08:37 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
20-06-2015 00:08:43 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01C7EE9E-1BBF-46F7-8EA7-5E508E266D92} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {291F8F6C-4BFA-4188-8A65-083E53BFCE7C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {30CD5939-AB9C-4E22-BE04-E2BD7158966C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {30D21188-AF49-4210-AA6D-E8ECB03F09A1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {36E27157-D0DB-4D2D-A708-3BCE4417161E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)
Task: {3757EC25-6E4D-46F5-A2F5-962EFDF11FC1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {3E5664C4-F665-49A0-8AE8-1CC3AC846188} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-09-02] (Realtek Semiconductor)
Task: {42CB133E-01A6-4BB3-8207-E0FB06CFD4C8} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {6409079B-DC70-42B8-B01B-BFD447376CE0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {72F6E40D-EF13-4ADF-96DC-660ED254B473} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {787779D4-423C-409A-81D9-123EC6A67CB2} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-26] ()
Task: {7AF32167-5D43-4498-9862-3B781A27856A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {82A023AF-8AE5-4717-9208-2C53E3C1AF0F} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {83149969-7C36-4AA0-BD4F-77CBDE97E67E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {835539E3-2F2A-46BB-AE2C-B7E041FA85F7} - System32\Tasks\Gaming Center => C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe [2014-04-30] (ASUSTek Computer Inc.)
Task: {86ED87FF-E8C6-42E9-903F-FD1521D1C45E} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-01] (Realtek Semiconductor)
Task: {B033B55F-17F8-4786-9FC4-9C4ECDC323E9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B5D1CF05-89A1-4BE7-9E32-26C48826A203} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {C1A852A0-00A1-4611-80D9-5BFFC33549A5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-12] (Microsoft Corporation)
Task: {DC901DAE-FFBB-4E14-A3E3-44AD2F9F5DCC} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {DE205064-DE19-4CF0-A20E-98923DDF0F3A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {E83319F4-0215-42E0-AED0-D9DD3596DD97} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-07-09] (ASUSTek Computer Inc.)
Task: {F8CD0730-BF8B-42B1-B35D-5FFCDCF2B227} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {FE8E8F37-1850-452D-94F5-F7D0ADB73A2B} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {FFD6988B-22A3-42F7-B8BF-AD353D28FC7B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
==================== Loaded Modules (Whitelisted) ==============
2014-12-11 04:21 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-05-25 19:42 - 2015-05-25 19:42 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-11 04:31 - 2013-05-15 16:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2014-12-11 04:29 - 2014-02-26 05:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2014-06-03 22:01 - 2014-06-03 22:01 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 01007104 _____ () C:\Spiele\Origin\platforms\qwindows.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00023552 _____ () C:\Spiele\Origin\imageformats\qgif.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00024576 _____ () C:\Spiele\Origin\imageformats\qico.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00216576 _____ () C:\Spiele\Origin\imageformats\qjpeg.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00261120 _____ () C:\Spiele\Origin\imageformats\qmng.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00019456 _____ () C:\Spiele\Origin\imageformats\qtga.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00337408 _____ () C:\Spiele\Origin\imageformats\qtiff.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00018944 _____ () C:\Spiele\Origin\imageformats\qwbmp.dll
2014-12-11 04:25 - 2013-10-23 15:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1767951355-1007739754-1276474970-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Profilname\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D48F6F7F-BD46-41F0-BD6B-37F58504FF32}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{606AE995-9C21-4595-A361-D694AFBF14BB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D07C2BDC-33CE-4019-96CF-0E5FAAC63EF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9DF2011A-BAF6-41DF-9BEF-7188CCD90CAB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{916DD865-4294-4366-946D-3E9A5E1C4BEA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{DD71F7C7-3121-4C1B-8255-F64644530340}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5AEF3889-CB25-42D2-8338-6A993DE29600}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{88A69DE3-773C-4BC6-9AE1-A6E791F8B9C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0277D7D6-643C-41DC-A8F8-02D7ADF9FEA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9E458772-C26E-4D17-AA38-FCDD8A70A2B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F0E5EB37-CD7C-457C-B09F-71C150037846}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{2158D9F2-2CDB-4F15-9974-31FEA2213E2C}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{9C9C552A-E0D9-4B40-B28F-01305626C5CE}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{1685CB77-9C32-41F3-B88A-B629BCBBDC80}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{18153B11-249C-4677-8E7F-F3A6EEBB2B67}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EBAFE9C5-A81D-42B7-B8BD-9468C7F4CABF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C5BFC37A-F0A7-4EA9-BB5F-F02E66DA818A}] => (Allow) C:\Steam_Games\Steam\Steam.exe
FirewallRules: [{C6B8EAE0-4C7A-44BF-9708-DA8654955BE2}] => (Allow) C:\Steam_Games\Steam\Steam.exe
FirewallRules: [{38AD4D1C-C126-4F7E-84DB-49CD23A34A20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED0F09B2-5AB0-401F-939B-16EEEB93DF1E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EDA59C6C-1125-4A91-9671-E41A57DE15FD}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{230EB1BD-FCC3-45C4-B3B6-E0E7BEB60D84}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{3DD4A496-180C-4504-98B0-F74DCA1F51E8}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{CAAEAA16-9E3F-4E8D-8E5F-9D4A19933B15}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{65C45EC3-7E24-4AF9-8891-659489E0F332}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{39FAB9F4-922C-4E7E-96DE-5234788D42F0}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{BBB746E1-3EE4-40C9-826B-44D10013D3CF}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{481EF33C-68DF-49F0-9A36-39CD6393D2B2}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{B03083CA-1BA0-4BF6-AC3C-477CE438305E}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{4A3B736F-0CBA-4A0B-BD7D-738A89E760B1}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{9AC41D93-AA9B-4BD3-BC07-CEDE96C27BB5}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{85132833-0F52-4654-AD8D-D0E6DA8170C1}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{D5F312DC-2DD4-40A5-9CE5-F944B78F79DF}] => (Allow) C:\Steam_Games\Steam\steamapps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{BE7837B2-3F0D-4E42-BE64-7D10614EB298}] => (Allow) C:\Steam_Games\Steam\steamapps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{DE9A4F00-8D26-4416-BD9C-8D6F837E6848}] => (Allow) C:\Steam_Games\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{B1FCAE80-12D9-4439-94CF-16372BC9E86B}] => (Allow) C:\Steam_Games\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{801AE6D1-3073-44EC-83CF-407C96928F83}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{41A246FA-5C78-43BC-8824-0AB623E695DA}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{13C61DF8-9D4A-4CBA-9A5D-F5DB4B5616B5}] => (Allow) C:\Steam_Games\Steam\steamapps\common\DXHRML\dxhrml.exe
FirewallRules: [{32BBEE42-FCD1-4F11-96E4-76401991293B}] => (Allow) C:\Steam_Games\Steam\steamapps\common\DXHRML\dxhrml.exe
FirewallRules: [{6D7C62DA-162A-416E-8338-193A13186D18}] => (Allow) C:\Steam_Games\Steam\steamapps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{6E603CA2-9E23-4C30-9095-6DCAD88F0BD2}] => (Allow) C:\Steam_Games\Steam\steamapps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{73B8BB1A-1BEF-41DE-B1F8-5EEA836B9EA7}] => (Allow) C:\Steam_Games\Steam\steamapps\common\max payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{F7177A81-7E3B-43AA-B6EC-46F06BAC0AF2}] => (Allow) C:\Steam_Games\Steam\steamapps\common\max payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{35045B08-B21D-4A99-B7D4-E3AB7734ADB9}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{6B87DB2C-272E-4DF1-B2D2-6A66DC99A574}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{9C664C85-55C0-4DCF-8C3C-6965481CF44F}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{304118CF-72DC-4CBA-8E0C-A071433FBB02}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{CF642E0D-9F55-4E8A-9A63-79B5A9B3EF9D}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{49D77475-31F7-4FBB-886C-E85F9A3B244B}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{B122015E-3C3F-4B3C-9364-A352CF98EEDE}] => (Allow) C:\spiele\steam\steamapps\common\command and conquer 3 tiberium wars\CNC3.exe
FirewallRules: [{43A4E560-73B1-46E2-B7CA-58788907902F}] => (Allow) C:\spiele\steam\steamapps\common\command and conquer 3 tiberium wars\CNC3.exe
FirewallRules: [{447EF613-82C6-4B7A-818E-E01F71E73413}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FA45E5E6-432A-4876-A38B-0C129356CFC2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{AF5B1984-CA59-48B5-9E86-85D04C601390}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP_Launcher.exe
FirewallRules: [{E887CAB3-824E-4EB0-823E-424C2370B639}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP_Launcher.exe
FirewallRules: [{7BEC4332-CF6A-4950-81B2-D31552BCF4FF}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP_DX11.exe
FirewallRules: [{776E3DBD-A19F-4A60-9A14-5B1E7CC9CAB4}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP_DX11.exe
FirewallRules: [{1D74CED6-9097-424D-B67A-F39E2BD3381F}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP.exe
FirewallRules: [{89942E1A-593C-481E-8CFF-878DEE6A3719}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP.exe
FirewallRules: [{70FD8D64-7E0B-4BFE-BCCB-F6993CD570EC}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe
FirewallRules: [{B60394D4-CBF0-471F-B473-C104DE2877E6}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe
FirewallRules: [{35838E8C-0FAB-43B3-B2A1-C6BEC76452B9}] => (Allow) C:\Spiele\Steam\Steam.exe
FirewallRules: [{F6DF763A-3AE5-4479-8D6A-345C128DF534}] => (Allow) C:\Spiele\Steam\Steam.exe
FirewallRules: [TCP Query User{4FEEA555-584F-41AF-A293-4C2FC3EF6F9B}E:\mirc\mirc.exe] => (Allow) E:\mirc\mirc.exe
FirewallRules: [UDP Query User{E2548BBA-8530-4952-87AE-34CA6588493B}E:\mirc\mirc.exe] => (Allow) E:\mirc\mirc.exe
FirewallRules: [{CBBDE26B-A3C3-49F2-98F6-2CD92DA8A587}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CF55FB9F-108C-4283-9F92-0C73029761BB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{602F9970-F9CA-43A2-A948-00F5DB575B45}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B77DD191-03A6-4B64-874C-96793BDDAD0B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{45AD69CA-7AEB-48AE-A02E-B1E577759332}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{A50E3513-6CC1-4981-9015-F40E4AE588FE}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{308D9CE5-B83E-436F-9F3D-F2EA64E95888}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{DDD580E3-EF67-4ACA-8E3C-8154D6FA4532}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{CD08116C-D6C3-4578-9593-33BFE64E8E8C}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{898781E3-AFA4-4F23-B7FE-88DD35F7E99A}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{2F074AC0-CE81-4DEF-B1E1-13A95A29614D}] => (Allow) C:\Spiele\Steam\steamapps\common\max payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{DFECC3EC-C517-4B1F-AE75-98402E1D232D}] => (Allow) C:\Spiele\Steam\steamapps\common\max payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [TCP Query User{7BBE6CED-FA2C-4FD4-ABA2-0F86A4BCEEE5}C:\spiele\battlenet\diablo iii\diablo iii.exe] => (Allow) C:\spiele\battlenet\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{13EB5DE0-F34D-4BF1-A7FA-7057A15F2B75}C:\spiele\battlenet\diablo iii\diablo iii.exe] => (Allow) C:\spiele\battlenet\diablo iii\diablo iii.exe
