| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBotWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.10.2015, 10:19
| #1 |
| |  Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot Hallo. Mein Vater hat eine E-Mail vom Telekom Abuse-Team bekommen. Dieser sind wir zunächst sehr skeptisch gegenüber getreten. Nach einiger Recherche, auch in diesem Forum, hat sich die Mail aber als echt herausgestellt. Bei meinen Nachforschungen bin ich in diesem Forum auf einen Hinweis gestoßen, der hier vermutlich auch zutreffen könnte: Bei vielen Threads zum Thema Zeus/ZBot tauchte ein MP4Player von Chip.de auf. Auch mein Vater hat sich am Tag der Infizierung (laut Telekom 26.09.) diesen Player installiert. Nachdem Scans mit Antivir, den von der Telekom empfohlenen EU-Cleaner und HitmanPro, sowie MBAM nichts gefunden haben, wende ich mich nun an euch. defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:16 on 02/10/2015 (S****l)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
durchgeführt von **** (Administrator) auf ARBEITSZIMMER (02-10-2015 10:17:18)
Gestartet von C:\Users\****\Desktop
Geladene Profile: **** (Verfügbare Profile: **** & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() D:\Tobit Radio.fx\Server\rfx-server.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(ScanSoft, Inc) C:\Program Files (x86)\ScanSoft\OmniPagePro11.0\opware32.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(FILSH Media GmbH) C:\Program Files (x86)\FILSHtray\FILSHtray.exe
(Deutsche Telekom AG) C:\Users\****\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [Omnipage] => C:\Program Files (x86)\ScanSoft\OmniPagePro11.0\opware32.exe [49152 2001-05-26] (ScanSoft, Inc)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-21] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36710720 2015-09-25] (Dropbox, Inc.)
HKU\S-1-5-21-2498524848-1469805208-1322061692-1000\...\Run: [Global Registration] => "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot
HKU\S-1-5-21-2498524848-1469805208-1322061692-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\****\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\****\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\****\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2010-12-28]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FILSHtray.lnk [2012-06-20]
ShortcutTarget: FILSHtray.lnk -> C:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2013-02-13]
ShortcutTarget: Mediencenter.lnk -> C:\Users\****\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{8DF988A1-FFEF-4977-A3C5-A8821C69DC3C}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-2498524848-1469805208-1322061692-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-2498524848-1469805208-1322061692-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2498524848-1469805208-1322061692-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2498524848-1469805208-1322061692-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\nmdvbden.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\nmdvbden.default\searchplugins\11-suche.xml [2014-04-24]
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\nmdvbden.default\searchplugins\englische-ergebnisse.xml [2014-04-24]
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\nmdvbden.default\searchplugins\gmx-suche.xml [2014-04-24]
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\nmdvbden.default\searchplugins\lastminute.xml [2014-04-24]
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\nmdvbden.default\searchplugins\webde-suche.xml [2014-04-24]
FF Extension: Avira Browser Safety - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\nmdvbden.default\Extensions\abs@avira.com [2015-09-18]
FF Extension: WEB.DE MailCheck - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\nmdvbden.default\Extensions\mailcheck@web.de [2015-08-10]
FF Extension: Garmin Communicator - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\nmdvbden.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-29]
FF Extension: WOT - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\nmdvbden.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-12]
FF Extension: FILSH.net Plugin - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\nmdvbden.default\Extensions\plugin@filsh.net.xpi [2014-03-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-08-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-08-30]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1148688 2015-09-26] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-14] (Dropbox, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-12-28] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2899968 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
R2 Radio.fx; D:\Tobit Radio.fx\Server\rfx-server.exe [3673944 2011-11-18] ()
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-09-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-09-26] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [Datei ist nicht signiert]
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-05-24] ()
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-02 10:17 - 2015-10-02 10:17 - 00019042 _____ C:\Users\****\Desktop\FRST.txt
2015-10-02 10:17 - 2015-10-02 10:17 - 00000000 ____D C:\FRST
2015-10-02 10:16 - 2015-10-02 10:16 - 00000474 _____ C:\Users\****\Desktop\defogger_disable.log
2015-10-02 10:16 - 2015-10-02 10:16 - 00000000 _____ C:\Users\****\defogger_reenable
2015-10-02 10:14 - 2015-10-02 10:14 - 00380416 _____ C:\Users\****\Desktop\Gmer-19357.exe
2015-10-02 10:13 - 2015-10-02 10:13 - 02192384 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2015-10-02 10:13 - 2015-10-02 10:13 - 00050477 _____ C:\Users\****\Desktop\Defogger.exe
2015-10-02 10:09 - 2015-10-02 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-30 18:46 - 2015-09-30 18:47 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 18:46 - 2015-09-30 18:46 - 00001110 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-30 18:46 - 2015-09-30 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-09-30 18:46 - 2015-09-30 18:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-30 18:46 - 2015-09-30 18:46 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-09-30 18:46 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-30 18:46 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-30 18:46 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-30 18:44 - 2015-09-30 18:44 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-30 12:37 - 2015-09-30 12:58 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-30 12:37 - 2015-09-30 12:37 - 11350472 _____ (SurfRight B.V.) C:\Users\****\Downloads\hitmanpro_x64.exe
2015-09-26 14:39 - 2015-09-26 15:23 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2015-09-26 14:38 - 2015-09-26 14:38 - 00001074 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-09-26 14:38 - 2015-09-26 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-09-26 14:38 - 2015-09-26 14:38 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-09-26 14:28 - 2015-09-26 14:28 - 00000036 ____H C:\Users\****\AppData\Roaming\swk.ini
2015-09-26 14:28 - 2015-09-26 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player
2015-09-26 13:44 - 2015-09-26 13:44 - 00000000 ____D C:\Users\****\AppData\Local\Apple
2015-09-26 13:44 - 2015-09-26 13:44 - 00000000 ____D C:\ProgramData\Apple
2015-09-26 13:31 - 2015-09-26 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-25 17:52 - 2015-10-02 10:07 - 00000560 _____ C:\Windows\setupact.log
2015-09-25 17:52 - 2015-09-25 17:52 - 00000000 _____ C:\Windows\setuperr.log
2015-09-14 11:46 - 2015-10-02 10:08 - 00000000 ___RD C:\Users\****\Dropbox
2015-09-14 11:46 - 2015-09-14 11:46 - 00001234 _____ C:\Users\****\Desktop\Dropbox.lnk
2015-09-14 11:39 - 2015-09-14 11:39 - 00000000 ____D C:\Users\****\AppData\Roaming\Dropbox
2015-09-14 11:38 - 2015-10-02 10:09 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-09-14 11:38 - 2015-10-02 10:07 - 00001210 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-14 11:38 - 2015-10-02 10:07 - 00000000 ____D C:\Users\****\AppData\Local\Dropbox
2015-09-14 11:38 - 2015-10-01 12:43 - 00001214 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-14 11:38 - 2015-09-14 11:38 - 00004210 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-09-14 11:38 - 2015-09-14 11:38 - 00003958 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-09-14 11:38 - 2015-09-14 11:38 - 00000000 ____D C:\ProgramData\Dropbox
2015-09-13 12:30 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-13 12:30 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-13 12:30 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-13 12:30 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-13 12:30 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-13 12:30 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-13 12:30 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-13 12:30 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-13 12:30 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-13 12:30 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-13 12:30 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-13 12:30 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-13 12:30 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-13 12:30 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-13 12:30 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-13 12:30 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-13 12:30 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-13 12:30 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-13 12:30 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-13 12:30 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-13 12:30 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-13 12:30 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-13 12:30 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-13 12:30 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-13 12:30 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-13 12:30 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-13 12:30 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-13 12:30 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-13 12:30 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-13 12:30 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-13 12:30 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-13 12:30 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-13 12:30 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-13 12:30 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-13 12:30 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-13 12:30 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-13 12:30 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-13 12:30 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-13 12:30 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-13 12:30 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-13 12:30 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-13 12:30 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-13 12:30 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-13 12:30 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-13 12:30 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-13 12:30 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-13 12:30 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-13 12:30 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-13 12:30 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-13 12:30 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-13 12:30 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-13 12:30 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-13 12:30 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-13 12:30 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-13 12:30 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-13 12:30 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-13 12:30 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-13 12:30 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-13 12:30 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-13 12:30 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-13 12:30 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-13 12:30 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-13 12:30 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-13 12:30 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-13 12:30 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-13 12:30 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-13 12:30 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-13 12:30 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-13 12:30 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-13 12:30 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-13 12:29 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-13 12:29 - 2015-08-27 20:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-13 12:29 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-13 12:29 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-13 12:29 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-13 12:29 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-13 12:29 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-13 12:29 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-13 12:29 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-13 12:29 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-13 12:29 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-13 12:29 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-13 12:29 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-13 12:29 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-13 12:29 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-13 12:29 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-13 12:29 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-13 12:29 - 2015-07-23 02:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-13 12:29 - 2015-07-23 02:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-13 12:29 - 2015-07-23 02:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-13 12:29 - 2015-07-23 02:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-13 12:29 - 2015-07-23 02:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-13 12:29 - 2015-07-23 02:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-13 12:29 - 2015-07-23 02:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-13 12:29 - 2015-07-23 02:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-13 12:29 - 2015-07-23 02:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-13 12:29 - 2015-07-23 02:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-13 12:29 - 2015-07-23 02:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-13 12:29 - 2015-07-23 02:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-13 