FirewallRules: [{8618A7ED-7D26-47BE-BA51-0E11224D097B}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{5E992CC2-2702-486C-963A-1D7E09B56113}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{4B40C92A-6DFA-4100-871D-A86C9FC5FE99}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{5110C18E-6D63-4955-98C9-9E11B73CE93B}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{5E699258-D4C3-4D4F-9C5A-2BD1C8D0A80F}C:\spiele\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\spiele\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{458ED06C-3AA3-48A4-8BDE-885B51D45A2D}C:\spiele\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\spiele\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{2060D222-C28F-4238-A066-1A20A1054F1E}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{0F5BBD26-A76C-4B4D-958C-36BD21FC6B58}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{8C3F97D1-EAF2-4638-81EC-5329DB3CA6C2}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{3AF65722-324D-4808-8F27-718DD2C2A9B1}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{7ABAA44E-A350-4BEB-BBF1-612E6ED6E333}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{98FE3377-0285-41A0-9CC5-636E48B28E01}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{F8A5DF1F-A9D3-4CFF-BBE6-17901D2858F8}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{1CA693FD-4787-4954-A742-582DD8B4AD7F}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{E458AFB2-A47A-4BF0-AAA0-3534E1AE3026}] => (Allow) C:\Spiele\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{85C6CA21-3D48-4623-94A0-D447D083F667}] => (Allow) C:\Spiele\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [TCP Query User{A1D460B0-F2CC-4F33-A133-B45F1FB8538E}C:\spiele\steam\steamapps\common\call of duty black ops\blackopsmp.exe] => (Allow) C:\spiele\steam\steamapps\common\call of duty black ops\blackopsmp.exe
FirewallRules: [UDP Query User{AD09BC55-0B13-42CC-AAF3-AF99B035E055}C:\spiele\steam\steamapps\common\call of duty black ops\blackopsmp.exe] => (Allow) C:\spiele\steam\steamapps\common\call of duty black ops\blackopsmp.exe
FirewallRules: [{6A215FD4-3056-4C5F-9409-9FF4DB28FD80}] => (Allow) C:\Spiele\Steam\steamapps\common\Darkness II\DarknessII.exe
FirewallRules: [{313C5C47-CF5D-4B91-8F21-613615624237}] => (Allow) C:\Spiele\Steam\steamapps\common\Darkness II\DarknessII.exe
FirewallRules: [{E5EF1B6C-32D9-40C5-9C41-3D5C5CC1EBD9}] => (Allow) C:\Spiele\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{3F347320-A505-490A-9D13-C7D7868547C1}] => (Allow) C:\Spiele\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{028FC6A6-B9F2-4AD1-B205-4A49E83BA914}] => (Allow) C:\Spiele\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{95C5F6AD-CBE0-4C05-9BA9-09589722A640}] => (Allow) C:\Spiele\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/19/2015 11:28:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Thunderbolt.exe, Version: 2.0.4.54, Zeitstempel: 0x530cadea
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x6b4
Startzeit der fehlerhaften Anwendung: 0xThunderbolt.exe0
Pfad der fehlerhaften Anwendung: Thunderbolt.exe1
Pfad des fehlerhaften Moduls: Thunderbolt.exe2
Berichtskennung: Thunderbolt.exe3
Vollständiger Name des fehlerhaften Pakets: Thunderbolt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Thunderbolt.exe5
Error: (06/19/2015 11:28:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei System.Threading.Mutex.ReleaseMutex()
bei Thunderbolt.frmConnectedDevices.CloseApp()
bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
bei Thunderbolt.Program.Main(System.String[])
Error: (06/19/2015 11:27:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Thunderbolt.exe, Version: 2.0.4.54, Zeitstempel: 0x530cadea
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x6c8
Startzeit der fehlerhaften Anwendung: 0xThunderbolt.exe0
Pfad der fehlerhaften Anwendung: Thunderbolt.exe1
Pfad des fehlerhaften Moduls: Thunderbolt.exe2
Berichtskennung: Thunderbolt.exe3
Vollständiger Name des fehlerhaften Pakets: Thunderbolt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Thunderbolt.exe5
Error: (06/19/2015 11:27:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei System.Threading.Mutex.ReleaseMutex()
bei Thunderbolt.frmConnectedDevices.CloseApp()
bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
bei Thunderbolt.Program.Main(System.String[])
Error: (06/19/2015 11:14:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei System.Threading.Mutex.ReleaseMutex()
bei Thunderbolt.frmConnectedDevices.CloseApp()
bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
bei Thunderbolt.Program.Main(System.String[])
Error: (06/19/2015 03:55:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Thunderbolt.exe, Version: 2.0.4.54, Zeitstempel: 0x530cadea
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x6e0
Startzeit der fehlerhaften Anwendung: 0xThunderbolt.exe0
Pfad der fehlerhaften Anwendung: Thunderbolt.exe1
Pfad des fehlerhaften Moduls: Thunderbolt.exe2
Berichtskennung: Thunderbolt.exe3
Vollständiger Name des fehlerhaften Pakets: Thunderbolt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Thunderbolt.exe5
Error: (06/19/2015 03:55:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei System.Threading.Mutex.ReleaseMutex()
bei Thunderbolt.frmConnectedDevices.CloseApp()
bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
bei Thunderbolt.Program.Main(System.String[])
Error: (06/12/2015 09:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Name des fehlerhaften Moduls: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001f0de0
ID des fehlerhaften Prozesses: 0x1890
Startzeit der fehlerhaften Anwendung: 0xdxhr.exe0
Pfad der fehlerhaften Anwendung: dxhr.exe1
Pfad des fehlerhaften Moduls: dxhr.exe2
Berichtskennung: dxhr.exe3
Vollständiger Name des fehlerhaften Pakets: dxhr.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dxhr.exe5
Error: (06/12/2015 09:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Name des fehlerhaften Moduls: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00135c0d
ID des fehlerhaften Prozesses: 0x147c
Startzeit der fehlerhaften Anwendung: 0xdxhr.exe0
Pfad der fehlerhaften Anwendung: dxhr.exe1
Pfad des fehlerhaften Moduls: dxhr.exe2
Berichtskennung: dxhr.exe3
Vollständiger Name des fehlerhaften Pakets: dxhr.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dxhr.exe5
Error: (06/12/2015 09:34:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Name des fehlerhaften Moduls: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001f2dab
ID des fehlerhaften Prozesses: 0x5ac
Startzeit der fehlerhaften Anwendung: 0xdxhr.exe0
Pfad der fehlerhaften Anwendung: dxhr.exe1
Pfad des fehlerhaften Moduls: dxhr.exe2
Berichtskennung: dxhr.exe3
Vollständiger Name des fehlerhaften Pakets: dxhr.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dxhr.exe5
System errors:
=============
Error: (06/20/2015 00:05:36 PM) (Source: DCOM) (EventID: 10010) (User: Profilname-Laptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (06/20/2015 00:05:06 PM) (Source: DCOM) (EventID: 10010) (User: Profilname-Laptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: Profilname-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Profilname-LaptopprofilnameS-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: Profilname-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Profilname-LaptopProfilnameS-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: Profilname-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}profilnames-Laptopprofilname-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: profilnames-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}profilnames-LaptopprofilnameS-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: Profilnames-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}profilnames-LaptopprofilnameS-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: profilnames-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Profilnames-LaptopprofilnameS-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/20/2015 11:54:22 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.06.2015 um 00:59:48 unerwartet heruntergefahren.
Error: (06/20/2015 11:54:15 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841144288
Microsoft Office:
=========================
Error: (06/19/2015 11:28:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Thunderbolt.exe2.0.4.54530cadeaKERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c6b401d0aa7251d2877bC:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exeC:\Windows\system32\KERNELBASE.dll96229cde-1665-11e5-8272-e8b1fc6bf462
Error: (06/19/2015 11:28:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei System.Threading.Mutex.ReleaseMutex()
bei Thunderbolt.frmConnectedDevices.CloseApp()
bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
bei Thunderbolt.Program.Main(System.String[])
Error: (06/19/2015 11:27:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Thunderbolt.exe2.0.4.54530cadeaKERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c6c801d0aa72229e3b36C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exeC:\Windows\system32\KERNELBASE.dll666af846-1665-11e5-8271-e8b1fc6bf462
Error: (06/19/2015 11:27:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei System.Threading.Mutex.ReleaseMutex()
bei Thunderbolt.frmConnectedDevices.CloseApp()
bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
bei Thunderbolt.Program.Main(System.String[])
Error: (06/19/2015 11:14:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei System.Threading.Mutex.ReleaseMutex()
bei Thunderbolt.frmConnectedDevices.CloseApp()
bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
bei Thunderbolt.Program.Main(System.String[])
Error: (06/19/2015 03:55:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Thunderbolt.exe2.0.4.54530cadeaKERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c6e001d0aa330a576d7eC:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exeC:\Windows\system32\KERNELBASE.dll4de80693-1626-11e5-826c-e8b1fc6bf462
Error: (06/19/2015 03:55:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei System.Threading.Mutex.ReleaseMutex()
bei Thunderbolt.frmConnectedDevices.CloseApp()
bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
bei Thunderbolt.Program.Main(System.String[])
Error: (06/12/2015 09:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dxhr.exe1.4.651.04fb36dd8dxhr.exe1.4.651.04fb36dd8c0000005001f0de0189001d0a546f65d83f8C:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exeC:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exed6e6cf8f-113a-11e5-826a-e8b1fc6bf462
Error: (06/12/2015 09:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dxhr.exe1.4.651.04fb36dd8dxhr.exe1.4.651.04fb36dd8c000000500135c0d147c01d0a546c4af0471C:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exeC:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe310bd92a-113a-11e5-826a-e8b1fc6bf462
Error: (06/12/2015 09:34:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dxhr.exe1.4.651.04fb36dd8dxhr.exe1.4.651.04fb36dd8c0000005001f2dab5ac01d0a540f1107539C:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exeC:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exefdab60b8-1139-11e5-826a-e8b1fc6bf462
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 12%
Total physical RAM: 16333.11 MB
Available physical RAM: 14315.8 MB
Total Pagefile: 18765.11 MB
Available Pagefile: 16485.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:464.71 GB) (Free:152.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Data1) (Fixed) (Total:931.51 GB) (Free:870.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: E3EA9747)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 6310F6FB)
Partition: GPT Partition Type.
==================== End of log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:04 on 20/06/2015 (Profilname)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Profilname (administrator) on Profilnames-LAPTOP on 20-06-2015 15:04:44
Running from C:\Users\Profilname\Desktop
Loaded Profiles: Profilname (Available Profiles: Profilname)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Electronic Arts) C:\Spiele\Origin\Origin.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276040 2014-05-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [ASUS ROG MacroKey] => C:\Program Files (x86)\ASUS\ASUS ROG MacroKey\Hid.exe [2036224 2014-07-30] (ASUS)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254976 2015-04-16] (Razer Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1767951355-1007739754-1276474970-1001\...\Run: [Steam] => "C:\Steam_Games\Steam\steam.exe" -silent
HKU\S-1-5-21-1767951355-1007739754-1276474970-1001\...\Run: [EADM] => C:\Spiele\Origin\Origin.exe [3632472 2015-06-02] (Electronic Arts)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1767951355-1007739754-1276474970-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1767951355-1007739754-1276474970-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Profilname\AppData\Roaming\Mozilla\Firefox\Profiles\lt1e8mof.default
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Extension: Avira Browser Safety - C:\Users\Profilname\AppData\Roaming\Mozilla\Firefox\Profiles\lt1e8mof.default\Extensions\abs@avira.com [2015-06-12]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-06-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-06-19] (Avira Operations GmbH & Co. KG)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [345912 2014-08-29] (ASUSTeK)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-05-09] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-09] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-09] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Spiele\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-05-25] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-20] ()
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-04-16] (Razer Inc.) [File not signed]
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-05-09] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-04] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NFC_Driver; C:\Windows\System32\drivers\NFC_Driver.sys [48336 2014-03-27] (Titan ARC Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-09] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-04-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-20 15:04 - 2015-06-20 15:04 - 00017412 _____ C:\Users\Profilname\Desktop\FRST.txt
2015-06-20 15:04 - 2015-06-20 15:04 - 00000472 _____ C:\Users\Profilname\Desktop\defogger_disable.log
2015-06-20 15:04 - 2015-06-20 15:04 - 00000000 ____D C:\FRST
2015-06-20 15:04 - 2015-06-20 15:04 - 00000000 _____ C:\Users\Profilname\defogger_reenable
2015-06-20 14:54 - 2015-06-20 14:57 - 00000000 ____D C:\Users\Profilname\Desktop\Laptop
2015-06-20 14:47 - 2015-06-20 14:47 - 02109952 _____ (Farbar) C:\Users\Profilname\Desktop\FRST64.exe
2015-06-20 14:47 - 2015-06-20 14:47 - 00380416 _____ C:\Users\Profilname\Desktop\GMER-kqxc66yd.exe
2015-06-20 14:46 - 2015-06-20 14:46 - 00050477 _____ C:\Users\Profilname\Desktop\Defogger.exe
2015-06-19 23:57 - 2015-06-19 23:57 - 00000209 _____ C:\Users\Profilname\Desktop\METAL GEAR SOLID V GROUND ZEROES.url
2015-06-19 13:13 - 2015-06-19 13:13 - 00000000 _____ C:\Recovery.txt
2015-06-19 11:36 - 2015-06-19 11:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-06-15 14:40 - 2015-06-15 14:40 - 00000000 ____D C:\Users\Profilname\AppData\Roaming\Foxit Software
2015-06-14 23:07 - 2015-06-16 00:57 - 00000000 ____D C:\Users\Profilname\AppData\Roaming\DarknessII
2015-06-14 20:18 - 2015-06-14 20:18 - 00000000 ____D C:\Users\Profilname\AppData\Local\GWX
2015-06-13 16:53 - 2015-06-13 16:53 - 00000209 _____ C:\Users\Profilname\Desktop\Thief.url
2015-06-13 16:52 - 2015-06-13 16:52 - 00000208 _____ C:\Users\Profilname\Desktop\The Darkness II.url
2015-06-12 23:06 - 2015-06-20 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-12 20:46 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-12 20:46 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-11 19:32 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-11 19:32 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-11 19:32 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-11 19:32 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-11 19:32 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-11 19:32 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-11 19:32 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-11 19:32 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-11 19:32 - 2015-04-09 00:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-11 19:32 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-11 19:32 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-11 19:32 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-11 19:32 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-11 19:32 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-11 19:32 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-11 19:32 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-11 19:32 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-11 19:31 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-11 19:31 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-11 19:31 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-11 19:31 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-11 19:31 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-11 19:31 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-11 19:31 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-11 19:31 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-11 19:31 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-11 19:31 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-11 19:31 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-11 19:31 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-11 19:31 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-10 19:55 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 19:55 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 19:55 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 19:55 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 19:55 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 19:55 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 19:55 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 19:55 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 19:55 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 19:55 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 19:55 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 19:55 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 19:55 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 19:55 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 19:55 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 19:55 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 19:55 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 19:55 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 19:55 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 19:55 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 19:55 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 19:55 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 19:55 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 19:55 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 19:55 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 19:55 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 19:55 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 19:55 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 19:55 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 19:55 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 19:55 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 19:55 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 19:55 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 19:55 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 19:55 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 19:55 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 19:55 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 19:55 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 19:55 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 19:55 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 19:55 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 19:55 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 19:55 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 18:47 - 2015-06-09 18:47 - 00000000 ____D C:\Users\Profilname\AppData\Local\Activision
2015-05-30 10:58 - 2015-06-14 20:25 - 00000000 ____D C:\Users\Profilname\AppData\Local\dxhr
2015-05-30 10:56 - 2015-05-30 10:56 - 00000000 ____D C:\Users\Profilname\AppData\Local\28050
2015-05-30 08:17 - 2015-05-30 08:17 - 00000926 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2015-05-30 08:17 - 2015-05-30 08:17 - 00000902 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2015-05-25 22:52 - 2015-05-25 22:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-25 22:52 - 2015-05-25 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-25 22:51 - 2015-05-25 22:51 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-05-25 22:51 - 2015-05-25 22:51 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-05-25 22:50 - 2015-05-25 22:50 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-05-25 20:40 - 2015-05-25 23:10 - 00005498 _____ C:\Users\Profilname\Desktop\Neues Textdokument.txt
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\Windows\PCHEALTH
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-05-25 20:32 - 2015-06-12 20:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-25 20:32 - 2015-05-25 20:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 __RHD C:\MSOCache
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 ____D C:\Users\Profilname\AppData\Local\Microsoft Help
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 ____D C:\Program Files\Microsoft Office
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-05-25 19:42 - 2015-05-25 19:42 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2015-05-25 04:44 - 2015-05-25 04:44 - 00000000 ____D C:\Users\Profilname\AppData\Local\PunkBuster
2015-05-25 04:22 - 2015-05-25 04:22 - 00000000 ____D C:\Users\Profilname\Documents\Battlefield 4
2015-05-25 04:21 - 2015-05-25 04:21 - 00000707 _____ C:\Users\Public\Desktop\Origin.lnk
2015-05-25 04:21 - 2015-05-25 04:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-05-25 04:21 - 2015-05-25 04:21 - 00000000 ____D C:\ProgramData\Electronic Arts
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-20 15:04 - 2015-05-16 21:42 - 00000000 ____D C:\Users\Profilname
2015-06-20 15:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-20 14:55 - 2014-10-29 14:02 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-06-20 14:55 - 2014-10-29 14:02 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-06-20 14:55 - 2014-03-18 17:26 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-20 14:54 - 2013-08-22 16:46 - 00028671 _____ C:\Windows\setupact.log
2015-06-20 14:00 - 2014-12-11 04:17 - 01470056 _____ C:\Windows\WindowsUpdate.log
2015-06-20 12:33 - 2015-05-16 19:47 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1767951355-1007739754-1276474970-1001
2015-06-20 12:04 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-20 12:00 - 2015-05-16 20:53 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-06-20 12:00 - 2015-05-16 20:53 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-06-20 11:54 - 2015-05-20 13:24 - 00000000 ____D C:\ProgramData\Origin
2015-06-20 11:54 - 2015-05-16 22:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-20 11:54 - 2015-05-16 21:42 - 00000093 _____ C:\Users\Profilname\AppData\Roaming\sp_data.sys
2015-06-20 11:54 - 2014-12-11 04:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-20 11:54 - 2014-03-18 10:16 - 00210628 _____ C:\Windows\PFRO.log