12:29 - 2015-07-23 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-13 12:29 - 2015-07-23 02:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-13 12:29 - 2015-07-23 01:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-13 12:29 - 2015-07-23 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-13 12:29 - 2015-07-23 01:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-13 12:29 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-13 12:29 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-13 12:29 - 2015-07-22 19:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-13 12:29 - 2015-07-22 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-13 12:29 - 2015-07-22 19:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-13 12:29 - 2015-07-22 19:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-13 12:29 - 2015-07-22 19:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-13 12:29 - 2015-07-22 19:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-13 12:29 - 2015-07-22 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-13 12:29 - 2015-07-22 19:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-13 12:29 - 2015-07-22 19:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-13 12:29 - 2015-07-22 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-13 12:29 - 2015-07-22 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 18:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-13 12:29 - 2015-07-22 18:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-13 12:29 - 2015-07-22 18:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-13 12:29 - 2015-07-22 18:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-13 12:29 - 2015-07-22 18:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-13 12:29 - 2015-07-22 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-13 12:29 - 2015-07-22 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-13 12:29 - 2015-07-22 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-13 12:29 - 2015-06-25 12:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-13 12:29 - 2015-06-25 12:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-13 12:29 - 2015-06-25 12:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-13 12:29 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-13 12:28 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-13 12:28 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-13 12:28 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-13 12:28 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-13 12:28 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-13 12:28 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-13 12:28 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-13 12:28 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-13 12:28 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-13 12:28 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-13 12:28 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-13 12:28 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-13 12:28 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-13 12:28 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-13 12:28 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-13 12:28 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-13 12:28 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-13 12:28 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-13 12:28 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-13 12:28 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-13 12:28 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-13 12:28 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-13 12:28 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-13 12:28 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-13 12:28 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-13 12:28 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-13 12:28 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-02 10:16 - 2010-12-28 11:17 - 00000000 ____D C:\Users\****
2015-10-02 10:15 - 2010-12-28 10:49 - 01754629 _____ C:\Windows\WindowsUpdate.log
2015-10-02 10:15 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-02 10:15 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-02 10:07 - 2011-09-29 19:38 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-02 10:07 - 2010-12-28 10:52 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-02 10:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-01 12:32 - 2010-12-28 10:43 - 01367410 _____ C:\Windows\PFRO.log
2015-09-30 20:54 - 2012-03-30 14:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-30 20:51 - 2011-09-29 19:38 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-29 20:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-27 06:57 - 2014-11-12 22:44 - 00002209 _____ C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-09-26 13:30 - 2015-08-29 12:43 - 00163544 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-09-26 13:30 - 2015-08-29 12:43 - 00074952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-09-22 19:54 - 2012-03-30 14:09 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 19:54 - 2012-03-30 14:09 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-22 19:54 - 2011-05-21 11:38 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-20 18:11 - 2010-12-28 19:39 - 00699432 _____ C:\Windows\system32\perfh007.dat
2015-09-20 18:11 - 2010-12-28 19:39 - 00149572 _____ C:\Windows\system32\perfc007.dat
2015-09-20 18:11 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-20 17:46 - 2011-09-29 19:38 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-20 17:46 - 2011-09-29 19:38 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-20 16:56 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-15 13:43 - 2014-12-09 19:58 - 00000000 ____D C:\Windows\rescache
2015-09-14 11:24 - 2009-07-14 06:45 - 00355944 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-14 11:23 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-14 11:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-13 18:09 - 2013-08-15 09:15 - 00000000 ____D C:\Windows\system32\MRT
2015-09-13 18:09 - 2010-12-28 14:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-13 12:21 - 2015-08-29 12:43 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-09-13 12:09 - 2015-08-30 18:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-13 12:09 - 2012-04-28 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2010-12-30 18:22 - 2009-01-26 07:56 - 3748352 _____ () C:\Program Files\capella_reader.exe
2012-10-12 09:28 - 2012-05-15 10:33 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager classic.msi
2010-12-28 18:11 - 2012-03-28 10:14 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
2015-09-26 14:28 - 2015-09-26 14:28 - 0000036 ____H () C:\Users\****\AppData\Roaming\swk.ini
2011-09-23 21:48 - 2013-11-11 09:11 - 0004608 _____ () C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-11 10:35 - 2013-02-13 16:39 - 0003109 _____ () C:\Users\****\AppData\Local\Favorites.user
2011-06-11 10:35 - 2013-02-13 16:39 - 0000194 _____ () C:\Users\****\AppData\Local\Favorites.user.csv
2012-05-08 20:19 - 2014-07-06 11:23 - 0000021 _____ () C:\Users\****\AppData\Local\mc.pixel.data
2015-03-19 18:38 - 2015-03-19 18:38 - 0000717 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2015-08-30 13:34 - 2015-08-30 13:34 - 0000017 _____ () C:\Users\****\AppData\Local\resmon.resmoncfg
2012-03-15 11:49 - 2015-03-24 21:31 - 0000126 ___SH () C:\ProgramData\.zreglib
2010-12-28 10:57 - 2010-12-28 11:00 - 0015552 _____ () C:\ProgramData\ArcadeDeluxe4.log
2010-08-30 07:52 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2011-10-06 12:30 - 2011-10-06 12:31 - 0000297 _____ () C:\ProgramData\hpzinstall.log
2010-12-28 11:58 - 2010-12-28 11:59 - 0000090 _____ () C:\ProgramData\PS.log
Einige Dateien in TEMP:
====================
C:\Users\****\AppData\Local\Temp\avgnt.exe
C:\Users\****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6q4iag.dll
C:\Users\****\AppData\Local\Temp\HitmanPro.exe
C:\Users\****\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-26 09:54
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-09-2015
durchgeführt von **** (2015-10-02 10:17:59)
Gestartet von C:\Users\****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-28 09:17:16)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2498524848-1469805208-1322061692-500 - Administrator - Disabled)
Gast (S-1-5-21-2498524848-1469805208-1322061692-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2498524848-1469805208-1322061692-1004 - Limited - Enabled)
**** (S-1-5-21-2498524848-1469805208-1322061692-1000 - Administrator - Enabled) => C:\Users\****
UpdatusUser (S-1-5-21-2498524848-1469805208-1322061692-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Albelli Fotobücher (HKU\S-1-5-21-2498524848-1469805208-1322061692-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli)
AquaSoft DiaShow XP five (HKLM-x32\...\{CD5CCB3B-205E-4056-8224-ABBECC4DC9B3}) (Version: 5.4.05 - AquaSoft GmbH)
Autodesk Express Viewer (HKLM-x32\...\Autodesk Express Viewer) (Version: 3.1 - Autodesk, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.202 - Avira Operations GmbH & Co. KG)
capella 7 (HKLM-x32\...\{81AAF01A-C7F0-412D-979C-06ABD052B43A}) (Version: 7.0.1 - capella software GmbH)
capella-scan 7.0 (HKLM-x32\...\{E950A81E-8CE4-49EB-AFC7-84340C6A0A41}) (Version: 7.0.5 - capella-software)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
CdCoverCreator 2.5.3 (HKLM-x32\...\CdCoverCreator) (Version: 2.5.3 - thyanté Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.6 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Falk Navi-Manager (x32 Version: 2.0.1 - Falk Marcopolo Interactive GmbH) Hidden
Falk Navi-Manager classic (HKLM-x32\...\{4A9135AC-592E-4767-B029-ADCAC182CCFA}) (Version: 2.11.0 - United Navigation GmbH)
Falk Navi-Manager classic (x32 Version: 2.11.0 - United Navigation GmbH) Hidden
FILSHtray (HKLM-x32\...\{5928359F-BF46-4646-BF19-B64E55171EB5}) (Version: 0.12 - FILSH Media GmbH)
Garmin BaseCamp (HKLM-x32\...\{11172DEF-77A3-418C-B980-EF0D097CA237}) (Version: 4.5.1 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Geogrid® DynPerspView (HKLM-x32\...\Geogrid_DynPerspView) (Version: - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GS-Zeugnis Version 9.x (HKLM-x32\...\{13A6B7FD-BD93-4FD9-82F7-ACBDAF984AF3}_is1) (Version: 9.x - GSS Jansen)
Hilfedatei für AquaSoft DiaShow XP five (HKLM-x32\...\{F9950BD1-9476-4DAA-9B46-84148BD823B9}) (Version: 5.4.07.2 - AquaSoft GmbH)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
L&H TTS3000 British English (HKLM-x32\...\LHTTSENG) (Version: - )
MagicMaps Hessen Rheinland-Pfalz Saarland 5.0 (HKLM-x32\...\{FBD7863F-06FE-4C9A-A72C-DC19D9BFDD1A}) (Version: 5.0 - MagicMaps)
MagicMaps Nordrhein-Westfalen 5.0 (HKLM-x32\...\{B85AF345-5EE4-4654-8D07-B725101B1B26}) (Version: 5.0 - MagicMaps)
MagicMaps Support und Update Tool (HKLM-x32\...\{0CA1C412-6716-40E8-B033-006002E7F7EC}) (Version: 1.1.3 - MagicMaps)
MagicMaps Tour Explorer 25 Deutschland V 5.0 (HKLM-x32\...\{1551D7A5-4BE5-4FE3-A1BA-6E9FCBDF6E33}) (Version: 5.0.9 - MagicMaps)
MagicMaps Tour Explorer 25 Deutschland V 5.0 (x32 Version: 5.0.7 - MagicMaps) Hidden
MagicMaps Tour Explorer 50 Deutschland Daten 5.0 (HKLM-x32\...\{21414A5E-1903-4799-B9D2-17E8E484BB91}) (Version: 5.0.0 - MagicMaps)
MagicMaps Tour Explorer 50 Deutschland V5 (HKLM-x32\...\{09BB29CD-9AEF-4274-9282-F9ECA7FEAE77}) (Version: 5.0.8 - MagicMaps)
MagicMaps Tour Explorer 50 Deutschland V5 (x32 Version: 5.0.1 - MagicMaps) Hidden
MagicMaps Tour Explorer 50 Deutschland V5 (x32 Version: 5.0.7 - MagicMaps) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mediencenter 3.9.1055.64 (HKU\S-1-5-21-2498524848-1469805208-1322061692-1000\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OmniPage Pro 11.0 (HKLM-x32\...\{62F9F352-A7F7-4051-B2AD-6D1A3C325407}) (Version: 11.0 - ScanSoft, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDF24 Creator 7.0.6 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Handbuch für AquaSoft DiaShow XP five (HKLM-x32\...\{BDAFB586-EEAA-4590-846F-2E7E065EDBA4}) (Version: 5.4.07.2 - AquaSoft GmbH)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6024 - Realtek Semiconductor Corp.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.16 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.38.173 - Akademische Arbeitsgemeinschaft)
Top50 Viewer basierend auf Geogrid®-Viewer Version 2.2 (HKLM-x32\...\DeInst_d2vexcrd C:/Program Files (x86)/Top50 V4) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB Scanner (HKLM-x32\...\{5265664F-6128-405C-9225-9782A85954FD}) (Version: 3.0.1 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WDR RadioRecorder (HKLM-x32\...\Tobit Radio.fx Server 1) (Version: - Tobit.Software)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2498524848-1469805208-1322061692-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\****\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2498524848-1469805208-1322061692-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\****\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2498524848-1469805208-1322061692-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\****\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2498524848-1469805208-1322061692-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\****\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
==================== Wiederherstellungspunkte =========================
30-09-2015 19:26:18 Geplanter Prüfpunkt
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {006F2DAB-54F6-404D-B9BA-BA8135486D73} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {15CA7ED0-D059-4F77-9200-93FA3BE9BA8E} - System32\Tasks\{54DBA449-48B8-4D4B-A856-A772D4BCE48B} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {1B597D1F-35C4-4463-A5C4-1A7D5D221DDD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {1EBE6798-74B2-4FB2-A39E-AFFF71A8EDDC} - System32\Tasks\{F256EFAE-014A-421E-ACEB-E0F7EE72C2E7} => pcalua.exe -a C:\Users\****\Downloads\cipp8.exe -d C:\Users\****\Downloads
Task: {22D7A664-6035-46AA-A6EE-C9658D28905C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {54065EE3-5196-46E4-829A-A3A086512240} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {65EC8E5D-9E76-4820-9C8E-AF962A925843} - System32\Tasks\{41430386-4F1C-4BC3-AA53-D705D1000AC5} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {67F4CD27-9FE9-4D3F-A8AD-BB18A8738794} - System32\Tasks\{4041BB8E-78E0-4E46-AEFC-6B785986F318} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=404&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {75689505-E262-47F1-B401-F1E1DDF464CE} - System32\Tasks\{B8AEDA83-55FD-45C6-9BCC-40C04474198E} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404
Task: {820E9BED-CCAA-41CE-B5C7-D18A5EC168E7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-14] (Dropbox, Inc.)
Task: {AB8E9E17-D0A8-46DE-899A-36F6FEBC86D3} - System32\Tasks\{762CAB31-13A4-440B-AEE9-DC8F92DD39B0} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {BE63DD04-FA46-4BAF-993B-2B979C345548} - System32\Tasks\{EBB36230-8FFB-4C1F-A194-8D97E54B2AC3} => pcalua.exe -a "C:\Users\****\Downloads\st12_24driver_v3401\OpticPro ST12 ST24 V3.4.0.1\INSTALL.EXE" -d "C:\Users\****\Downloads\st12_24driver_v3401\OpticPro ST12 ST24 V3.4.0.1"
Task: {D9537FE1-9EEF-4836-BD08-3BC5ADFFBAE6} - System32\Tasks\{C2A8B98F-868C-4140-8A6D-718647EE2841} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Task: {EDBE2901-6CE7-4F80-95CC-FFF06507A936} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {FD7D3347-F75E-4D68-A360-A7A5DFC23902} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-14] (Dropbox, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2012-08-28 19:38 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-01-15 21:54 - 2011-11-18 15:51 - 03673944 _____ () D:\Tobit Radio.fx\Server\rfx-server.exe
2010-08-30 08:29 - 2009-12-09 11:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2010-08-04 14:40 - 2010-08-04 14:40 - 00611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2010-08-04 11:47 - 2010-08-04 11:47 - 00144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2015-08-11 13:11 - 2015-07-21 11:43 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2015-08-11 13:11 - 2015-07-21 11:43 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:FE874CA7F5027D62
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2498524848-1469805208-1322061692-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: clr_optimization_v2.0.50727_32 => 3
MSCONFIG\Services: clr_optimization_v2.0.50727_64 => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Action Manager 32.lnk => C:\Windows\pss\Action Manager 32.lnk.CommonStartup
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{D7AAF62F-D098-4D8A-B77D-12E42C5CD508}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3EB17D9B-3382-459D-BABD-88AC40E2302A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D33911F4-AC00-4035-BA23-FF052FECF915}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{539ABEB8-9A46-4D77-A8F9-A07292511738}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C43F619B-4356-456A-A55F-D06361CA4171}] => (Allow) svchost.exe
FirewallRules: [{434C50DB-2273-4D20-BB70-07A28CF4BD70}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{17E89F88-C2AC-4BE9-BFB0-429F85828E70}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{5DE16CF5-E678-4B9C-A06A-18F143B5A9AC}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [TCP Query User{A8B0C7B6-9B49-4500-9569-A07177C6828D}C:\program files (x86)\scansoft\omnipagepro11.0\eregeng\navbrowser.exe] => (Allow) C:\program files (x86)\scansoft\omnipagepro11.0\eregeng\navbrowser.exe
FirewallRules: [UDP Query User{C048A516-C7CB-4B82-9BA4-E34C90859EA9}C:\program files (x86)\scansoft\omnipagepro11.0\eregeng\navbrowser.exe] => (Allow) C:\program files (x86)\scansoft\omnipagepro11.0\eregeng\navbrowser.exe
FirewallRules: [{1216AC5B-7592-4D60-84BB-171BF963B60E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{643EEFB4-6E9B-4ECE-A73E-FF36CE621B8C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EE7031C5-5B32-4CD1-BA69-0BD369A76605}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{0765BEEC-0389-4FB5-859C-AB1BEB6C843F}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{7A98BF7B-C55B-4D18-87BB-1A4DC313DC8B}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{A7ADE7FB-7CD0-4AE8-B4BD-7340F744FABF}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{DA6C00D8-B698-4A5B-A3AE-67ABD5F4A69B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41D56024-9B53-4DA9-8166-C146F7E7D489}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E17F0FC-8CF8-4C3A-85FE-35DBB5F3B4A7}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe
FirewallRules: [{3BBB66BC-D561-4141-BEC6-A97D56F447A1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/26/2015 02:35:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mp4Player.exe, Version: 2.0.0.0, Zeitstempel: 0x49132805
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18939, Zeitstempel: 0x55afd8e7
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xb88
Startzeit der fehlerhaften Anwendung: 0xmp4Player.exe0
Pfad der fehlerhaften Anwendung: mp4Player.exe1
Pfad des fehlerhaften Moduls: mp4Player.exe2
Berichtskennung: mp4Player.exe3
Error: (09/26/2015 02:35:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Mp4Player.exe, Version: 2.0.0.0, Zeitstempel: 0x49132805
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18939, Zeitstempel: 0x55afd8e7
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x750
Startzeit der fehlerhaften Anwendung: 0xMp4Player.exe0
Pfad der fehlerhaften Anwendung: Mp4Player.exe1
Pfad des fehlerhaften Moduls: Mp4Player.exe2
Berichtskennung: Mp4Player.exe3
Error: (09/26/2015 02:35:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mp4Player.exe, Version: 2.0.0.0, Zeitstempel: 0x49132805
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18939, Zeitstempel: 0x55afd8e7
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xf84
Startzeit der fehlerhaften Anwendung: 0xmp4Player.exe0
Pfad der fehlerhaften Anwendung: mp4Player.exe1
Pfad des fehlerhaften Moduls: mp4Player.exe2
Berichtskennung: mp4Player.exe3
Error: (09/26/2015 02:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mp4Player.exe, Version: 2.0.0.0, Zeitstempel: 0x49132805
Name des fehlerhaften Moduls: mp4Player.exe, Version: 2.0.0.0, Zeitstempel: 0x49132805
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003fcc
ID des fehlerhaften Prozesses: 0x554
Startzeit der fehlerhaften Anwendung: 0xmp4Player.exe0
Pfad der fehlerhaften Anwendung: mp4Player.exe1
Pfad des fehlerhaften Moduls: mp4Player.exe2
Berichtskennung: mp4Player.exe3
Error: (09/26/2015 02:17:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (09/26/2015 02:17:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (09/26/2015 02:17:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (09/26/2015 01:43:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (09/26/2015 01:36:00 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (09/26/2015 01:36:00 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Systemfehler:
=============
Error: (10/02/2015 10:10:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (10/02/2015 10:10:05 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (10/02/2015 10:07:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (10/02/2015 10:07:07 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (10/02/2015 10:07:04 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (10/01/2015 12:35:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (10/01/2015 12:35:39 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (10/01/2015 12:33:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (10/01/2015 12:32:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (10/01/2015 12:32:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 6135.11 MB
Verfügbarer physikalischer RAM: 3556.27 MB
Summe virtueller Speicher: 12268.42 MB
Verfügbarer virtueller Speicher: 9882.51 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:100 GB) (Free:5.36 GB) NTFS
Drive d: (Daten) (Fixed) (Total:683.88 GB) (Free:619.82 GB) NTFS
Drive h: (Volume) (Fixed) (Total:597.66 GB) (Free:597.55 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 17836D08)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 3: (Active) - (Size=100 MB) - (Type=42)
Partition 4: (Not Active) - (Size=100 GB) - (Type=42)
==================== Ende von Addition.txt ============================
|
|
02.10.2015, 10:30
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
02.10.2015, 11:03
| #3 |
| | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot Danke für die schnelle Antwort. Beide Scans sind ohne Fund.
__________________mbar-log-2015-10-02 (11-38-45).txt Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.10.02.03
rootkit: v2015.09.22.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18015
**** :: ARBEITSZIMMER [administrator]
02.10.2015 11:38:45
mbar-log-2015-10-02 (11-38-45).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 411300
Time elapsed: 14 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 11:56:58.0508 0x12bc TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
11:57:02.0210 0x12bc ============================================================
11:57:02.0210 0x12bc Current date / time: 2015/10/02 11:57:02.0210
11:57:02.0210 0x12bc SystemInfo:
11:57:02.0210 0x12bc
11:57:02.0210 0x12bc OS Version: 6.1.7601 ServicePack: 1.0
11:57:02.0210 0x12bc Product type: Workstation
11:57:02.0211 0x12bc ComputerName: ARBEITSZIMMER
11:57:02.0211 0x12bc UserName: ****
11:57:02.0211 0x12bc Windows directory: C:\Windows
11:57:02.0211 0x12bc System windows directory: C:\Windows
11:57:02.0211 0x12bc Running under WOW64
11:57:02.0211 0x12bc Processor architecture: Intel x64
11:57:02.0211 0x12bc Number of processors: 4
11:57:02.0211 0x12bc Page size: 0x1000
11:57:02.0211 0x12bc Boot type: Normal boot
11:57:02.0211 0x12bc ============================================================
11:57:02.0337 0x12bc KLMD registered as C:\Windows\system32\drivers\25821966.sys
11:57:02.0733 0x12bc System UUID: {5226AA02-F49A-F0DB-3994-13375AC730FC}