2015-06-20 11:54 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-20 00:08 - 2015-05-20 12:02 - 00129240 _____ C:\Windows\DirectX.log
2015-06-20 00:08 - 2014-10-29 08:25 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-19 03:55 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-19 03:53 - 2015-05-20 14:06 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-19 03:53 - 2015-05-20 14:06 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-19 03:53 - 2015-05-20 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-17 15:10 - 2015-05-17 22:06 - 00000000 __SHD C:\Users\PRofilname\AppData\Local\EmieBrowserModeList
2015-06-17 15:10 - 2015-05-16 21:45 - 00000000 __SHD C:\Users\Profilname\AppData\Local\EmieUserList
2015-06-17 15:10 - 2015-05-16 21:45 - 00000000 __SHD C:\Users\Profilname\AppData\Local\EmieSiteList
2015-06-14 06:37 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-06-13 16:50 - 2013-08-22 16:44 - 00481504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 23:14 - 2015-05-16 21:58 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-12 23:14 - 2015-05-16 21:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-12 23:14 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-12 23:14 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 23:14 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-12 20:46 - 2015-05-16 20:51 - 00000000 ____D C:\Windows\system32\MRT
2015-06-12 20:45 - 2015-05-16 20:51 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-12 20:45 - 2013-08-22 15:25 - 00000199 _____ C:\Windows\win.ini
2015-06-10 19:53 - 2015-05-20 14:05 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-03 18:18 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-03 03:03 - 2015-05-16 19:48 - 00000000 ____D C:\Program Files (x86)\Razer
2015-06-02 05:23 - 2015-05-20 12:12 - 00000000 ____D C:\Users\Profilname\AppData\Roaming\Origin
2015-06-01 11:25 - 2015-05-20 12:19 - 00000000 ____D C:\Users\Profilname\AppData\Local\Battle.net
2015-05-30 09:32 - 2015-05-20 15:47 - 00226680 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-05-30 09:22 - 2015-05-20 15:47 - 00226680 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-05-26 04:47 - 2015-05-17 22:08 - 00000000 ____D C:\Users\Profilname\AppData\Roaming\vlc
2015-05-25 23:21 - 2015-05-16 21:58 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-25 23:21 - 2015-05-16 21:58 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-25 22:51 - 2014-10-29 08:25 - 00000000 ____D C:\ProgramData\Skype
2015-05-25 20:33 - 2014-10-29 13:30 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-05-25 20:33 - 2014-03-18 17:10 - 00000000 ____D C:\Windows\ShellNew
2015-05-25 20:32 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-05-25 04:33 - 2015-05-20 15:48 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-05-25 04:33 - 2014-12-11 04:33 - 00000000 ____D C:\ProgramData\McAfee
2015-05-25 04:21 - 2015-05-20 13:25 - 00000000 ____D C:\Users\Profilname\AppData\Local\Origin
==================== Files in the root of some directories =======
2015-05-16 21:42 - 2015-06-20 11:54 - 0000093 _____ () C:\Users\Profilname\AppData\Roaming\sp_data.sys
2014-12-11 04:26 - 2014-12-11 04:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-29 08:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS
Some files in TEMP:
====================
C:\Users\Profilname\AppData\Local\Temp\avgnt.exe
C:\Users\Profilname\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Profilname\AppData\Local\Temp\mirc635.exe
C:\Users\Profilname\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Profilname\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Profilname\AppData\Local\Temp\nvStInst.exe
C:\Users\Profilname\AppData\Local\Temp\sonarinst.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-20 12:04
==================== End of log ============================
HTML-Code: <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Virenfunde</title> <link rel="stylesheet" type="text/css" href="file:///opt/desinfect/metascan.css" /> </head> <body> <h2 align="center">Virenfunde</h2> <table class="virustab"> <tr> <th class="leftempty"> </th> <th>Avira</th> <th>Bitdefender</th> <th>Kaspersky</th> <th>ClamAV</th> <th>Aktion</th> </tr> <tr class="even"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/Recovery/oem/DELAY.EXE">/media/Recovery/oem/DELAY.EXE</a></td> </tr> <tr class="even"> <td class="leftempty"></td> <td><a target="_blank" href="hxxp://www.avira.com/de/support-virus-lab?sq=TR/Agent.179568">TR/Agent.179568</td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Worm.Agent-88">Win.Worm.Agent-88</td><td> <a href="vtupload:///media/Recovery/oem/DELAY.EXE">VirusTotal</a> <a href="rename:///media/Recovery/oem/DELAY.EXE">umbenennen</a> </td> </tr> <tr class="odd"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/Data1/mIRC/mirc.exe">/media/Data1/mIRC/mirc.exe</a></td> </tr> <tr class="odd"> <td class="leftempty"></td> <td></td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Trojan.Small-504">Trojan.Small-504</td><td> <a href="vtupload:///media/Data1/mIRC/mirc.exe">VirusTotal</a> <a href="rename:///media/Data1/mIRC/mirc.exe">umbenennen</a> </td> </tr> <tr class="even"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/Data1/Portable Apps/m_irc-1635/DEViLiSiON/mirc.exe">/media/Data1/Portable Apps/m_irc-1635/DEViLiSiON/mirc.exe</a></td> </tr> <tr class="even"> <td class="leftempty"></td> <td></td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Trojan.Small-504">Trojan.Small-504</td><td> <a href="vtupload:///media/Data1/Portable Apps/m_irc-1635/DEViLiSiON/mirc.exe">VirusTotal</a> <a href="rename:///media/Data1/Portable Apps/m_irc-1635/DEViLiSiON/mirc.exe">umbenennen</a> </td> </tr> <tr class="odd"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Dying Light/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">/media/desinfect/OS/Spiele/Dying Light/_CommonRedist/DirectX/Jun2010/DXSETUP.exe</a></td> </tr> <tr class="odd"> <td class="leftempty"></td> <td></td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td> <a href="vtupload:///media/desinfect/OS/Spiele/Dying Light/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">VirusTotal</a> <a href="rename:///media/desinfect/OS/Spiele/Dying Light/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">umbenennen</a> </td> </tr> <tr class="even"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Origin Games/Battlefield 4/__Installer/directx/redist/DXSETUP.exe">/media/desinfect/OS/Spiele/Origin Games/Battlefield 4/__Installer/directx/redist/DXSETUP.exe</a></td> </tr> <tr class="even"> <td class="leftempty"></td> <td></td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td> <a href="vtupload:///media/desinfect/OS/Spiele/Origin Games/Battlefield 4/__Installer/directx/redist/DXSETUP.exe">VirusTotal</a> <a href="rename:///media/desinfect/OS/Spiele/Origin Games/Battlefield 4/__Installer/directx/redist/DXSETUP.exe">umbenennen</a> </td> </tr> <tr class="odd"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty black ops/Redist/DirectX/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty black ops/Redist/DirectX/DXSETUP.exe</a></td> </tr> <tr class="odd"> <td class="leftempty"></td> <td></td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td> <a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty black ops/Redist/DirectX/DXSETUP.exe">VirusTotal</a> <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty black ops/Redist/DirectX/DXSETUP.exe">umbenennen</a> </td> </tr> <tr class="even"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty modern warfare 3/Redist/DirectX/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty modern warfare 3/Redist/DirectX/DXSETUP.exe</a></td> </tr> <tr class="even"> <td class="leftempty"></td> <td></td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td> <a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty modern warfare 3/Redist/DirectX/DXSETUP.exe">VirusTotal</a> <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty modern warfare 3/Redist/DirectX/DXSETUP.exe">umbenennen</a> </td> </tr> <tr class="odd"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/Dishonored/Binaries/Redist/directx_full_redist/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/Dishonored/Binaries/Redist/directx_full_redist/DXSETUP.exe</a></td> </tr> <tr class="odd"> <td class="leftempty"></td> <td></td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td> <a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/Dishonored/Binaries/Redist/directx_full_redist/DXSETUP.exe">VirusTotal</a> <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/Dishonored/Binaries/Redist/directx_full_redist/DXSETUP.exe">umbenennen</a> </td> </tr> <tr class="even"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/max payne 3/MP3_Installers/DirectX/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/max payne 3/MP3_Installers/DirectX/DXSETUP.exe</a></td> </tr> <tr class="even"> <td class="leftempty"></td> <td></td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td> <a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/max payne 3/MP3_Installers/DirectX/DXSETUP.exe">VirusTotal</a> <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/max payne 3/MP3_Installers/DirectX/DXSETUP.exe">umbenennen</a> </td> </tr> <tr class="odd"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/Shadow Warrior/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/Shadow Warrior/_CommonRedist/DirectX/Jun2010/DXSETUP.exe</a></td> </tr> <tr class="odd"> <td class="leftempty"></td> <td></td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td> <a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/Shadow Warrior/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">VirusTotal</a> <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/Shadow Warrior/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">umbenennen</a> </td> </tr> <tr class="even"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/Thief/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/Thief/_CommonRedist/DirectX/Jun2010/DXSETUP.exe</a></td> </tr> <tr class="even"> <td class="leftempty"></td> <td></td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td> <a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/Thief/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">VirusTotal</a> <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/Thief/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">umbenennen</a> </td> </tr> <tr class="odd"> <td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Users/Kontoname/AppData/Local/Temp/Rar$DRa0.881/mirc.exe">/media/desinfect/OS/Users/Kontoname/AppData/Local/Temp/Rar$DRa0.881/mirc.exe</a></td> </tr> <tr class="odd"> <td class="leftempty"></td> <td></td> <td></td> <td></td> <td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Trojan.Small-504">Trojan.Small-504</td><td> <a href="vtupload:///media/desinfect/OS/Users/Kontoname/AppData/Local/Temp/Rar$DRa0.881/mirc.exe">VirusTotal</a> <a href="rename:///media/desinfect/OS/Users/Kontoname/AppData/Local/Temp/Rar$DRa0.881/mirc.exe">umbenennen</a> </td> </tr> </table> <div class="cleanall"><p><a href="renameall:///virus">Alle gefundenen Dateien mit der Endung .VIRUS versehen</a></p></div></body> </html> |
|
20.06.2015, 16:31
| #2 |
| /// the machine /// TB-Ausbilder    | Datenleck Aufsprüfen PC1 hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
20.06.2015, 17:35
| #3 |
| | Datenleck Aufsprüfen PC1 Vielen Dank für das schnelle Feedback!
__________________Beide Scannner haben nichts gefunden. Daher blieb vermutlich der angekündigte Neustart von Malwarebytes Anti-Rootkit aus ? TDSS Log: Code:
ATTFilter 18:29:58.0802 0x16b0 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:29:58.0802 0x16b0 UEFI system
18:30:02.0197 0x16b0 ============================================================
18:30:02.0197 0x16b0 Current date / time: 2015/06/20 18:30:02.0197
18:30:02.0197 0x16b0 SystemInfo:
18:30:02.0197 0x16b0
18:30:02.0197 0x16b0 OS Version: 6.3.9600 ServicePack: 0.0
18:30:02.0197 0x16b0 Product type: Workstation
18:30:02.0197 0x16b0 ComputerName: ProfilnamesLAPTOP
18:30:02.0197 0x16b0 UserName: Profilname