11:57:03.0228 0x12bc Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:57:03.0243 0x12bc ============================================================
11:57:03.0243 0x12bc \Device\Harddisk0\DR0:
11:57:03.0243 0x12bc MBR partitions:
11:57:03.0243 0x12bc Initialize success
11:57:03.0244 0x12bc ============================================================
11:58:21.0888 0x11cc ============================================================
11:58:21.0888 0x11cc Scan started
11:58:21.0888 0x11cc Mode: Manual; SigCheck; TDLFS;
11:58:21.0888 0x11cc ============================================================
11:58:21.0888 0x11cc KSN ping started
11:58:24.0306 0x11cc KSN ping finished: true
11:58:24.0556 0x11cc ================ Scan system memory ========================
11:58:24.0556 0x11cc System memory - ok
11:58:24.0556 0x11cc ================ Scan services =============================
11:58:24.0603 0x11cc 1394ohci - ok
11:58:24.0649 0x11cc AAV UpdateService - ok
11:58:24.0665 0x11cc ACPI - ok
11:58:24.0665 0x11cc AcpiPmi - ok
11:58:24.0696 0x11cc AdobeARMservice - ok
11:58:24.0712 0x11cc AdobeFlashPlayerUpdateSvc - ok
11:58:24.0727 0x11cc adp94xx - ok
11:58:24.0727 0x11cc adpahci - ok
11:58:24.0743 0x11cc adpu320 - ok
11:58:24.0743 0x11cc AeLookupSvc - ok
11:58:24.0759 0x11cc AFD - ok
11:58:24.0774 0x11cc agp440 - ok
11:58:24.0790 0x11cc ALG - ok
11:58:24.0790 0x11cc aliide - ok
11:58:24.0790 0x11cc amdide - ok
11:58:24.0805 0x11cc AmdK8 - ok
11:58:24.0805 0x11cc AmdPPM - ok
11:58:24.0805 0x11cc amdsata - ok
11:58:24.0805 0x11cc amdsbs - ok
11:58:24.0821 0x11cc amdxata - ok
11:58:24.0821 0x11cc AntiVirMailService - ok
11:58:24.0852 0x11cc AntiVirSchedulerService - ok
11:58:24.0868 0x11cc AntiVirService - ok
11:58:24.0883 0x11cc AntiVirWebService - ok
11:58:24.0883 0x11cc AppID - ok
11:58:24.0883 0x11cc AppIDSvc - ok
11:58:24.0899 0x11cc Appinfo - ok
11:58:24.0899 0x11cc arc - ok
11:58:24.0899 0x11cc arcsas - ok
11:58:24.0930 0x11cc aspnet_state - ok
11:58:24.0930 0x11cc AsyncMac - ok
11:58:24.0946 0x11cc atapi - ok
11:58:24.0946 0x11cc AudioEndpointBuilder - ok
11:58:24.0946 0x11cc AudioSrv - ok
11:58:24.0946 0x11cc avgntflt - ok
11:58:24.0961 0x11cc avipbb - ok
11:58:24.0961 0x11cc avkmgr - ok
11:58:24.0961 0x11cc avnetflt - ok
11:58:24.0961 0x11cc AxInstSV - ok
11:58:24.0977 0x11cc b06bdrv - ok
11:58:24.0977 0x11cc b57nd60a - ok
11:58:24.0977 0x11cc BDESVC - ok
11:58:24.0977 0x11cc Beep - ok
11:58:24.0993 0x11cc BFE - ok
11:58:25.0008 0x11cc BITS - ok
11:58:25.0008 0x11cc blbdrive - ok
11:58:25.0008 0x11cc bowser - ok
11:58:25.0008 0x11cc BrFiltLo - ok
11:58:25.0024 0x11cc BrFiltUp - ok
11:58:25.0024 0x11cc Browser - ok
11:58:25.0024 0x11cc Brserid - ok
11:58:25.0024 0x11cc BrSerWdm - ok
11:58:25.0024 0x11cc BrUsbMdm - ok
11:58:25.0039 0x11cc BrUsbSer - ok
11:58:25.0039 0x11cc BTHMODEM - ok
11:58:25.0039 0x11cc bthserv - ok
11:58:25.0039 0x11cc cdfs - ok
11:58:25.0055 0x11cc cdrom - ok
11:58:25.0055 0x11cc CertPropSvc - ok
11:58:25.0055 0x11cc circlass - ok
11:58:25.0055 0x11cc CLFS - ok
11:58:25.0055 0x11cc clr_optimization_v2.0.50727_32 - ok
11:58:25.0071 0x11cc clr_optimization_v2.0.50727_64 - ok
11:58:25.0071 0x11cc clr_optimization_v4.0.30319_32 - ok
11:58:25.0071 0x11cc clr_optimization_v4.0.30319_64 - ok
11:58:25.0086 0x11cc CmBatt - ok
11:58:25.0086 0x11cc cmdide - ok
11:58:25.0086 0x11cc CNG - ok
11:58:25.0086 0x11cc Compbatt - ok
11:58:25.0086 0x11cc CompositeBus - ok
11:58:25.0102 0x11cc COMSysApp - ok
11:58:25.0102 0x11cc crcdisk - ok
11:58:25.0102 0x11cc CryptSvc - ok
11:58:25.0102 0x11cc dbupdate - ok
11:58:25.0102 0x11cc dbupdatem - ok
11:58:25.0117 0x11cc DcomLaunch - ok
11:58:25.0117 0x11cc defragsvc - ok
11:58:25.0117 0x11cc DfsC - ok
11:58:25.0117 0x11cc Dhcp - ok
11:58:25.0133 0x11cc DiagTrack - ok
11:58:25.0133 0x11cc discache - ok
11:58:25.0133 0x11cc Disk - ok
11:58:25.0149 0x11cc Dnscache - ok
11:58:25.0149 0x11cc dot3svc - ok
11:58:25.0149 0x11cc DPS - ok
11:58:25.0149 0x11cc drmkaud - ok
11:58:25.0149 0x11cc DXGKrnl - ok
11:58:25.0164 0x11cc EapHost - ok
11:58:25.0164 0x11cc ebdrv - ok
11:58:25.0164 0x11cc EFS - ok
11:58:25.0164 0x11cc ehRecvr - ok
11:58:25.0164 0x11cc ehSched - ok
11:58:25.0164 0x11cc elxstor - ok
11:58:25.0180 0x11cc ErrDev - ok
11:58:25.0180 0x11cc EventSystem - ok
11:58:25.0180 0x11cc exfat - ok
11:58:25.0180 0x11cc fastfat - ok
11:58:25.0195 0x11cc Fax - ok
11:58:25.0195 0x11cc fdc - ok
11:58:25.0195 0x11cc fdPHost - ok
11:58:25.0195 0x11cc FDResPub - ok
11:58:25.0195 0x11cc FileInfo - ok
11:58:25.0211 0x11cc Filetrace - ok
11:58:25.0211 0x11cc FLEXnet Licensing Service - ok
11:58:25.0211 0x11cc flpydisk - ok
11:58:25.0211 0x11cc FltMgr - ok
11:58:25.0227 0x11cc FontCache - ok
11:58:25.0227 0x11cc FontCache3.0.0.0 - ok
11:58:25.0227 0x11cc FsDepends - ok
11:58:25.0242 0x11cc Fs_Rec - ok
11:58:25.0242 0x11cc fvevol - ok
11:58:25.0242 0x11cc gagp30kx - ok
11:58:25.0242 0x11cc gpsvc - ok
11:58:25.0242 0x11cc grmnusb - ok
11:58:25.0258 0x11cc gupdate - ok
11:58:25.0258 0x11cc gupdatem - ok
11:58:25.0258 0x11cc hcw85cir - ok
11:58:25.0258 0x11cc HdAudAddService - ok
11:58:25.0273 0x11cc HDAudBus - ok
11:58:25.0273 0x11cc HidBatt - ok
11:58:25.0273 0x11cc HidBth - ok
11:58:25.0273 0x11cc HidIr - ok
11:58:25.0273 0x11cc hidserv - ok
11:58:25.0289 0x11cc HidUsb - ok
11:58:25.0289 0x11cc hkmsvc - ok
11:58:25.0289 0x11cc HomeGroupListener - ok
11:58:25.0305 0x11cc HomeGroupProvider - ok
11:58:25.0305 0x11cc HpSAMD - ok
11:58:25.0305 0x11cc HTTP - ok
11:58:25.0305 0x11cc hwpolicy - ok
11:58:25.0320 0x11cc i8042prt - ok
11:58:25.0320 0x11cc iaStor - ok
11:58:25.0320 0x11cc iaStorV - ok
11:58:25.0320 0x11cc idsvc - ok
11:58:25.0336 0x11cc IEEtwCollectorService - ok
11:58:25.0336 0x11cc iirsp - ok
11:58:25.0336 0x11cc IKEEXT - ok
11:58:25.0336 0x11cc IntcAzAudAddService - ok
11:58:25.0351 0x11cc intelide - ok
11:58:25.0351 0x11cc intelppm - ok
11:58:25.0351 0x11cc IPBusEnum - ok
11:58:25.0351 0x11cc IpFilterDriver - ok
11:58:25.0351 0x11cc iphlpsvc - ok
11:58:25.0367 0x11cc IPMIDRV - ok
11:58:25.0367 0x11cc IPNAT - ok
11:58:25.0367 0x11cc IRENUM - ok
11:58:25.0367 0x11cc isapnp - ok
11:58:25.0383 0x11cc iScsiPrt - ok
11:58:25.0383 0x11cc kbdclass - ok
11:58:25.0383 0x11cc kbdhid - ok
11:58:25.0383 0x11cc KeyIso - ok
11:58:25.0383 0x11cc KSecDD - ok
11:58:25.0398 0x11cc KSecPkg - ok
11:58:25.0398 0x11cc ksthunk - ok
11:58:25.0398 0x11cc KtmRm - ok
11:58:25.0398 0x11cc LanmanServer - ok
11:58:25.0398 0x11cc LanmanWorkstation - ok
11:58:25.0414 0x11cc lltdio - ok
11:58:25.0414 0x11cc lltdsvc - ok
11:58:25.0414 0x11cc lmhosts - ok
11:58:25.0414 0x11cc LSI_FC - ok
11:58:25.0414 0x11cc LSI_SAS - ok
11:58:25.0429 0x11cc LSI_SAS2 - ok
11:58:25.0429 0x11cc LSI_SCSI - ok
11:58:25.0429 0x11cc luafv - ok
11:58:25.0429 0x11cc MBAMProtector - ok
11:58:25.0445 0x11cc MBAMService - ok
11:58:25.0445 0x11cc MBAMWebAccessControl - ok
11:58:25.0445 0x11cc Mcx2Svc - ok
11:58:25.0445 0x11cc megasas - ok
11:58:25.0445 0x11cc MegaSR - ok
11:58:25.0461 0x11cc MMCSS - ok
11:58:25.0461 0x11cc Modem - ok
11:58:25.0461 0x11cc monitor - ok
11:58:25.0461 0x11cc mouclass - ok
11:58:25.0461 0x11cc mouhid - ok
11:58:25.0461 0x11cc mountmgr - ok
11:58:25.0476 0x11cc MozillaMaintenance - ok
11:58:25.0476 0x11cc mpio - ok
11:58:25.0476 0x11cc mpsdrv - ok
11:58:25.0476 0x11cc MpsSvc - ok
11:58:25.0492 0x11cc MRxDAV - ok
11:58:25.0492 0x11cc mrxsmb - ok
11:58:25.0492 0x11cc mrxsmb10 - ok
11:58:25.0492 0x11cc mrxsmb20 - ok
11:58:25.0492 0x11cc msahci - ok
11:58:25.0507 0x11cc msdsm - ok
11:58:25.0507 0x11cc MSDTC - ok
11:58:25.0507 0x11cc Msfs - ok
11:58:25.0507 0x11cc mshidkmdf - ok
11:58:25.0523 0x11cc msisadrv - ok
11:58:25.0523 0x11cc MSiSCSI - ok
11:58:25.0523 0x11cc msiserver - ok
11:58:25.0554 0x11cc MSKSSRV - ok
11:58:25.0554 0x11cc MSPCLOCK - ok
11:58:25.0554 0x11cc MSPQM - ok
11:58:25.0554 0x11cc MsRPC - ok
11:58:25.0554 0x11cc mssmbios - ok
11:58:25.0570 0x11cc MSTEE - ok
11:58:25.0570 0x11cc MTConfig - ok
11:58:25.0570 0x11cc Mup - ok
11:58:25.0570 0x11cc napagent - ok
11:58:25.0585 0x11cc NativeWifiP - ok
11:58:25.0585 0x11cc NDIS - ok
11:58:25.0585 0x11cc NdisCap - ok
11:58:25.0585 0x11cc NdisTapi - ok
11:58:25.0585 0x11cc Ndisuio - ok
11:58:25.0601 0x11cc NdisWan - ok
11:58:25.0601 0x11cc NDProxy - ok
11:58:25.0601 0x11cc NetBIOS - ok
11:58:25.0601 0x11cc NetBT - ok
11:58:25.0601 0x11cc Netlogon - ok
11:58:25.0617 0x11cc Netman - ok
11:58:25.0617 0x11cc NetMsmqActivator - ok
11:58:25.0617 0x11cc NetPipeActivator - ok
11:58:25.0617 0x11cc netprofm - ok
11:58:25.0632 0x11cc NetTcpActivator - ok
11:58:25.0632 0x11cc NetTcpPortSharing - ok
11:58:25.0632 0x11cc nfrd960 - ok
11:58:25.0632 0x11cc NlaSvc - ok
11:58:25.0632 0x11cc nmwcdnsux64 - ok
11:58:25.0648 0x11cc Npfs - ok
11:58:25.0648 0x11cc nsi - ok
11:58:25.0648 0x11cc nsiproxy - ok
11:58:25.0648 0x11cc Ntfs - ok
11:58:25.0648 0x11cc Null - ok
11:58:25.0663 0x11cc NVHDA - ok
11:58:25.0663 0x11cc nvlddmkm - ok
11:58:25.0663 0x11cc nvraid - ok
11:58:25.0663 0x11cc nvstor - ok
11:58:25.0663 0x11cc nvsvc - ok
11:58:25.0679 0x11cc nvUpdatusService - ok
11:58:25.0679 0x11cc nv_agp - ok
11:58:25.0679 0x11cc odserv - ok
11:58:25.0679 0x11cc ohci1394 - ok
11:58:25.0695 0x11cc ose - ok
11:58:25.0695 0x11cc p2pimsvc - ok
11:58:25.0695 0x11cc p2psvc - ok
11:58:25.0695 0x11cc Parport - ok
11:58:25.0695 0x11cc partmgr - ok
11:58:25.0710 0x11cc PcaSvc - ok
11:58:25.0710 0x11cc pccsmcfd - ok
11:58:25.0710 0x11cc pci - ok
11:58:25.0710 0x11cc pciide - ok
11:58:25.0710 0x11cc pcmcia - ok
11:58:25.0726 0x11cc pcw - ok
11:58:25.0726 0x11cc PEAUTH - ok
11:58:25.0726 0x11cc PerfHost - ok
11:58:25.0741 0x11cc pfc - ok
11:58:25.0741 0x11cc pla - ok
11:58:25.0741 0x11cc PlugPlay - ok
11:58:25.0757 0x11cc Pml Driver HPZ12 - ok
11:58:25.0757 0x11cc PNRPAutoReg - ok
11:58:25.0757 0x11cc PNRPsvc - ok
11:58:25.0757 0x11cc PolicyAgent - ok
11:58:25.0773 0x11cc Power - ok
11:58:25.0773 0x11cc PptpMiniport - ok
11:58:25.0773 0x11cc PrintNotify - ok
11:58:25.0773 0x11cc Processor - ok
11:58:25.0788 0x11cc ProfSvc - ok
11:58:25.0788 0x11cc ProtectedStorage - ok
11:58:25.0788 0x11cc Psched - ok
11:58:25.0788 0x11cc ql2300 - ok
11:58:25.0788 0x11cc ql40xx - ok
11:58:25.0804 0x11cc QWAVE - ok
11:58:25.0804 0x11cc QWAVEdrv - ok
11:58:25.0804 0x11cc Radio.fx - ok
11:58:25.0804 0x11cc RapiMgr - ok
11:58:25.0819 0x11cc RasAcd - ok
11:58:25.0819 0x11cc RasAgileVpn - ok
11:58:25.0819 0x11cc RasAuto - ok
11:58:25.0819 0x11cc Rasl2tp - ok
11:58:25.0819 0x11cc RasMan - ok
11:58:25.0835 0x11cc RasPppoe - ok
11:58:25.0835 0x11cc RasSstp - ok
11:58:25.0835 0x11cc rdbss - ok
11:58:25.0835 0x11cc rdpbus - ok
11:58:25.0835 0x11cc RDPCDD - ok
11:58:25.0851 0x11cc RDPENCDD - ok
11:58:25.0851 0x11cc RDPREFMP - ok
11:58:25.0851 0x11cc RDPWD - ok
11:58:25.0866 0x11cc rdyboost - ok
11:58:25.0866 0x11cc RemoteAccess - ok
11:58:25.0866 0x11cc RemoteRegistry - ok
11:58:25.0866 0x11cc RpcEptMapper - ok
11:58:25.0866 0x11cc RpcLocator - ok
11:58:25.0882 0x11cc RpcSs - ok
11:58:25.0882 0x11cc rspndr - ok
11:58:25.0882 0x11cc RTL8167 - ok
11:58:25.0882 0x11cc SamSs - ok
11:58:25.0882 0x11cc sbp2port - ok
11:58:25.0897 0x11cc SCardSvr - ok
11:58:25.0897 0x11cc scfilter - ok
11:58:25.0897 0x11cc Schedule - ok
11:58:25.0897 0x11cc SCPolicySvc - ok
11:58:25.0897 0x11cc SDRSVC - ok
11:58:25.0897 0x11cc secdrv - ok
11:58:25.0913 0x11cc seclogon - ok
11:58:25.0913 0x11cc SENS - ok
11:58:25.0913 0x11cc SensrSvc - ok
11:58:25.0913 0x11cc Serenum - ok
11:58:25.0929 0x11cc Serial - ok
11:58:25.0929 0x11cc sermouse - ok
11:58:25.0929 0x11cc ServiceLayer - ok
11:58:25.0929 0x11cc SessionEnv - ok
11:58:25.0944 0x11cc sffdisk - ok
11:58:25.0944 0x11cc sffp_mmc - ok
11:58:25.0944 0x11cc sffp_sd - ok
11:58:25.0944 0x11cc sfloppy - ok
11:58:25.0944 0x11cc SharedAccess - ok
11:58:25.0960 0x11cc ShellHWDetection - ok
11:58:25.0960 0x11cc SiSRaid2 - ok
11:58:25.0960 0x11cc SiSRaid4 - ok
11:58:25.0960 0x11cc Smb - ok
11:58:25.0975 0x11cc SNMPTRAP - ok
11:58:25.0975 0x11cc spldr - ok
11:58:25.0975 0x11cc Spooler - ok
11:58:25.0975 0x11cc sppsvc - ok
11:58:25.0975 0x11cc sppuinotify - ok
11:58:25.0991 0x11cc srv - ok
11:58:25.0991 0x11cc srv2 - ok
11:58:25.0991 0x11cc srvnet - ok
11:58:25.0991 0x11cc SSDPSRV - ok
11:58:25.0991 0x11cc SstpSvc - ok
11:58:26.0007 0x11cc StarOpen - ok
11:58:26.0007 0x11cc Stereo Service - ok
11:58:26.0007 0x11cc stexstor - ok
11:58:26.0007 0x11cc stisvc - ok
11:58:26.0007 0x11cc swenum - ok
11:58:26.0022 0x11cc swprv - ok
11:58:26.0022 0x11cc SysMain - ok
11:58:26.0022 0x11cc TabletInputService - ok
11:58:26.0022 0x11cc TapiSrv - ok
11:58:26.0022 0x11cc TBS - ok
11:58:26.0038 0x11cc Tcpip - ok
11:58:26.0038 0x11cc TCPIP6 - ok
11:58:26.0038 0x11cc tcpipreg - ok
11:58:26.0038 0x11cc TDPIPE - ok
11:58:26.0053 0x11cc TDTCP - ok
11:58:26.0053 0x11cc tdx - ok
11:58:26.0053 0x11cc TermDD - ok
11:58:26.0053 0x11cc TermService - ok
11:58:26.0069 0x11cc Themes - ok
11:58:26.0069 0x11cc THREADORDER - ok
11:58:26.0069 0x11cc TrkWks - ok
11:58:26.0069 0x11cc TrustedInstaller - ok
11:58:26.0069 0x11cc tssecsrv - ok
11:58:26.0085 0x11cc TsUsbFlt - ok
11:58:26.0085 0x11cc tunnel - ok
11:58:26.0085 0x11cc uagp35 - ok
11:58:26.0085 0x11cc udfs - ok
11:58:26.0100 0x11cc UI0Detect - ok
11:58:26.0100 0x11cc uliagpkx - ok
11:58:26.0100 0x11cc umbus - ok
11:58:26.0100 0x11cc UmPass - ok
11:58:26.0100 0x11cc Updater Service - ok
11:58:26.0116 0x11cc upnphost - ok
11:58:26.0116 0x11cc usbccgp - ok
11:58:26.0116 0x11cc usbcir - ok
11:58:26.0116 0x11cc usbehci - ok
11:58:26.0131 0x11cc usbhub - ok
11:58:26.0131 0x11cc usbohci - ok
11:58:26.0131 0x11cc usbprint - ok
11:58:26.0131 0x11cc USBS3S4Detection - ok
11:58:26.0131 0x11cc usbscan - ok
11:58:26.0147 0x11cc USBSTOR - ok
11:58:26.0147 0x11cc usbuhci - ok
11:58:26.0147 0x11cc UxSms - ok
11:58:26.0147 0x11cc VaultSvc - ok
11:58:26.0147 0x11cc vdrvroot - ok
11:58:26.0163 0x11cc vds - ok
11:58:26.0163 0x11cc vga - ok
11:58:26.0163 0x11cc VgaSave - ok
11:58:26.0163 0x11cc vhdmp - ok
11:58:26.0163 0x11cc viaide - ok
11:58:26.0178 0x11cc volmgr - ok
11:58:26.0178 0x11cc volmgrx - ok
11:58:26.0178 0x11cc volsnap - ok
11:58:26.0178 0x11cc vsmraid - ok
11:58:26.0178 0x11cc VSS - ok
11:58:26.0194 0x11cc vwifibus - ok
11:58:26.0194 0x11cc W32Time - ok
11:58:26.0194 0x11cc WacomPen - ok
11:58:26.0194 0x11cc WANARP - ok
11:58:26.0209 0x11cc Wanarpv6 - ok
11:58:26.0209 0x11cc wbengine - ok
11:58:26.0209 0x11cc WbioSrvc - ok
11:58:26.0209 0x11cc WcesComm - ok
11:58:26.0209 0x11cc wcncsvc - ok
11:58:26.0225 0x11cc WcsPlugInService - ok
11:58:26.0225 0x11cc Wd - ok
11:58:26.0225 0x11cc Wdf01000 - ok
11:58:26.0225 0x11cc WdiServiceHost - ok
11:58:26.0225 0x11cc WdiSystemHost - ok
11:58:26.0241 0x11cc WebClient - ok
11:58:26.0241 0x11cc Wecsvc - ok
11:58:26.0241 0x11cc wercplsupport - ok
11:58:26.0241 0x11cc WerSvc - ok
11:58:26.0241 0x11cc WfpLwf - ok
11:58:26.0256 0x11cc WIMMount - ok
11:58:26.0256 0x11cc WinDefend - ok
11:58:26.0256 0x11cc WinHttpAutoProxySvc - ok
11:58:26.0272 0x11cc Winmgmt - ok
11:58:26.0272 0x11cc WinRM - ok
11:58:26.0272 0x11cc WinUsb - ok
11:58:26.0272 0x11cc Wlansvc - ok
11:58:26.0287 0x11cc WmiAcpi - ok
11:58:26.0287 0x11cc wmiApSrv - ok
11:58:26.0287 0x11cc WMPNetworkSvc - ok
11:58:26.0287 0x11cc WPCSvc - ok
11:58:26.0303 0x11cc WPDBusEnum - ok
11:58:26.0303 0x11cc ws2ifsl - ok
11:58:26.0303 0x11cc wscsvc - ok
11:58:26.0303 0x11cc WSearch - ok
11:58:26.0303 0x11cc wuauserv - ok
11:58:26.0319 0x11cc WudfPf - ok
11:58:26.0319 0x11cc WUDFRd - ok
11:58:26.0319 0x11cc wudfsvc - ok
11:58:26.0319 0x11cc WwanSvc - ok
11:58:26.0334 0x11cc ================ Scan global ===============================
11:58:26.0334 0x11cc [ Global ] - ok
11:58:26.0334 0x11cc ================ Scan MBR ==================================
11:58:26.0350 0x11cc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:58:26.0599 0x11cc \Device\Harddisk0\DR0 - ok
11:58:26.0599 0x11cc ================ Scan VBR ==================================
11:58:26.0599 0x11cc ================ Scan generic autorun ======================
11:58:26.0599 0x11cc mwlDaemon - ok
11:58:26.0599 0x11cc RtHDVCpl - ok
11:58:26.0615 0x11cc Windows Mobile Device Center - ok
11:58:26.0615 0x11cc Hotkey Utility - ok
11:58:26.0615 0x11cc Omnipage - ok
11:58:26.0615 0x11cc PDFPrint - ok
11:58:26.0615 0x11cc avgnt - ok
11:58:26.0615 0x11cc Dropbox - ok
11:58:26.0631 0x11cc Sidebar - ok
11:58:26.0631 0x11cc mctadmin - ok
11:58:26.0631 0x11cc Sidebar - ok
11:58:26.0631 0x11cc mctadmin - ok
11:58:26.0631 0x11cc Global Registration - ok
11:58:26.0631 0x11cc Sidebar - ok
11:58:26.0646 0x11cc Global Registration - ok
11:58:26.0646 0x11cc mctadmin - ok
11:58:26.0646 0x11cc ScrSav - ok
11:58:26.0677 0x11cc AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
11:58:26.0677 0x11cc Win FW state via NFP2: enabled ( trusted )
11:58:29.0111 0x11cc ============================================================
11:58:29.0111 0x11cc Scan finished
11:58:29.0111 0x11cc ============================================================
11:58:29.0111 0x0f90 Detected object count: 0
11:58:29.0111 0x0f90 Actual detected object count: 0
|
|
02.10.2015, 20:12
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot Sieht eigentlich gut aus. Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.10.2015, 12:49
| #5 |
| | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot Nach dem ersten Scan 4 Funde. Nach der Bereinigung war ein zweiter Scan dann sauber. Bericht des ersten Scans Code:
ATTFilter Emsisoft Emergency Kit - Version 10.0
Letztes Update: 03.10.2015 13:36:26
Benutzerkonto: ARBEITSZIMMER\****
Scan-Einstellungen:
Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien
PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 03.10.2015 13:36:35
C:\Windows\TEMP\APN-Stub Gefunden: Application.Win32.WebToolbar (A)
C:\Users\****\AppData\Roaming\dvdvideosoftiehelpers Gefunden: Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-2498524848-1469805208-1322061692-1000\SOFTWARE\YAHOOPARTNERTOOLBAR Gefunden: Application.Win32.YTool (A)
Key: HKEY_USERS\S-1-5-21-2498524848-1469805208-1322061692-1000\SOFTWARE\SOFTONIC Gefunden: Application.InstallAd (A)
Gescannt: 75224
Gefunden 4
Scan-Ende: 03.10.2015 13:42:54
Scan-Zeit: 0:06:19
Key: HKEY_USERS\S-1-5-21-2498524848-1469805208-1322061692-1000\SOFTWARE\SOFTONIC Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2498524848-1469805208-1322061692-1000\SOFTWARE\YAHOOPARTNERTOOLBAR Quarantäne Application.Win32.YTool (A)
C:\Users\****\AppData\Roaming\dvdvideosoftiehelpers Quarantäne Application.AppInstall (A)
C:\Windows\TEMP\APN-Stub Quarantäne Application.Win32.WebToolbar (A)
Quarantäne 4
|
|
04.10.2015, 07:03
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot Adware Reste. Ich seh so nix Zeus-technisches auf dem Rechner.