18:30:02.0197 0x16b0 Windows directory: C:\Windows
18:30:02.0197 0x16b0 System windows directory: C:\Windows
18:30:02.0197 0x16b0 Running under WOW64
18:30:02.0197 0x16b0 Processor architecture: Intel x64
18:30:02.0197 0x16b0 Number of processors: 8
18:30:02.0197 0x16b0 Page size: 0x1000
18:30:02.0197 0x16b0 Boot type: Normal boot
18:30:02.0197 0x16b0 ============================================================
18:30:02.0371 0x16b0 KLMD registered as C:\Windows\system32\drivers\30677795.sys
18:30:02.0489 0x16b0 System UUID: {ADFB46F5-4151-61FF-2749-D759EDBF996A}
18:30:02.0760 0x16b0 Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 ( 476.94 Gb ), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:30:02.0782 0x16b0 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:30:02.0784 0x16b0 ============================================================
18:30:02.0784 0x16b0 \Device\Harddisk0\DR0:
18:30:02.0784 0x16b0 GPT partitions:
18:30:02.0784 0x16b0 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C3E64DD3-66A9-4522-9AA2-2CC7E53C9FAD}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
18:30:02.0784 0x16b0 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {93BE51D6-B2DF-4640-B6DF-4255C3E9E27D}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
18:30:02.0784 0x16b0 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {212F7661-DA7A-4109-87D1-56D1387943E3}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x3A16D000
18:30:02.0784 0x16b0 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {05930F75-7BD6-4458-97FF-BAF0B0270A52}, Name: Basic data partition, StartLBA 0x3A1E0000, BlocksNum 0x1801000
18:30:02.0784 0x16b0 MBR partitions:
18:30:02.0784 0x16b0 \Device\Harddisk1\DR1:
18:30:02.0785 0x16b0 GPT partitions:
18:30:02.0785 0x16b0 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CFACCBE9-D089-4A49-85A0-08D172FD1D6B}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x74705800
18:30:02.0785 0x16b0 MBR partitions:
18:30:02.0785 0x16b0 ============================================================
18:30:02.0786 0x16b0 C: <-> \Device\Harddisk0\DR0\Partition3
18:30:02.0808 0x16b0 E: <-> \Device\Harddisk1\DR1\Partition1
18:30:02.0808 0x16b0 ============================================================
18:30:02.0808 0x16b0 Initialize success
18:30:02.0808 0x16b0 ============================================================
18:30:54.0876 0x04bc ============================================================
18:30:54.0876 0x04bc Scan started
18:30:54.0876 0x04bc Mode: Manual; SigCheck; TDLFS;
18:30:54.0876 0x04bc ============================================================
18:30:54.0876 0x04bc KSN ping started
18:30:57.0442 0x04bc KSN ping finished: true
18:30:57.0828 0x04bc ================ Scan system memory ========================
18:30:57.0829 0x04bc System memory - ok
18:30:57.0829 0x04bc ================ Scan services =============================
18:30:57.0873 0x04bc 1394ohci - ok
18:30:57.0876 0x04bc 3ware - ok
18:30:57.0899 0x04bc [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:30:57.0951 0x04bc ACPI - ok
18:30:57.0959 0x04bc acpiex - ok
18:30:57.0962 0x04bc acpipagr - ok
18:30:57.0966 0x04bc AcpiPmi - ok
18:30:57.0969 0x04bc acpitime - ok
18:30:57.0973 0x04bc ADP80XX - ok
18:30:57.0982 0x04bc [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:30:58.0009 0x04bc AeLookupSvc - ok
18:30:58.0012 0x04bc AFD - ok
18:30:58.0016 0x04bc AgereSoftModem - ok
18:30:58.0019 0x04bc agp440 - ok
18:30:58.0024 0x04bc [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
18:30:58.0041 0x04bc ahcache - ok
18:30:58.0044 0x04bc AiCharger - ok
18:30:58.0050 0x04bc [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe
18:30:58.0066 0x04bc ALG - ok
18:30:58.0069 0x04bc AmdK8 - ok
18:30:58.0073 0x04bc AmdPPM - ok
18:30:58.0076 0x04bc amdsata - ok
18:30:58.0079 0x04bc amdsbs - ok
18:30:58.0083 0x04bc amdxata - ok
18:30:58.0115 0x04bc [ 3358CAD1887DDDDD2A36B7796B579292, 40BA1A836276C2AA78914F294661C3C918F2D6DFAA9D6EF3FEB6D1EE3B07F584 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
18:30:58.0145 0x04bc AntiVirMailService - ok
18:30:58.0159 0x04bc [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
18:30:58.0178 0x04bc AntiVirSchedulerService - ok
18:30:58.0192 0x04bc [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe
18:30:58.0210 0x04bc AntiVirService - ok
18:30:58.0242 0x04bc [ 6FD5165364D88FDABE4FA59E1768376F, B82D11E6FCC297F822E29A49D46C9985955C9F5676D107A397B00D0468F93504 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
18:30:58.0279 0x04bc AntiVirWebService - ok
18:30:58.0285 0x04bc [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys
18:30:58.0302 0x04bc AppID - ok
18:30:58.0306 0x04bc [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:30:58.0321 0x04bc AppIDSvc - ok
18:30:58.0334 0x04bc [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\Windows\System32\appinfo.dll
18:30:58.0369 0x04bc Appinfo - ok
18:30:58.0407 0x04bc [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll
18:30:58.0446 0x04bc AppReadiness - ok
18:30:58.0481 0x04bc [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
18:30:58.0518 0x04bc AppXSvc - ok
18:30:58.0521 0x04bc arcsas - ok
18:30:58.0524 0x04bc ASLDRService - ok
18:30:58.0526 0x04bc ASMMAP64 - ok
18:30:58.0529 0x04bc Asus WebStorage Windows Service - ok
18:30:58.0531 0x04bc AsusGameFirstService - ok
18:30:58.0536 0x04bc atapi - ok
18:30:58.0540 0x04bc ATKGFNEXSrv - ok
18:30:58.0545 0x04bc ATKWMIACPIIO - ok
18:30:58.0558 0x04bc [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
18:30:58.0577 0x04bc AudioEndpointBuilder - ok
18:30:58.0600 0x04bc [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:30:58.0629 0x04bc Audiosrv - ok
18:30:58.0636 0x04bc [ CC1ABBD9E61B7AA5CCBB45EA87CB033F, 4E5DE485833721E19B36455C017B9D908BAA7D12637A878934A0FAF2326E000B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:30:58.0646 0x04bc avgntflt - ok
18:30:58.0651 0x04bc [ 07C8454D3A94BA478752FAFA2B94E0FE, EB19396D4A6D51D6C33ED55C8EF0259045801D39CCE2945931F9163D6006C133 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:30:58.0658 0x04bc avipbb - ok
18:30:58.0666 0x04bc [ 17348FE28C0A0AB4A6CB86D177770335, 633FEDA61F62504534B47090EA142F73C5D80C0D52A22A6C81DF64CD3EAFDAA8 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
18:30:58.0674 0x04bc Avira.ServiceHost - ok
18:30:58.0677 0x04bc [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:30:58.0682 0x04bc avkmgr - ok
18:30:58.0685 0x04bc [ 83586138F23A4C284EB68AFC852D7AFA, 9ADE8924B4518ED0A8E3FC4CC3F9964BC05B5FF67F230A7FD0BDABCFFA0BB0C8 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
18:30:58.0691 0x04bc avnetflt - ok
18:30:58.0695 0x04bc [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:30:58.0706 0x04bc AxInstSV - ok
18:30:58.0709 0x04bc b06bdrv - ok
18:30:58.0711 0x04bc BasicDisplay - ok
18:30:58.0713 0x04bc BasicRender - ok
18:30:58.0716 0x04bc bcmfn2 - ok
18:30:58.0724 0x04bc [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\Windows\System32\bdesvc.dll
18:30:58.0739 0x04bc BDESVC - ok
18:30:58.0742 0x04bc Beep - ok
18:30:58.0759 0x04bc [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\Windows\System32\bfe.dll
18:30:58.0781 0x04bc BFE - ok
18:30:58.0801 0x04bc [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll
18:30:58.0871 0x04bc BITS - ok
18:30:58.0877 0x04bc Bluetooth Device Monitor - ok
18:30:58.0881 0x04bc Bluetooth OBEX Service - ok
18:30:58.0886 0x04bc bowser - ok
18:30:58.0906 0x04bc [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
18:30:58.0943 0x04bc BrokerInfrastructure - ok
18:30:58.0953 0x04bc [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll
18:30:58.0978 0x04bc Browser - ok
18:30:58.0984 0x04bc BthAvrcpTg - ok
18:30:58.0993 0x04bc [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
18:30:59.0015 0x04bc BthEnum - ok
18:30:59.0023 0x04bc [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
18:30:59.0045 0x04bc BthHFEnum - ok
18:30:59.0053 0x04bc bthhfhid - ok
18:30:59.0078 0x04bc [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
18:30:59.0115 0x04bc BthHFSrv - ok
18:30:59.0121 0x04bc BthLEEnum - ok
18:30:59.0125 0x04bc BTHMODEM - ok
18:30:59.0130 0x04bc BthPan - ok
18:30:59.0188 0x04bc [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:30:59.0223 0x04bc BTHPORT - ok
18:30:59.0230 0x04bc [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll
18:30:59.0242 0x04bc bthserv - ok
18:30:59.0248 0x04bc [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:30:59.0259 0x04bc BTHUSB - ok
18:30:59.0262 0x04bc btmaux - ok
18:30:59.0265 0x04bc btmhsf - ok
18:30:59.0268 0x04bc cdfs - ok
18:30:59.0271 0x04bc cdrom - ok
18:30:59.0277 0x04bc [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\Windows\System32\certprop.dll
18:30:59.0293 0x04bc CertPropSvc - ok
18:30:59.0296 0x04bc circlass - ok
18:30:59.0307 0x04bc [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\Windows\system32\drivers\CLFS.sys
18:30:59.0325 0x04bc CLFS - ok
18:30:59.0333 0x04bc CmBatt - ok
18:30:59.0347 0x04bc [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\Windows\system32\Drivers\cng.sys
18:30:59.0370 0x04bc CNG - ok
18:30:59.0374 0x04bc CompositeBus - ok
18:30:59.0377 0x04bc COMSysApp - ok
18:30:59.0379 0x04bc condrv - ok
18:30:59.0384 0x04bc [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:30:59.0398 0x04bc CryptSvc - ok
18:30:59.0401 0x04bc dam - ok
18:30:59.0453 0x04bc [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:30:59.0499 0x04bc DcomLaunch - ok
18:30:59.0513 0x04bc [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll
18:30:59.0534 0x04bc defragsvc - ok
18:30:59.0546 0x04bc [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
18:30:59.0564 0x04bc DeviceAssociationService - ok
18:30:59.0570 0x04bc [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
18:30:59.0586 0x04bc DeviceInstall - ok
18:30:59.0589 0x04bc Dfsc - ok
18:30:59.0600 0x04bc [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll
18:30:59.0620 0x04bc Dhcp - ok
18:30:59.0653 0x04bc [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack C:\Windows\system32\diagtrack.dll
18:30:59.0688 0x04bc DiagTrack - ok
18:30:59.0691 0x04bc disk - ok
18:30:59.0693 0x04bc dmvsc - ok
18:30:59.0699 0x04bc [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:30:59.0710 0x04bc Dnscache - ok
18:30:59.0717 0x04bc [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll
18:30:59.0729 0x04bc dot3svc - ok
18:30:59.0735 0x04bc [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\Windows\system32\dps.dll
18:30:59.0746 0x04bc DPS - ok
18:30:59.0749 0x04bc [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:30:59.0756 0x04bc drmkaud - ok
18:30:59.0762 0x04bc [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
18:30:59.0773 0x04bc DsmSvc - ok
18:30:59.0800 0x04bc [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:30:59.0834 0x04bc DXGKrnl - ok
18:30:59.0838 0x04bc e1iexpress - ok
18:30:59.0842 0x04bc [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll
18:30:59.0854 0x04bc Eaphost - ok
18:30:59.0857 0x04bc ebdrv - ok
18:30:59.0861 0x04bc [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe
18:30:59.0870 0x04bc EFS - ok
18:30:59.0872 0x04bc EhStorClass - ok
18:30:59.0874 0x04bc EhStorTcgDrv - ok
18:30:59.0877 0x04bc ErrDev - ok
18:30:59.0880 0x04bc ETD - ok
18:30:59.0885 0x04bc ETDService - ok
18:30:59.0917 0x04bc [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll
18:30:59.0961 0x04bc EventSystem - ok
18:30:59.0966 0x04bc EvtEng - ok
18:30:59.0970 0x04bc exfat - ok
18:30:59.0974 0x04bc fastfat - ok
18:30:59.0999 0x04bc [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe
18:31:00.0053 0x04bc Fax - ok
18:31:00.0058 0x04bc fdc - ok
18:31:00.0062 0x04bc [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll
18:31:00.0075 0x04bc fdPHost - ok
18:31:00.0078 0x04bc [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll
18:31:00.0091 0x04bc FDResPub - ok
18:31:00.0096 0x04bc [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll
18:31:00.0111 0x04bc fhsvc - ok
18:31:00.0114 0x04bc FileInfo - ok
18:31:00.0117 0x04bc Filetrace - ok
18:31:00.0120 0x04bc flpydisk - ok
18:31:00.0131 0x04bc [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:31:00.0149 0x04bc FltMgr - ok