__________________ --> Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot |
|
04.10.2015, 07:39
| #7 |
| | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot Ok, das ist gut. Es gibt noch einen Windows 8 Laptop, den ich bisher für unproblematisch hielt. Sollten wir den auch einmal durchgehen? MBAM hat da zwar ein paar Funde gehabt, aber wenn ich mich richtig erinnere, dann waren das nur PUPs oder Cookies. Log kann ich aber gerne posten, bin nur gerade nicht vor Ort. |
|
04.10.2015, 15:25
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot Jop, bitte mal FRST, MBAR und TDSSKiller von dem Rechner 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.10.2015, 18:11
| #9 |
| | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot Hier die Scans vom Laptop: FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
durchgeführt von **** (Administrator) auf WOHNZIMMER (05-10-2015 17:36:56)
Gestartet von C:\Users\****\Desktop
Geladene Profile: **** (Verfügbare Profile: UpdatusUser & ****)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1828949343-4054772585-2899252710-1002\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-11-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-11-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-11-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-11-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-11-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-11-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-11-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-11-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 09 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-11-18] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{6CA55792-05DD-44EB-BFE0-3156863FE51A}: [DhcpNameServer] 192.168.2.2
Tcpip\..\Interfaces\{C912559F-061F-4C71-A755-E8CC6F8447BA}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-1828949343-4054772585-2899252710-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1828949343-4054772585-2899252710-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.facebook.com/?_rdr
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1828949343-4054772585-2899252710-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\yflnfu5g.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.qvc.de/?cookie=set
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\yflnfu5g.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\yflnfu5g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-27]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [Datei ist nicht signiert]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-05 17:36 - 2015-10-05 17:37 - 00015438 _____ C:\Users\****\Desktop\FRST.txt
2015-10-05 17:36 - 2015-10-05 17:37 - 00000000 ____D C:\FRST
2015-10-05 17:35 - 2015-10-05 17:35 - 00000474 _____ C:\Users\****\Desktop\defogger_disable.log
2015-10-05 17:35 - 2015-10-05 17:35 - 00000000 _____ C:\Users\****\defogger_reenable
2015-10-05 17:34 - 2015-10-05 17:34 - 02193920 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2015-10-05 17:34 - 2015-10-05 17:34 - 00050477 _____ C:\Users\****\Desktop\Defogger.exe
2015-10-04 07:58 - 2015-10-04 18:53 - 00024576 _____ C:\Users\****\Documents\Mitgliederbefragung.xls
2015-10-03 15:19 - 2015-10-03 15:19 - 00269019 _____ C:\Users\****\Downloads\winmail.dat
2015-10-01 14:14 - 2015-10-01 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-30 18:19 - 2015-09-30 19:01 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 18:19 - 2015-09-30 18:19 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-30 18:19 - 2015-09-30 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-09-30 18:19 - 2015-09-30 18:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-30 18:19 - 2015-09-30 18:19 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-09-30 18:19 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-30 18:19 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-30 18:19 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-30 18:18 - 2015-09-30 18:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-30 12:43 - 2015-09-30 12:57 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-30 12:43 - 2015-09-30 12:44 - 11350472 _____ (SurfRight B.V.) C:\Users\****\Downloads\hitmanpro_x64.exe
2015-09-26 19:37 - 2015-09-30 19:26 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2015-09-26 19:36 - 2015-09-26 19:36 - 00000889 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-09-26 19:36 - 2015-09-26 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-09-26 19:36 - 2015-09-26 19:36 - 00000000 ____D C:\Program Files\VideoLAN
2015-09-26 19:33 - 2015-09-26 19:33 - 01457952 _____ C:\Users\****\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2015-09-26 19:31 - 2015-09-26 19:31 - 00000017 _____ C:\Users\****\AppData\Local\resmon.resmoncfg
2015-09-26 15:27 - 2015-09-26 15:27 - 00003584 _____ C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-24 18:52 - 2015-09-24 18:52 - 15363145 _____ C:\Users\****\Downloads\Anhänge_20150924.zip
2015-09-14 18:55 - 2015-09-14 18:55 - 00291579 _____ C:\Users\****\Downloads\Robert2016.gpx
2015-09-09 16:21 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 16:21 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 16:21 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 16:21 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 16:21 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-09 16:21 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-09 16:21 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-09 16:21 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-09 16:21 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-09 16:21 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-09 16:21 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-09 16:21 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-09 16:21 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 16:21 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-09 14:11 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 14:11 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 14:11 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 14:11 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 14:11 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 14:11 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 14:11 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 14:11 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 14:11 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 14:11 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 14:10 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 14:10 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 14:09 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 14:09 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 14:09 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 14:09 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 14:09 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 14:09 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 14:09 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 14:09 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 14:09 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 14:09 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 14:09 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 14:09 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 14:09 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 14:09 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 14:09 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 14:09 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 14:09 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 14:09 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 14:09 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 14:09 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 14:09 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 14:09 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 14:09 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 14:09 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 14:09 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 14:09 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 14:09 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 14:09 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 14:09 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 14:09 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 14:08 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 14:07 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 14:07 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 14:07 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 14:07 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 14:07 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 14:07 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 14:07 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 14:07 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 14:07 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 14:07 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 14:07 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 14:07 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 14:07 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 14:06 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 14:06 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 14:06 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 14:06 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 14:06 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 14:06 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 14:06 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 14:06 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 14:06 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-05 17:35 - 2013-10-29 12:26 - 00000000 ____D C:\Users\****
2015-10-05 17:34 - 2013-10-29 12:20 - 01173555 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-05 17:31 - 2013-02-19 18:39 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-05 17:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-05 15:50 - 2013-11-12 15:09 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4C82FD4-E03C-4793-93D6-F7A904F4D02B}
2015-10-05 15:46 - 2013-01-22 18:31 - 00000408 _____ C:\Users\****\AppData\Roaming\sp_data.sys
2015-10-05 15:45 - 2013-02-19 18:39 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-05 15:43 - 2014-10-22 15:54 - 00023591 _____ C:\WINDOWS\setupact.log
2015-10-05 15:43 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-04 19:43 - 2013-09-30 06:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-04 19:43 - 2013-09-30 05:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-10-04 19:43 - 2013-09-30 05:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-10-04 19:09 - 2013-01-22 20:31 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-03 15:45 - 2013-10-15 19:40 - 00000000 ____D C:\Users\****\Documents\My Digital Editions
2015-10-01 17:45 - 2014-10-18 12:45 - 00232132 _____ C:\WINDOWS\PFRO.log
2015-10-01 17:45 - 2013-01-22 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-30 19:14 - 2013-01-22 18:36 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1828949343-4054772585-2899252710-1002
2015-09-27 20:48 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-26 15:26 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-24 13:32 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-23 16:10 - 2013-01-22 20:31 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-18 18:26 - 2014-08-15 17:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-17 15:32 - 2014-10-18 09:09 - 00000000 ____D C:\Users\****\AppData\Local\AviraSpeedup
2015-09-15 20:16 - 2013-02-19 18:39 - 00004112 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 20:16 - 2013-02-19 18:39 - 00003876 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 03:18 - 2014-11-12 17:42 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2014-11-12 17:42 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-12 11:39 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-12 00:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-10 17:57 - 2013-11-18 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-10 17:51 - 2013-08-22 16:44 - 00557520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 21:44 - 2013-09-30 05:59 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 21:44 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 21:37 - 2013-08-14 18:08 - 00000000 ____D C:\WINDOWS\system32\MRT
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-01-22 18:31 - 2015-10-05 15:46 - 0000408 _____ () C:\Users\****\AppData\Roaming\sp_data.sys
2015-09-26 15:27 - 2015-09-26 15:27 - 0003584 _____ () C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-26 19:31 - 2015-09-26 19:31 - 0000017 _____ () C:\Users\****\AppData\Local\resmon.resmoncfg
2013-11-15 11:02 - 2013-11-15 11:02 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-08-17 02:52 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 02:52 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Einige Dateien in TEMP:
====================
C:\Users\****\AppData\Local\Temp\avgnt.exe
C:\Users\****\AppData\Local\Temp\AviraSetup1152092078.exe
C:\Users\****\AppData\Local\Temp\AviraSetup1166997468.exe
C:\Users\****\AppData\Local\Temp\AviraSetup175250.exe
C:\Users\****\AppData\Local\Temp\HitmanPro.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-10-03 19:28
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:04-10-2015
durchgeführt von **** (2015-10-05 17:40:00)
Gestartet von C:\Users\****\Desktop
Windows 8.1 (X64) (2013-10-29 10:47:29)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1828949343-4054772585-2899252710-500 - Administrator - Disabled)
Gast (S-1-5-21-1828949343-4054772585-2899252710-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1828949343-4054772585-2899252710-1006 - Limited - Enabled)
**** (S-1-5-21-1828949343-4054772585-2899252710-1002 - Administrator - Enabled) => C:\Users\****
UpdatusUser (S-1-5-21-1828949343-4054772585-2899252710-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Product Demo Movie (HKLM-x32\...\{DC06C90B-C5BE-42F6-B74D-A9503170998C}) (Version: 1.0.3 - ASUS )
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
AutoCAD 2014 - Deutsch (German) (Version: 19.1.108.0 - Autodesk) Hidden
AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk AutoCAD 2014 - Deutsch (German) (HKLM\...\AutoCAD 2014 - Deutsch (German)) (Version: 19.1.18.0 - Autodesk)
Autodesk AutoCAD 2014 - Deutsch (German) SP1 (HKLM\...\AutoCAD 2014 - Deutsch (German) SP1) (Version: 1 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Garmin BaseCamp (HKLM-x32\...\{F7CEFC8E-591B-4F02-96AC-44972E6EAC3F}) (Version: 4.5.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GS-Zeugnis Version 9.x (HKLM-x32\...\{13A6B7FD-BD93-4FD9-82F7-ACBDAF984AF3}_is1) (Version: 9.x - GSS Jansen)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 de)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PCSUITE SHREDDER (HKLM-x32\...\PCSUITE_SHREDDER_PRO_is1) (Version: - Markement GmbH)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
Serif PhotoPlus X5 (HKLM-x32\...\{617E7009-0C50-4178-B0E2-F9D66DC8A582}) (Version: 15.0.2.012 - Serif (Europe) Ltd)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version: - Ozone)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1828949343-4054772585-2899252710-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1828949343-4054772585-2899252710-1002_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1828949343-4054772585-2899252710-1002_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1828949343-4054772585-2899252710-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\de-DE\acadficn.dll (Autodesk, Inc.)
==================== Wiederherstellungspunkte =========================
04-10-2015 21:57:54 Geplanter Prüfpunkt
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {069D70B1-36E4-42FB-B9BC-619FC984BAFD} - System32\Tasks\{ED279970-695D-4CB2-A65F-976EF193E158} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/go/help.faq.installer?LastError=1603
Task: {0E4227C0-F985-456A-9E8B-DBAFC27DFEAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)
Task: {16A07442-3036-4C64-9403-1744BE574AFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1933DEAF-AEAC-4C50-88B7-5269BB4005FE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {2789DF65-3039-4274-A7B7-265CABE5996C} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {2A6E272B-8565-4EB8-844A-BF1F9D9DA29C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2FB41638-BAB3-42F2-A8C6-A2956D2F2DF3} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {34ED7663-ED69-4044-8380-1C48CCDF931B} - System32\Tasks\{CF13565D-C678-47E5-9C96-81A80DE30022} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?source=lightinstaller&page=tsMain
Task: {3B9DD867-B780-48AE-9099-0B3A14DBD417} - System32\Tasks\{015640BC-8DC5-4DB8-9814-6A64B84EB18D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/go/help.faq.installer?LastError=1603
Task: {6A0BD124-5A23-4CEF-97F8-44EEC8E429BB} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {6B008428-365A-4B27-9B5E-10BE8474A3D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {6ECE1CB6-2635-4B43-B0D2-AA95DBAC91DA} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {73AD503C-2FBC-48A8-B1EC-B0DC793C74AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8B1D52C8-111A-40F1-8C1D-6C761D029F07} - System32\Tasks\{4FE00255-A05E-4A89-9F6D-4256D307EB9E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/go/help.faq.installer?LastError=1603
Task: {9E0A1FCA-493C-420F-9A60-C93D94C30308} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {B8B4573F-2EB8-49DD-B6F3-329313511AA0} - System32\Tasks\{C8E58A32-DBE3-4BB3-B46B-CCBE2694A9FD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/go/help.faq.installer?LastError=1603
Task: {C1D831EB-8F1E-4FEC-A0F4-726601C1B166} - System32\Tasks\{88264DCE-1086-4060-9D5A-850B2B3EE846} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/go/help.faq.installer?LastError=1603
Task: {E403B5C2-AF6D-49FC-AC76-CC36C72DD820} - System32\Tasks\{D6C7C7A2-AE63-4754-8264-18E4A623DC59} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/go/help.faq.installer?LastError=1603
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-09-05 03:36 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-11-23 09:50 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-11 16:01 - 2012-09-11 16:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\****\SkyDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1828949343-4054772585-2899252710-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\****\Pictures\Urlaub\2013 Meran\2013 Meran\DSCF2830.JPG
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5005D8A3-AB29-4E1B-87FA-549874219737}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9D5CD371-143E-4F02-8DF1-DAFC0D3415E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{324ABB1D-AB35-42A7-92DB-553123F467E0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4FB4080D-DBD1-4A6D-9B0C-C29BAE061220}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A23312EB-2B31-4B2B-83C2-602623D767BF}] => (Allow) LPort=50248
FirewallRules: [{FC81F8EA-DFD1-4F4E-8947-086AE0DBD377}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C37149E4-BF57-4324-9287-DD943C80D165}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0EBA66C9-ED4D-4727-89F7-B556BB19792A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5E4146C8-C967-4F40-A7E8-A5BEE6A2C8EC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{8F6CB61F-61E8-4D58-B89D-8BA0AD06AE37}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{782DFD0D-2B6A-4927-A8C2-071B8458AD59}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/04/2015 07:45:12 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (10/03/2015 10:28:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (10/03/2015 08:55:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 41.0.1.5750, Zeitstempel: 0x560b37be
Name des fehlerhaften Moduls: mozglue.dll, Version: 41.0.1.5750, Zeitstempel: 0x560b229d
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ec7f
ID des fehlerhaften Prozesses: 0x1304
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (10/02/2015 09:59:32 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/26/2015 06:56:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AsusTPCenter.exe, Version: 1.0.0.43, Zeitstempel: 0x50879199
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68e0c
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f1280
ID des fehlerhaften Prozesses: 0x161c
Startzeit der fehlerhaften Anwendung: 0xAsusTPCenter.exe0
Pfad der fehlerhaften Anwendung: AsusTPCenter.exe1
Pfad des fehlerhaften Moduls: AsusTPCenter.exe2
Berichtskennung: AsusTPCenter.exe3
Vollständiger Name des fehlerhaften Pakets: AsusTPCenter.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AsusTPCenter.exe5
Error: (09/26/2015 01:13:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/26/2015 09:43:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 41.0.0.5738, Zeitstempel: 0x55fb7072
Name des fehlerhaften Moduls: mozglue.dll, Version: 41.0.0.5738, Zeitstempel: 0x55fb5afb
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ec7e
ID des fehlerhaften Prozesses: 0x1324
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (09/26/2015 09:43:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 41.0.0.5738 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8d8
Startzeit: 01d0f82e5d810456
Endzeit: 32
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 5517b793-6422-11e5-bf0b-08606e0c3e14
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/25/2015 06:57:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/24/2015 09:01:51 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Systemfehler:
=============
Error: (10/05/2015 05:21:47 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (10/05/2015 05:07:06 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (10/05/2015 03:58:07 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (10/05/2015 03:45:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (10/05/2015 03:45:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (10/05/2015 03:42:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys
Error: (10/05/2015 09:18:30 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (10/04/2015 10:05:49 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (10/04/2015 10:01:33 PM) (Source: DCOM) (EventID: 10010) (User: Wohnzimmer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (10/04/2015 10:00:58 PM) (Source: DCOM) (EventID: 10010) (User: Wohnzimmer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Pentium(R) CPU B970 @ 2.30GHz
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 3979.63 MB
Verfügbarer physikalischer RAM: 2445.8 MB
Summe virtueller Speicher: 4683.63 MB
Verfügbarer virtueller Speicher: 2652.3 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:372.26 GB) (Free:300.41 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (DATA) (Fixed) (Total:537.89 GB) (Free:534.62 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B19F8D36)
Partition: GPT.
==================== Ende von Addition.txt ============================
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.10.05.05
rootkit: v2015.10.02.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18036
**** :: WOHNZIMMER [administrator]
05.10.2015 18:28:59
mbar-log-2015-10-05 (18-28-59).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 406939
Time elapsed: 23 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
05.10.2015, 18:12
| #10 |
| | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot TDSSKiller Code:
ATTFilter 18:52:48.0577 0x0a60 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
18:52:48.0586 0x0a60 UEFI system
18:52:51.0267 0x0a60 ============================================================
18:52:51.0267 0x0a60 Current date / time: 2015/10/05 18:52:51.0267
18:52:51.0267 0x0a60 SystemInfo:
18:52:51.0267 0x0a60
18:52:51.0267 0x0a60 OS Version: 6.3.9600 ServicePack: 0.0
18:52:51.0267 0x0a60 Product type: Workstation
18:52:51.0267 0x0a60 ComputerName: WOHNZIMMER
18:52:51.0267 0x0a60 UserName: ****
18:52:51.0267 0x0a60 Windows directory: C:\WINDOWS
18:52:51.0267 0x0a60 System windows directory: C:\WINDOWS
18:52:51.0267 0x0a60 Running under WOW64
18:52:51.0267 0x0a60 Processor architecture: Intel x64
18:52:51.0267 0x0a60 Number of processors: 2
18:52:51.0267 0x0a60 Page size: 0x1000
18:52:51.0267 0x0a60 Boot type: Normal boot
18:52:51.0267 0x0a60 ============================================================
18:52:51.0609 0x0a60 KLMD registered as C:\WINDOWS\system32\drivers\69521289.sys
18:52:52.0001 0x0a60 System UUID: {2BD5D79D-2F32-7178-F41A-8556AF105F9C}
18:52:52.0572 0x0a60 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:52:52.0583 0x0a60 ============================================================
18:52:52.0583 0x0a60 \Device\Harddisk0\DR0:
18:52:52.0583 0x0a60 GPT partitions:
18:52:52.0584 0x0a60 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {5A60FFF2-384A-4168-AD7B-7BA25C03C910}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
18:52:52.0584 0x0a60 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5DA02B32-607A-4C63-88EF-00499BD6E05C}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x12C000
18:52:52.0584 0x0a60 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6C501A91-71A5-45D8-A9EE-2E2A1C427258}, Name: Microsoft reserved partition, StartLBA 0x1C2800, BlocksNum 0x40000
18:52:52.0584 0x0a60 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6E182189-B0E3-479A-AC74-8E69452D7C66}, Name: Basic data partition, StartLBA 0x202800, BlocksNum 0x2E886800
18:52:52.0584 0x0a60 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {41ED9B28-8D5D-4AA7-ABCE-155319E4FA85}, Name: , StartLBA 0x2EA89000, BlocksNum 0xAF000
18:52:52.0584 0x0a60 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BE7E04AC-FB01-44FD-9571-E0B001652322}, Name: Basic data partition, StartLBA 0x2EB38000, BlocksNum 0x433C9800
18:52:52.0584 0x0a60 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4D42C26D-2C85-4EBF-88EC-7A83A4814A61}, Name: Basic data partition, StartLBA 0x71F01800, BlocksNum 0x2805000
18:52:52.0584 0x0a60 MBR partitions:
18:52:52.0584 0x0a60 ============================================================
18:52:52.0611 0x0a60 C: <-> \Device\Harddisk0\DR0\Partition4
18:52:52.0659 0x0a60 D: <-> \Device\Harddisk0\DR0\Partition6
18:52:52.0659 0x0a60 ============================================================
18:52:52.0659 0x0a60 Initialize success
18:52:52.0659 0x0a60 ============================================================
18:53:23.0262 0x0894 ============================================================
18:53:23.0262 0x0894 Scan started
18:53:23.0262 0x0894 Mode: Manual; SigCheck; TDLFS;
18:53:23.0262 0x0894 ============================================================
18:53:23.0262 0x0894 KSN ping started
18:53:25.0649 0x0894 KSN ping finished: true
18:53:27.0829 0x0894 ================ Scan system memory ========================
18:53:27.0829 0x0894 System memory - ok
18:53:27.0829 0x0894 ================ Scan services =============================
18:53:27.0992 0x0894 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
18:53:28.0165 0x0894 1394ohci - ok
18:53:28.0218 0x0894 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
18:53:28.0232 0x0894 3ware - ok
18:53:28.0283 0x0894 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
18:53:28.0317 0x0894 ACPI - ok
18:53:28.0361 0x0894 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
18:53:28.0374 0x0894 acpiex - ok