18:31:00.0175 0x04bc [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache C:\Windows\system32\FntCache.dll
18:31:00.0239 0x04bc FontCache - ok
18:31:00.0245 0x04bc FontCache3.0.0.0 - ok
18:31:00.0251 0x04bc [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:31:00.0264 0x04bc FsDepends - ok
18:31:00.0268 0x04bc Fs_Rec - ok
18:31:00.0274 0x04bc fvevol - ok
18:31:00.0282 0x04bc FxPPM - ok
18:31:00.0289 0x04bc gagp30kx - ok
18:31:00.0295 0x04bc GamesAppIntegrationService - ok
18:31:00.0302 0x04bc GamesAppService - ok
18:31:00.0312 0x04bc gencounter - ok
18:31:00.0322 0x04bc GfExperienceService - ok
18:31:00.0331 0x04bc GPIOClx0101 - ok
18:31:00.0383 0x04bc [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\Windows\System32\gpsvc.dll
18:31:00.0426 0x04bc gpsvc - ok
18:31:00.0429 0x04bc HdAudAddService - ok
18:31:00.0431 0x04bc HDAudBus - ok
18:31:00.0433 0x04bc HidBatt - ok
18:31:00.0438 0x04bc [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys
18:31:00.0446 0x04bc HidBth - ok
18:31:00.0448 0x04bc hidi2c - ok
18:31:00.0450 0x04bc HidIr - ok
18:31:00.0453 0x04bc [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll
18:31:00.0462 0x04bc hidserv - ok
18:31:00.0465 0x04bc HIDSwitch - ok
18:31:00.0467 0x04bc HidUsb - ok
18:31:00.0470 0x04bc [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll
18:31:00.0482 0x04bc hkmsvc - ok
18:31:00.0489 0x04bc [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:31:00.0503 0x04bc HomeGroupListener - ok
18:31:00.0513 0x04bc [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:31:00.0528 0x04bc HomeGroupProvider - ok
18:31:00.0531 0x04bc HpSAMD - ok
18:31:00.0549 0x04bc [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:31:00.0573 0x04bc HTTP - ok
18:31:00.0577 0x04bc hwpolicy - ok
18:31:00.0579 0x04bc hyperkbd - ok
18:31:00.0581 0x04bc HyperVideo - ok
18:31:00.0586 0x04bc [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
18:31:00.0597 0x04bc i8042prt - ok
18:31:00.0600 0x04bc iaLPSSi_GPIO - ok
18:31:00.0607 0x04bc iaLPSSi_I2C - ok
18:31:00.0615 0x04bc iaStorA - ok
18:31:00.0623 0x04bc iaStorAV - ok
18:31:00.0631 0x04bc iaStorV - ok
18:31:00.0640 0x04bc iBtSiva - ok
18:31:00.0650 0x04bc ibtusb - ok
18:31:00.0657 0x04bc IEEtwCollectorService - ok
18:31:00.0722 0x04bc [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\Windows\System32\ikeext.dll
18:31:00.0767 0x04bc IKEEXT - ok
18:31:00.0772 0x04bc IntcAzAudAddService - ok
18:31:00.0774 0x04bc Intel(R) Capability Licensing Service TCP IP Interface - ok
18:31:00.0777 0x04bc Intel(R) ME Service - ok
18:31:00.0780 0x04bc IntelHSWPcc - ok
18:31:00.0783 0x04bc intelide - ok
18:31:00.0787 0x04bc [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\Windows\system32\drivers\intelpep.sys
18:31:00.0797 0x04bc intelpep - ok
18:31:00.0799 0x04bc intelppm - ok
18:31:00.0802 0x04bc IpFilterDriver - ok
18:31:00.0824 0x04bc [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:31:00.0851 0x04bc iphlpsvc - ok
18:31:00.0856 0x04bc IPMIDRV - ok
18:31:00.0857 0x04bc IPNAT - ok
18:31:00.0859 0x04bc IRENUM - ok
18:31:00.0861 0x04bc isapnp - ok
18:31:00.0864 0x04bc iScsiPrt - ok
18:31:00.0865 0x04bc jhi_service - ok
18:31:00.0869 0x04bc [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
18:31:00.0876 0x04bc kbdclass - ok
18:31:00.0879 0x04bc [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
18:31:00.0888 0x04bc kbdhid - ok
18:31:00.0889 0x04bc kbfiltr - ok
18:31:00.0891 0x04bc kdnic - ok
18:31:00.0894 0x04bc [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe
18:31:00.0910 0x04bc KeyIso - ok
18:31:00.0920 0x04bc [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:31:00.0944 0x04bc KSecDD - ok
18:31:00.0957 0x04bc [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:31:00.0977 0x04bc KSecPkg - ok
18:31:00.0981 0x04bc ksthunk - ok
18:31:00.0994 0x04bc [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:31:01.0021 0x04bc KtmRm - ok
18:31:01.0041 0x04bc [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll
18:31:01.0069 0x04bc LanmanServer - ok
18:31:01.0081 0x04bc [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:31:01.0106 0x04bc LanmanWorkstation - ok
18:31:01.0125 0x04bc [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
18:31:01.0148 0x04bc lfsvc - ok
18:31:01.0151 0x04bc lltdio - ok
18:31:01.0157 0x04bc [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:31:01.0170 0x04bc lltdsvc - ok
18:31:01.0173 0x04bc [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:31:01.0183 0x04bc lmhosts - ok
18:31:01.0185 0x04bc LMS - ok
18:31:01.0188 0x04bc LSI_SAS - ok
18:31:01.0190 0x04bc LSI_SAS2 - ok
18:31:01.0193 0x04bc LSI_SAS3 - ok
18:31:01.0195 0x04bc LSI_SSS - ok
18:31:01.0209 0x04bc [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\Windows\System32\lsm.dll
18:31:01.0235 0x04bc LSM - ok
18:31:01.0241 0x04bc luafv - ok
18:31:01.0250 0x04bc megasas - ok
18:31:01.0256 0x04bc megasr - ok
18:31:01.0263 0x04bc MEIx64 - ok
18:31:01.0275 0x04bc Microsoft SharePoint Workspace Audit Service - ok
18:31:01.0286 0x04bc [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll
18:31:01.0320 0x04bc MMCSS - ok
18:31:01.0327 0x04bc Modem - ok
18:31:01.0333 0x04bc monitor - ok
18:31:01.0344 0x04bc [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass C:\Windows\System32\drivers\mouclass.sys
18:31:01.0369 0x04bc mouclass - ok
18:31:01.0379 0x04bc [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid C:\Windows\System32\drivers\mouhid.sys
18:31:01.0404 0x04bc mouhid - ok
18:31:01.0416 0x04bc [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:31:01.0443 0x04bc mountmgr - ok
18:31:01.0451 0x04bc [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:31:01.0466 0x04bc MozillaMaintenance - ok
18:31:01.0473 0x04bc [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:31:01.0490 0x04bc mpsdrv - ok
18:31:01.0521 0x04bc [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:31:01.0554 0x04bc MpsSvc - ok
18:31:01.0560 0x04bc [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:31:01.0572 0x04bc MRxDAV - ok
18:31:01.0583 0x04bc [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:31:01.0620 0x04bc mrxsmb - ok
18:31:01.0625 0x04bc mrxsmb10 - ok
18:31:01.0637 0x04bc [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:31:01.0660 0x04bc mrxsmb20 - ok
18:31:01.0671 0x04bc [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
18:31:01.0692 0x04bc MsBridge - ok
18:31:01.0701 0x04bc [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe
18:31:01.0726 0x04bc MSDTC - ok
18:31:01.0734 0x04bc Msfs - ok
18:31:01.0739 0x04bc msgpiowin32 - ok
18:31:01.0742 0x04bc mshidkmdf - ok
18:31:01.0745 0x04bc mshidumdf - ok
18:31:01.0748 0x04bc msisadrv - ok
18:31:01.0755 0x04bc [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:31:01.0770 0x04bc MSiSCSI - ok
18:31:01.0773 0x04bc msiserver - ok
18:31:01.0776 0x04bc MSKSSRV - ok
18:31:01.0781 0x04bc [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
18:31:01.0793 0x04bc MsLldp - ok
18:31:01.0796 0x04bc MSPCLOCK - ok
18:31:01.0799 0x04bc MSPQM - ok
18:31:01.0802 0x04bc MsRPC - ok
18:31:01.0807 0x04bc mssmbios - ok
18:31:01.0810 0x04bc MSTEE - ok
18:31:01.0812 0x04bc MTConfig - ok
18:31:01.0815 0x04bc Mup - ok
18:31:01.0818 0x04bc mvumis - ok
18:31:01.0821 0x04bc MyWiFiDHCPDNS - ok
18:31:01.0835 0x04bc [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll
18:31:01.0859 0x04bc napagent - ok
18:31:01.0872 0x04bc [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:31:01.0894 0x04bc NativeWifiP - ok
18:31:01.0902 0x04bc [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll
18:31:01.0920 0x04bc NcaSvc - ok
18:31:01.0926 0x04bc [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll
18:31:01.0943 0x04bc NcbService - ok
18:31:01.0948 0x04bc [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
18:31:01.0964 0x04bc NcdAutoSetup - ok
18:31:01.0992 0x04bc [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:31:02.0033 0x04bc NDIS - ok
18:31:02.0038 0x04bc [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:31:02.0047 0x04bc NdisCap - ok
18:31:02.0051 0x04bc [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
18:31:02.0061 0x04bc NdisImPlatform - ok
18:31:02.0064 0x04bc [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:31:02.0071 0x04bc NdisTapi - ok
18:31:02.0073 0x04bc Ndisuio - ok
18:31:02.0075 0x04bc NdisVirtualBus - ok
18:31:02.0077 0x04bc NdisWan - ok
18:31:02.0079 0x04bc NdisWanLegacy - ok
18:31:02.0082 0x04bc [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:31:02.0090 0x04bc NDProxy - ok
18:31:02.0094 0x04bc [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys
18:31:02.0104 0x04bc Ndu - ok
18:31:02.0107 0x04bc [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:31:02.0115 0x04bc NetBIOS - ok
18:31:02.0117 0x04bc NetBT - ok
18:31:02.0120 0x04bc [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe
18:31:02.0129 0x04bc Netlogon - ok
18:31:02.0136 0x04bc [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll
18:31:02.0148 0x04bc Netman - ok
18:31:02.0159 0x04bc [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll
18:31:02.0176 0x04bc netprofm - ok
18:31:02.0183 0x04bc NetTcpPortSharing - ok
18:31:02.0187 0x04bc [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\Windows\System32\drivers\netvsc63.sys
18:31:02.0196 0x04bc netvsc - ok
18:31:02.0199 0x04bc NETwNb64 - ok
18:31:02.0200 0x04bc NETwNe64 - ok
18:31:02.0203 0x04bc NETwNs64 - ok
18:31:02.0205 0x04bc NFC_Driver - ok
18:31:02.0214 0x04bc [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll
18:31:02.0230 0x04bc NlaSvc - ok
18:31:02.0233 0x04bc Npfs - ok
18:31:02.0235 0x04bc npsvctrig - ok
18:31:02.0238 0x04bc [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll
18:31:02.0251 0x04bc nsi - ok
18:31:02.0255 0x04bc [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:31:02.0263 0x04bc nsiproxy - ok
18:31:02.0298 0x04bc [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:31:02.0340 0x04bc Ntfs - ok
18:31:02.0344 0x04bc Null - ok
18:31:02.0350 0x04bc [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:31:02.0357 0x04bc NVHDA - ok
18:31:02.0568 0x04bc [ 7C28BA74B766F3470128107DA764F711, 43738B3B7F7A493D2B0102B889612A1E91545F38BA82CD911D63361F08048314 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:31:02.0724 0x04bc nvlddmkm - ok
18:31:02.0735 0x04bc NvNetworkService - ok
18:31:02.0737 0x04bc nvraid - ok
18:31:02.0739 0x04bc nvstor - ok
18:31:02.0740 0x04bc NvStreamKms - ok
18:31:02.0742 0x04bc NvStreamSvc - ok
18:31:02.0759 0x04bc [ 2A4F832243E869FD7564AA90402D74BD, E730A517EB6D49036B6FC196BFC930ED93EDB4FD4FA7EB1EB69A434BB94AE3C0 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:31:02.0781 0x04bc nvsvc - ok
18:31:02.0785 0x04bc [ DD5D741E4FFF47BA4C1E8BD14D59E866, AB7B5A9386EE8AB41E53547529CB993EF70D66870B173B8B353C7936CE2A2932 ] NVVADARM C:\Windows\system32\drivers\nvvadarm.sys
18:31:02.0790 0x04bc NVVADARM - ok
18:31:02.0792 0x04bc nvvad_WaveExtensible - ok
18:31:02.0794 0x04bc nv_agp - ok
18:31:02.0831 0x04bc [ FCE83ABDE761C87D17EA65960455F0E5, E59C13E26845FE0537AEBF0E4A9DC0AF3E6DF55C7A54247FC8078AC5DE666AD4 ] Origin Client Service C:\Spiele\Origin\OriginClientService.exe
18:31:02.0866 0x04bc Origin Client Service - ok
18:31:02.0874 0x04bc [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:31:02.0881 0x04bc ose - ok
18:31:03.0014 0x04bc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:31:03.0090 0x04bc osppsvc - ok
18:31:03.0104 0x04bc [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:31:03.0119 0x04bc p2pimsvc - ok
18:31:03.0129 0x04bc [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll
18:31:03.0144 0x04bc p2psvc - ok
18:31:03.0147 0x04bc Parport - ok
18:31:03.0151 0x04bc [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:31:03.0159 0x04bc partmgr - ok
18:31:03.0170 0x04bc [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:31:03.0185 0x04bc PcaSvc - ok
18:31:03.0188 0x04bc pci - ok
18:31:03.0190 0x04bc pciide - ok
18:31:03.0191 0x04bc pcmcia - ok
18:31:03.0193 0x04bc pcw - ok
18:31:03.0197 0x04bc [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\Windows\system32\drivers\pdc.sys
18:31:03.0204 0x04bc pdc - ok
18:31:03.0207 0x04bc PEAUTH - ok
18:31:03.0229 0x04bc PerfHost - ok
18:31:03.0258 0x04bc [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\Windows\system32\pla.dll
18:31:03.0291 0x04bc pla - ok
18:31:03.0296 0x04bc [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:31:03.0307 0x04bc PlugPlay - ok
18:31:03.0311 0x04bc [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
18:31:03.0318 0x04bc PnkBstrA - ok
18:31:03.0321 0x04bc [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:31:03.0332 0x04bc PNRPAutoReg - ok
18:31:03.0357 0x04bc [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:31:03.0399 0x04bc PNRPsvc - ok
18:31:03.0416 0x04bc [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:31:03.0445 0x04bc PolicyAgent - ok
18:31:03.0454 0x04bc [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\Windows\system32\umpo.dll
18:31:03.0477 0x04bc Power - ok
18:31:03.0488 0x04bc PrintNotify - ok
18:31:03.0498 0x04bc Processor - ok
18:31:03.0509 0x04bc [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\Windows\system32\profsvc.dll
18:31:03.0537 0x04bc ProfSvc - ok
18:31:03.0546 0x04bc [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:31:03.0565 0x04bc Psched - ok
18:31:03.0585 0x04bc [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll
18:31:03.0623 0x04bc QWAVE - ok
18:31:03.0629 0x04bc [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:31:03.0647 0x04bc QWAVEdrv - ok
18:31:03.0652 0x04bc [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:31:03.0676 0x04bc RasAcd - ok
18:31:03.0689 0x04bc [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll
18:31:03.0730 0x04bc RasAuto - ok
18:31:03.0767 0x04bc [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\Windows\System32\rasmans.dll
18:31:03.0811 0x04bc RasMan - ok
18:31:03.0816 0x04bc RasPppoe - ok
18:31:03.0820 0x04bc rdbss - ok
18:31:03.0826 0x04bc rdpbus - ok
18:31:03.0830 0x04bc RDPDR - ok
18:31:03.0839 0x04bc [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:31:03.0854 0x04bc RdpVideoMiniport - ok
18:31:03.0859 0x04bc rdyboost - ok
18:31:03.0894 0x04bc [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\Windows\system32\drivers\ReFS.sys
18:31:03.0928 0x04bc ReFS - ok
18:31:03.0932 0x04bc RegSrvc - ok
18:31:03.0938 0x04bc [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:31:03.0950 0x04bc RemoteAccess - ok
18:31:03.0955 0x04bc [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:31:03.0968 0x04bc RemoteRegistry - ok
18:31:03.0974 0x04bc [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
18:31:03.0984 0x04bc RFCOMM - ok
18:31:03.0988 0x04bc [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:31:03.0999 0x04bc RpcEptMapper - ok
18:31:04.0001 0x04bc [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe
18:31:04.0011 0x04bc RpcLocator - ok
18:31:04.0027 0x04bc [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\Windows\system32\rpcss.dll
18:31:04.0048 0x04bc RpcSs - ok
18:31:04.0051 0x04bc rspndr - ok
18:31:04.0053 0x04bc RTL8168 - ok
18:31:04.0064 0x04bc [ 11EF57EC51EDE3697B462B5FDDBFD0D1, B7CE98D2AAC12B5809B03F273AC71F604D9FEDB8743E92460F17E4910BDB6204 ] RzWizardService C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
18:31:04.0072 0x04bc RzWizardService - detected UnsignedFile.Multi.Generic ( 1 )
18:31:06.0669 0x04bc Detect skipped due to KSN trusted
18:31:06.0670 0x04bc RzWizardService - ok
18:31:06.0677 0x04bc s3cap - ok
18:31:06.0687 0x04bc [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe
18:31:06.0720 0x04bc SamSs - ok
18:31:06.0725 0x04bc sbp2port - ok
18:31:06.0736 0x04bc [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:31:06.0776 0x04bc SCardSvr - ok
18:31:06.0791 0x04bc [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
18:31:06.0833 0x04bc ScDeviceEnum - ok
18:31:06.0843 0x04bc [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:31:06.0873 0x04bc scfilter - ok
18:31:06.0921 0x04bc [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\Windows\system32\schedsvc.dll
18:31:06.0964 0x04bc Schedule - ok
18:31:06.0970 0x04bc [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:31:06.0980 0x04bc SCPolicySvc - ok
18:31:06.0988 0x04bc [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\Windows\System32\drivers\sdbus.sys
18:31:06.0998 0x04bc sdbus - ok
18:31:07.0001 0x04bc sdstor - ok
18:31:07.0003 0x04bc secdrv - ok
18:31:07.0006 0x04bc [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\Windows\system32\seclogon.dll
18:31:07.0016 0x04bc seclogon - ok
18:31:07.0020 0x04bc [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll
18:31:07.0031 0x04bc SENS - ok
18:31:07.0037 0x04bc [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:31:07.0050 0x04bc SensrSvc - ok
18:31:07.0053 0x04bc SerCx - ok
18:31:07.0054 0x04bc SerCx2 - ok
18:31:07.0056 0x04bc Serenum - ok
18:31:07.0058 0x04bc Serial - ok
18:31:07.0061 0x04bc [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse C:\Windows\System32\drivers\sermouse.sys
18:31:07.0068 0x04bc sermouse - ok
18:31:07.0079 0x04bc [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\Windows\system32\sessenv.dll
18:31:07.0094 0x04bc SessionEnv - ok
18:31:07.0096 0x04bc sfloppy - ok
18:31:07.0105 0x04bc [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:31:07.0120 0x04bc SharedAccess - ok
18:31:07.0133 0x04bc [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:31:07.0168 0x04bc ShellHWDetection - ok
18:31:07.0173 0x04bc SiSRaid2 - ok
18:31:07.0178 0x04bc SiSRaid4 - ok
18:31:07.0191 0x04bc [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:31:07.0216 0x04bc SkypeUpdate - ok
18:31:07.0222 0x04bc [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll
18:31:07.0241 0x04bc smphost - ok
18:31:07.0249 0x04bc [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:31:07.0270 0x04bc SNMPTRAP - ok
18:31:07.0293 0x04bc [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\Windows\system32\drivers\spaceport.sys
18:31:07.0322 0x04bc spaceport - ok
18:31:07.0325 0x04bc SpbCx - ok
18:31:07.0340 0x04bc [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\Windows\System32\spoolsv.exe
18:31:07.0364 0x04bc Spooler - ok
18:31:07.0367 0x04bc sppsvc - ok
18:31:07.0369 0x04bc srv - ok
18:31:07.0382 0x04bc [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:31:07.0398 0x04bc srv2 - ok
18:31:07.0401 0x04bc srvnet - ok
18:31:07.0408 0x04bc [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:31:07.0421 0x04bc SSDPSRV - ok
18:31:07.0427 0x04bc [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:31:07.0438 0x04bc SstpSvc - ok
18:31:07.0456 0x04bc [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:31:07.0480 0x04bc Steam Client Service - ok
18:31:07.0511 0x04bc [ F82B2FC221CA0E408874884787491667, A9C7FB9C4719484BDA4FB69A8F948DC556CFEA19DFE89D2E63536F2C42725E66 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:31:07.0543 0x04bc Stereo Service - ok
18:31:07.0548 0x04bc stexstor - ok
18:31:07.0573 0x04bc [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll
18:31:07.0607 0x04bc stisvc - ok
18:31:07.0610 0x04bc storahci - ok
18:31:07.0613 0x04bc [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:31:07.0623 0x04bc storflt - ok
18:31:07.0626 0x04bc stornvme - ok
18:31:07.0629 0x04bc [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll
18:31:07.0642 0x04bc StorSvc - ok
18:31:07.0645 0x04bc storvsc - ok
18:31:07.0648 0x04bc [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll
18:31:07.0660 0x04bc svsvc - ok
18:31:07.0663 0x04bc [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys
18:31:07.0672 0x04bc swenum - ok
18:31:07.0690 0x04bc [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll
18:31:07.0716 0x04bc swprv - ok
18:31:07.0740 0x04bc [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\Windows\system32\sysmain.dll
18:31:07.0768 0x04bc SysMain - ok
18:31:07.0777 0x04bc [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
18:31:07.0792 0x04bc SystemEventsBroker - ok
18:31:07.0798 0x04bc [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:31:07.0812 0x04bc TabletInputService - ok
18:31:07.0820 0x04bc [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll
18:31:07.0835 0x04bc TapiSrv - ok
18:31:07.0877 0x04bc [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:31:07.0928 0x04bc Tcpip - ok
18:31:07.0971 0x04bc [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:31:08.0021 0x04bc TCPIP6 - ok
18:31:08.0026 0x04bc tcpipreg - ok
18:31:08.0029 0x04bc tdx - ok
18:31:08.0031 0x04bc terminpt - ok
18:31:08.0073 0x04bc [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll
18:31:08.0112 0x04bc TermService - ok
18:31:08.0117 0x04bc [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll
18:31:08.0128 0x04bc Themes - ok
18:31:08.0136 0x04bc [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll
18:31:08.0168 0x04bc THREADORDER - ok
18:31:08.0172 0x04bc ThunderboltService - ok
18:31:08.0186 0x04bc [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
18:31:08.0218 0x04bc TimeBroker - ok
18:31:08.0222 0x04bc TPM - ok
18:31:08.0228 0x04bc [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll
18:31:08.0245 0x04bc TrkWks - ok
18:31:08.0250 0x04bc [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:31:08.0265 0x04bc TrustedInstaller - ok
18:31:08.0269 0x04bc TsUsbFlt - ok
18:31:08.0273 0x04bc [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
18:31:08.0286 0x04bc TsUsbGD - ok
18:31:08.0289 0x04bc tunnel - ok
18:31:08.0292 0x04bc uagp35 - ok
18:31:08.0295 0x04bc UASPStor - ok
18:31:08.0303 0x04bc [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
18:31:08.0319 0x04bc UCX01000 - ok
18:31:08.0330 0x04bc [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:31:08.0346 0x04bc udfs - ok
18:31:08.0349 0x04bc UEFI - ok
18:31:08.0353 0x04bc [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:31:08.0363 0x04bc UI0Detect - ok
18:31:08.0366 0x04bc uliagpkx - ok
18:31:08.0368 0x04bc umbus - ok
18:31:08.0370 0x04bc UmPass - ok
18:31:08.0377 0x04bc [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll
18:31:08.0391 0x04bc UmRdpService - ok
18:31:08.0401 0x04bc [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll
18:31:08.0418 0x04bc upnphost - ok
18:31:08.0420 0x04bc usbccgp - ok
18:31:08.0425 0x04bc [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys
18:31:08.0434 0x04bc usbcir - ok
18:31:08.0436 0x04bc usbehci - ok
18:31:08.0438 0x04bc usbhub - ok
18:31:08.0451 0x04bc [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
18:31:08.0465 0x04bc USBHUB3 - ok
18:31:08.0468 0x04bc usbohci - ok
18:31:08.0470 0x04bc usbprint - ok
18:31:08.0476 0x04bc [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
18:31:08.0485 0x04bc USBSTOR - ok
18:31:08.0488 0x04bc usbuhci - ok
18:31:08.0495 0x04bc [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:31:08.0506 0x04bc usbvideo - ok
18:31:08.0516 0x04bc [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
18:31:08.0528 0x04bc USBXHCI - ok
18:31:08.0531 0x04bc [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe
18:31:08.0540 0x04bc VaultSvc - ok
18:31:08.0543 0x04bc vdrvroot - ok
18:31:08.0565 0x04bc [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\Windows\System32\vds.exe
18:31:08.0596 0x04bc vds - ok
18:31:08.0599 0x04bc VerifierExt - ok
18:31:08.0615 0x04bc [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
18:31:08.0631 0x04bc vhdmp - ok
18:31:08.0634 0x04bc viaide - ok
18:31:08.0638 0x04bc [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:31:08.0646 0x04bc vmbus - ok
18:31:08.0648 0x04bc VMBusHID - ok
18:31:08.0659 0x04bc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
18:31:08.0676 0x04bc vmicguestinterface - ok
18:31:08.0688 0x04bc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
18:31:08.0704 0x04bc vmicheartbeat - ok
18:31:08.0716 0x04bc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
18:31:08.0732 0x04bc vmickvpexchange - ok
18:31:08.0743 0x04bc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll
18:31:08.0759 0x04bc vmicrdv - ok
18:31:08.0770 0x04bc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll
18:31:08.0786 0x04bc vmicshutdown - ok
18:31:08.0812 0x04bc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll
18:31:08.0845 0x04bc vmictimesync - ok
18:31:08.0857 0x04bc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll
18:31:08.0874 0x04bc vmicvss - ok
18:31:08.0877 0x04bc volmgr - ok
18:31:08.0879 0x04bc volmgrx - ok
18:31:08.0881 0x04bc volsnap - ok
18:31:08.0884 0x04bc [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\Windows\System32\drivers\vpci.sys
18:31:08.0892 0x04bc vpci - ok
18:31:08.0895 0x04bc vsmraid - ok
18:31:08.0919 0x04bc [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\Windows\system32\vssvc.exe
18:31:08.0953 0x04bc VSS - ok
18:31:08.0957 0x04bc VSTXRAID - ok
18:31:08.0959 0x04bc vwifibus - ok
18:31:08.0961 0x04bc vwififlt - ok
18:31:08.0963 0x04bc vwifimp - ok
18:31:08.0971 0x04bc [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\Windows\system32\w32time.dll
18:31:08.0989 0x04bc W32Time - ok
18:31:08.0990 0x04bc WacomPen - ok
18:31:09.0019 0x04bc [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\Windows\system32\wbengine.exe
18:31:09.0053 0x04bc wbengine - ok
18:31:09.0065 0x04bc [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:31:09.0083 0x04bc WbioSrvc - ok
18:31:09.0098 0x04bc [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
18:31:09.0134 0x04bc Wcmsvc - ok
18:31:09.0152 0x04bc [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:31:09.0181 0x04bc wcncsvc - ok
18:31:09.0185 0x04bc [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:31:09.0195 0x04bc WcsPlugInService - ok
18:31:09.0199 0x04bc [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
18:31:09.0206 0x04bc WdBoot - ok
18:31:09.0209 0x04bc Wdf01000 - ok
18:31:09.0215 0x04bc [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
18:31:09.0226 0x04bc WdFilter - ok
18:31:09.0231 0x04bc [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:31:09.0243 0x04bc WdiServiceHost - ok
18:31:09.0246 0x04bc [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:31:09.0258 0x04bc WdiSystemHost - ok
18:31:09.0262 0x04bc [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
18:31:09.0270 0x04bc WdNisDrv - ok
18:31:09.0272 0x04bc WdNisSvc - ok
18:31:09.0279 0x04bc [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\Windows\System32\webclnt.dll
18:31:09.0292 0x04bc WebClient - ok
18:31:09.0298 0x04bc [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:31:09.0310 0x04bc Wecsvc - ok
18:31:09.0313 0x04bc [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
18:31:09.0324 0x04bc WEPHOSTSVC - ok
18:31:09.0328 0x04bc [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:31:09.0343 0x04bc wercplsupport - ok
18:31:09.0347 0x04bc [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll
18:31:09.0359 0x04bc WerSvc - ok
18:31:09.0364 0x04bc [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
18:31:09.0373 0x04bc WFPLWFS - ok
18:31:09.0377 0x04bc [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll
18:31:09.0387 0x04bc WiaRpc - ok
18:31:09.0390 0x04bc [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:31:09.0397 0x04bc WIMMount - ok
18:31:09.0398 0x04bc WinDefend - ok
18:31:09.0415 0x04bc [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
18:31:09.0437 0x04bc WinHttpAutoProxySvc - ok
18:31:09.0448 0x04bc [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:31:09.0460 0x04bc Winmgmt - ok
18:31:09.0506 0x04bc [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\Windows\system32\WsmSvc.dll
18:31:09.0558 0x04bc WinRM - ok
18:31:09.0564 0x04bc WinUsb - ok
18:31:09.0592 0x04bc [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll
18:31:09.0659 0x04bc WlanSvc - ok
18:31:09.0695 0x04bc [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll
18:31:09.0771 0x04bc wlidsvc - ok
18:31:09.0776 0x04bc WmiAcpi - ok
18:31:09.0784 0x04bc [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:31:09.0798 0x04bc wmiApSrv - ok
18:31:09.0800 0x04bc WMPNetworkSvc - ok
18:31:09.0807 0x04bc [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
18:31:09.0821 0x04bc Wof - ok
18:31:09.0888 0x04bc [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
18:31:09.0939 0x04bc workfolderssvc - ok
18:31:09.0943 0x04bc [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
18:31:09.0952 0x04bc wpcfltr - ok
18:31:09.0954 0x04bc [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:31:09.0977 0x04bc WPCSvc - ok
18:31:09.0987 0x04bc [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:31:10.0024 0x04bc WPDBusEnum - ok
18:31:10.0029 0x04bc WpdUpFltr - ok
18:31:10.0033 0x04bc ws2ifsl - ok
18:31:10.0044 0x04bc [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\Windows\System32\wscsvc.dll
18:31:10.0071 0x04bc wscsvc - ok
18:31:10.0076 0x04bc WSearch - ok
18:31:10.0172 0x04bc [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll
18:31:10.0247 0x04bc WSService - ok
18:31:10.0343 0x04bc [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv C:\Windows\system32\wuaueng.dll
18:31:10.0411 0x04bc wuauserv - ok
18:31:10.0418 0x04bc [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:31:10.0427 0x04bc WudfPf - ok
18:31:10.0434 0x04bc [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
18:31:10.0456 0x04bc WUDFRd - ok
18:31:10.0468 0x04bc [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:31:10.0505 0x04bc wudfsvc - ok
18:31:10.0518 0x04bc [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
18:31:10.0542 0x04bc WUDFWpdFs - ok
18:31:10.0571 0x04bc [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:31:10.0618 0x04bc WwanSvc - ok
18:31:10.0625 0x04bc ZeroConfigService - ok
18:31:10.0635 0x04bc ================ Scan global ===============================
18:31:10.0641 0x04bc [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll
18:31:10.0653 0x04bc [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
18:31:10.0670 0x04bc [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
18:31:10.0688 0x04bc [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
18:31:10.0699 0x04bc [ Global ] - ok
18:31:10.0699 0x04bc ================ Scan MBR ==================================
18:31:10.0701 0x04bc [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:31:10.0735 0x04bc \Device\Harddisk0\DR0 - ok
18:31:10.0758 0x04bc [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:31:10.0845 0x04bc \Device\Harddisk1\DR1 - ok
18:31:10.0846 0x04bc ================ Scan VBR ==================================
18:31:10.0850 0x04bc [ 09CE55A14337FDD3D1BB8373A3941A3C ] \Device\Harddisk0\DR0\Partition1
18:31:10.0852 0x04bc \Device\Harddisk0\DR0\Partition1 - ok
18:31:10.0857 0x04bc [ 2D524F05766D084E9BC1747B63390F77 ] \Device\Harddisk0\DR0\Partition2
18:31:10.0857 0x04bc \Device\Harddisk0\DR0\Partition2 - ok
18:31:10.0864 0x04bc [ CF2E6908D4146578C373E8F913DC0A3D ] \Device\Harddisk0\DR0\Partition3
18:31:10.0867 0x04bc \Device\Harddisk0\DR0\Partition3 - ok
18:31:10.0872 0x04bc [ 43B69AE1A5F9882A32CA20276AB41827 ] \Device\Harddisk0\DR0\Partition4
18:31:10.0875 0x04bc \Device\Harddisk0\DR0\Partition4 - ok
18:31:10.0880 0x04bc [ 2E515701EA0378598B54FBEAD4C82201 ] \Device\Harddisk1\DR1\Partition1
18:31:10.0922 0x04bc \Device\Harddisk1\DR1\Partition1 - ok
18:31:10.0923 0x04bc ================ Scan generic autorun ======================
18:31:10.0924 0x04bc NvBackend - ok
18:31:10.0935 0x04bc [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\Windows\system32\rundll32.exe
18:31:10.0977 0x04bc ShadowPlay - ok
18:31:10.0978 0x04bc ETDCtrl - ok
18:31:10.0986 0x04bc BTMTrayAgent - ok
18:31:10.0990 0x04bc WebStorage - ok
18:31:10.0993 0x04bc ROGNB - ok
18:31:10.0996 0x04bc ASUS ROG MacroKey - ok
18:31:11.0010 0x04bc [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
18:31:11.0038 0x04bc BCSSync - ok
18:31:11.0052 0x04bc [ 10D17ABA0E64306AF1C2AC0C9934CE57, 33384B535F9656D38C9C5C912BAC750E9E47229E52273FA9548D92BE5693FEE9 ] C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
18:31:11.0067 0x04bc RzWizard - detected UnsignedFile.Multi.Generic ( 1 )
18:31:13.0501 0x04bc Detect skipped due to KSN trusted
18:31:13.0501 0x04bc RzWizard - ok
18:31:13.0514 0x04bc [ 5120CD65A74A5E054FB2B0577688024C, 2C771743C797ED2F94E4C0CD7472D20532DB6C3E95DEB0DA4D14D6B5469EE273 ] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
18:31:13.0539 0x04bc Avira Systray - ok
18:31:13.0592 0x04bc [ A6ABD4AF02AB03676DEA55F383ABC7C2, 62F838618C78A297D970EC58F97F2D843EBFEF2D81754D658664BEEED79BFB50 ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
18:31:13.0624 0x04bc avgnt - ok
18:31:13.0625 0x04bc Steam - ok
18:31:13.0701 0x04bc [ D270652063855034758D65001715BDEE, 0EBF559AE8D6B54E4AC035042783D1FA30624F222D0F1E717C724845A082F2CE ] C:\Spiele\Origin\Origin.exe
18:31:13.0756 0x04bc EADM - ok
18:31:13.0759 0x04bc Waiting for KSN requests completion. In queue: 14
18:31:14.0761 0x04bc Waiting for KSN requests completion. In queue: 14
18:31:15.0761 0x04bc Waiting for KSN requests completion. In queue: 14
18:31:16.0785 0x04bc AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.11.550 ), 0x41000 ( enabled : updated )
18:31:16.0787 0x04bc AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
18:31:16.0816 0x04bc Win FW state via NFP2: enabled
18:31:19.0356 0x04bc ============================================================
18:31:19.0356 0x04bc Scan finished
18:31:19.0356 0x04bc ============================================================
18:31:19.0375 0x0d68 Detected object count: 0
18:31:19.0375 0x0d68 Actual detected object count: 0
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.20.03
rootkit: v2015.06.15.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17842
Profilname :: ProfilnameS-LAPTOP [administrator]
20.06.2015 18:12:29
mbar-log-2015-06-20 (18-12-29).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 348313
Time elapsed: 5 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
21.06.2015, 09:37
| #4 |
| /// the machine /// TB-Ausbilder | Datenleck Aufsprüfen PC1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter 2015-05-16 21:42 - 2015-06-20 11:54 - 0000093 _____ () C:\Users\Profilname\AppData\Roaming\sp_data.sys
2014-12-11 04:26 - 2014-12-11 04:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-29 08:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.06.2015, 16:35
| #5 |
| | Datenleck Aufsprüfen PC1 Fertig. - Versehentlich wurde die Fixlist.txt einmal zuvor einmal ausgeführt ohne das der Profilname angepasst wurde. Der Nachfolgende Code wurde in der 1. Runde ausgeführt und von mir in den 2. Log übernommen. Lediglich die Größe der gelöschten temp. Dateien konnte ich nicht zusammenfassen, da der 1. Log durch den 2. überschrieben wurde. Code:
ATTFilter "C:\ProgramData\DP45977C.lfl" => moved successfully.
"C:\ProgramData\SetStretch.VBS" => moved successfully.
Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Profilname at 2015-06-21 17:30:39 Run:2
Running from C:\Users\Profilname\Desktop
Loaded Profiles: Profilname (Available Profiles: Profilname)
Boot Mode: Normal
==============================================
fixlist content:
*****************
2015-05-16 21:42 - 2015-06-20 11:54 - 0000093 _____ () C:\Users\Profilname\AppData\Roaming\sp_data.sys
2014-12-11 04:26 - 2014-12-11 04:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-29 08:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Emptytemp:
*****************
C:\Users\Profilname\AppData\Roaming\sp_data.sys => moved successfully.
"C:\ProgramData\DP45977C.lfl" => moved successfully.
"C:\ProgramData\SetStretch.VBS" => moved successfully.
EmptyTemp: => 8.6 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 17:30:50 ====
Geändert von Armer_Thor (21.06.2015 um 16:49 Uhr) |
|
22.06.2015, 11:44
| #6 |
| /// the machine /// TB-Ausbilder | Datenleck Aufsprüfen PC1 Ansonsten seh ich auf dem Rechner nix 
__________________ --> Datenleck Aufsprüfen PC1 |
|
22.06.2015, 18:01
| #7 |
| | Datenleck Aufsprüfen PC1 Danke! Lässt sich aus den Logs erlesen, was wir dort entfernt haben? |
|
23.06.2015, 09:36
| #8 |
| /// the machine /// TB-Ausbilder | Datenleck Aufsprüfen PC1 Wir haben nur 3 Dateien entfernt die da nicht sein müssen, mehr nicht
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Datenleck Aufsprüfen PC1 |
| adobe, adware, antivirus, avira, avp, browser, computer, cpu, defender, firefox, internet, internet explorer, kaspersky, launch, performance, prozess, rundll, security, services.exe, software, svchost.exe, system, tcp, udp, usb, windows |
Linear-Darstellung