18:53:28.0391 0x0894 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
18:53:28.0421 0x0894 acpipagr - ok
18:53:28.0451 0x0894 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
18:53:28.0573 0x0894 AcpiPmi - ok
18:53:28.0577 0x0894 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
18:53:28.0601 0x0894 acpitime - ok
18:53:28.0684 0x0894 [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:53:28.0694 0x0894 AdobeARMservice - ok
18:53:28.0825 0x0894 [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:53:28.0839 0x0894 AdobeFlashPlayerUpdateSvc - ok
18:53:28.0894 0x0894 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
18:53:28.0931 0x0894 ADP80XX - ok
18:53:28.0971 0x0894 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
18:53:29.0061 0x0894 AeLookupSvc - ok
18:53:29.0105 0x0894 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
18:53:29.0362 0x0894 AFD - ok
18:53:29.0403 0x0894 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
18:53:29.0415 0x0894 agp440 - ok
18:53:29.0435 0x0894 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
18:53:29.0548 0x0894 ahcache - ok
18:53:29.0564 0x0894 [ 16F6F6B7903B913AB41AB848C8BB5658, 7304257048CB42E5274B3F6400F4A053A38E3B70A157662FE9D2B7C5979DE851 ] AiCharger C:\WINDOWS\system32\DRIVERS\AiCharger.sys
18:53:29.0580 0x0894 AiCharger - ok
18:53:29.0616 0x0894 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
18:53:29.0750 0x0894 ALG - ok
18:53:29.0768 0x0894 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
18:53:29.0848 0x0894 AmdK8 - ok
18:53:29.0905 0x0894 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
18:53:29.0940 0x0894 AmdPPM - ok
18:53:29.0970 0x0894 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
18:53:29.0982 0x0894 amdsata - ok
18:53:30.0029 0x0894 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
18:53:30.0106 0x0894 amdsbs - ok
18:53:30.0122 0x0894 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
18:53:30.0133 0x0894 amdxata - ok
18:53:30.0206 0x0894 [ 9FE1AC875A7AD7B7FF28FEC8B754968D, EEE04D4073E49332C85028B62E8A035EAA2284526A3F3820133492C8F8CBA3D5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
18:53:30.0238 0x0894 AntiVirMailService - ok
18:53:30.0285 0x0894 [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:53:30.0304 0x0894 AntiVirSchedulerService - ok
18:53:30.0342 0x0894 [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:53:30.0361 0x0894 AntiVirService - ok
18:53:30.0434 0x0894 [ D9A8EE3F4A1E604B9315B34A5AA4569E, 287BA8FA1949646E03D39F36F50C016251358A8A454EE19D249E76A723F1455E ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
18:53:30.0474 0x0894 AntiVirWebService - ok
18:53:30.0536 0x0894 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
18:53:30.0633 0x0894 AppID - ok
18:53:30.0694 0x0894 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
18:53:30.0719 0x0894 AppIDSvc - ok
18:53:30.0754 0x0894 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
18:53:30.0910 0x0894 Appinfo - ok
18:53:30.0958 0x0894 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
18:53:31.0038 0x0894 AppReadiness - ok
18:53:31.0129 0x0894 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
18:53:31.0228 0x0894 AppXSvc - ok
18:53:31.0251 0x0894 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
18:53:31.0265 0x0894 arcsas - ok
18:53:31.0356 0x0894 [ E40AF754F43E3B44E2D6DE829267AD52, 5F9427E595A56464807D071205FB4DFD6BB21B68058E67529DC1727D32FAB0AD ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
18:53:31.0366 0x0894 ASLDRService - ok
18:53:31.0396 0x0894 [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:53:31.0402 0x0894 ASMMAP64 - ok
18:53:31.0447 0x0894 [ 6A122B4F0E5293CACFA8A5F2CBA9B356, 9D69076B697BEE8742E32EBEF1802D829DEA6B1D93AF485D11CC89A08CA4D809 ] ASUS InstantOn C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
18:53:31.0461 0x0894 ASUS InstantOn - ok
18:53:31.0493 0x0894 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
18:53:31.0503 0x0894 atapi - ok
18:53:31.0776 0x0894 [ 688941322FB20DB0407B6F149607517D, 53ABFCE11485E307D56598BF03121DDCD8D3E75FE2D85E513252C5A649D7EBAD ] athr C:\WINDOWS\system32\DRIVERS\athwbx.sys
18:53:31.0995 0x0894 athr - ok
18:53:32.0020 0x0894 [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:53:32.0029 0x0894 ATKGFNEXSrv - ok
18:53:32.0055 0x0894 [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
18:53:32.0062 0x0894 ATKWMIACPIIO - ok
18:53:32.0095 0x0894 [ 437EB91CB20144375DDE145149778405, 5E76CDE2B3C852755F6E54AF774E9BECDF472103D83B815899333DE268536B98 ] ATP C:\WINDOWS\System32\drivers\AsusTP.sys
18:53:32.0103 0x0894 ATP - ok
18:53:32.0135 0x0894 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
18:53:32.0256 0x0894 AudioEndpointBuilder - ok
18:53:32.0299 0x0894 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
18:53:32.0345 0x0894 Audiosrv - ok
18:53:32.0444 0x0894 [ 3817558D8D5BBC8B0F190CF0D7C4720F, 7CD250DD22BE0E6CF6BEA639EA8220E46158CA7DF33FF803967CEAEA7FBD14E5 ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
18:53:32.0473 0x0894 Autodesk Content Service - detected UnsignedFile.Multi.Generic ( 1 )
18:53:34.0864 0x0894 Detect skipped due to KSN trusted
18:53:34.0864 0x0894 Autodesk Content Service - ok
18:53:34.0931 0x0894 [ A900ED612B02CB3A2A8028866ED62E72, 0A93B04E8796AC6F1B6C8C858F717A4C73C11BC0C99BF285A486E57DB30D7965 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:53:34.0943 0x0894 avgntflt - ok
18:53:34.0961 0x0894 [ 45061BD6F11B80BF1C07A9253A659BF1, 9A1AFE963672E23F3C19FACE2CEB64766C964B165ECB26F36B6FB5730CEAFD2D ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:53:34.0973 0x0894 avipbb - ok
18:53:35.0026 0x0894 [ 24680B56D862F1DE30C13FC64B80F568, 4B30EB73369691B915F5615E1BF6C95B070E184BC42BCC505C94410014A04EB3 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
18:53:35.0040 0x0894 Avira.ServiceHost - ok
18:53:35.0064 0x0894 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:53:35.0072 0x0894 avkmgr - ok
18:53:35.0098 0x0894 [ 83586138F23A4C284EB68AFC852D7AFA, 9ADE8924B4518ED0A8E3FC4CC3F9964BC05B5FF67F230A7FD0BDABCFFA0BB0C8 ] avnetflt C:\WINDOWS\system32\DRIVERS\avnetflt.sys
18:53:35.0106 0x0894 avnetflt - ok
18:53:35.0141 0x0894 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
18:53:35.0264 0x0894 AxInstSV - ok
18:53:35.0308 0x0894 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
18:53:35.0334 0x0894 b06bdrv - ok
18:53:35.0349 0x0894 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
18:53:35.0485 0x0894 BasicDisplay - ok
18:53:35.0537 0x0894 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
18:53:35.0659 0x0894 BasicRender - ok
18:53:35.0696 0x0894 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
18:53:35.0704 0x0894 bcmfn2 - ok
18:53:35.0779 0x0894 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\WINDOWS\System32\bdesvc.dll
18:53:35.0892 0x0894 BDESVC - ok
18:53:35.0932 0x0894 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:53:36.0010 0x0894 Beep - ok
18:53:36.0096 0x0894 [ 22A5582ACF0CEE97268D7868C69F35CE, 78A44C10966FE467D3FCC76BE37647AE2CC2BCA9DE5715AD9E643162B23C3A19 ] BFE C:\WINDOWS\System32\bfe.dll
18:53:36.0243 0x0894 BFE - ok
18:53:36.0316 0x0894 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
18:53:36.0393 0x0894 BITS - ok
18:53:36.0407 0x0894 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
18:53:36.0524 0x0894 bowser - ok
18:53:36.0564 0x0894 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
18:53:36.0715 0x0894 BrokerInfrastructure - ok
18:53:36.0751 0x0894 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
18:53:36.0856 0x0894 Browser - ok
18:53:36.0890 0x0894 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:53:36.0976 0x0894 BthAvrcpTg - ok
18:53:37.0004 0x0894 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
18:53:37.0052 0x0894 BthHFEnum - ok
18:53:37.0074 0x0894 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
18:53:37.0099 0x0894 bthhfhid - ok
18:53:37.0142 0x0894 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
18:53:37.0203 0x0894 BthHFSrv - ok
18:53:37.0224 0x0894 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
18:53:37.0251 0x0894 BTHMODEM - ok
18:53:37.0287 0x0894 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
18:53:37.0356 0x0894 bthserv - ok
18:53:37.0374 0x0894 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
18:53:37.0453 0x0894 cdfs - ok
18:53:37.0477 0x0894 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
18:53:37.0492 0x0894 cdrom - ok
18:53:37.0532 0x0894 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
18:53:37.0569 0x0894 CertPropSvc - ok
18:53:37.0610 0x0894 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
18:53:37.0644 0x0894 circlass - ok
18:53:37.0687 0x0894 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
18:53:37.0708 0x0894 CLFS - ok
18:53:37.0741 0x0894 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
18:53:37.0797 0x0894 CmBatt - ok
18:53:37.0845 0x0894 [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
18:53:37.0873 0x0894 CNG - ok
18:53:37.0893 0x0894 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
18:53:37.0930 0x0894 CompositeBus - ok
18:53:37.0935 0x0894 COMSysApp - ok
18:53:37.0949 0x0894 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
18:53:37.0994 0x0894 condrv - ok
18:53:38.0060 0x0894 [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
18:53:38.0084 0x0894 cphs - ok
18:53:38.0129 0x0894 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
18:53:38.0219 0x0894 CryptSvc - ok
18:53:38.0243 0x0894 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\WINDOWS\system32\drivers\dam.sys
18:53:38.0254 0x0894 dam - ok
18:53:38.0314 0x0894 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:53:38.0390 0x0894 DcomLaunch - ok
18:53:38.0433 0x0894 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
18:53:38.0558 0x0894 defragsvc - ok
18:53:38.0645 0x0894 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
18:53:38.0708 0x0894 DeviceAssociationService - ok
18:53:38.0749 0x0894 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
18:53:38.0812 0x0894 DeviceInstall - ok
18:53:38.0836 0x0894 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
18:53:38.0946 0x0894 Dfsc - ok
18:53:38.0977 0x0894 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
18:53:38.0987 0x0894 dg_ssudbus - ok
18:53:39.0048 0x0894 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
18:53:39.0121 0x0894 Dhcp - ok
18:53:39.0187 0x0894 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
18:53:39.0300 0x0894 DiagTrack - ok
18:53:39.0339 0x0894 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
18:53:39.0351 0x0894 disk - ok
18:53:39.0381 0x0894 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
18:53:39.0478 0x0894 dmvsc - ok
18:53:39.0502 0x0894 [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:53:39.0599 0x0894 Dnscache - ok
18:53:39.0634 0x0894 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
18:53:39.0716 0x0894 dot3svc - ok
18:53:39.0751 0x0894 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
18:53:39.0780 0x0894 DPS - ok
18:53:39.0809 0x0894 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:53:39.0819 0x0894 drmkaud - ok
18:53:39.0853 0x0894 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
18:53:39.0885 0x0894 DsmSvc - ok
18:53:39.0976 0x0894 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
18:53:40.0034 0x0894 DXGKrnl - ok
18:53:40.0054 0x0894 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
18:53:40.0114 0x0894 Eaphost - ok
18:53:40.0248 0x0894 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
18:53:40.0362 0x0894 ebdrv - ok
18:53:40.0401 0x0894 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
18:53:40.0412 0x0894 EFS - ok
18:53:40.0447 0x0894 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
18:53:40.0459 0x0894 EhStorClass - ok
18:53:40.0485 0x0894 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
18:53:40.0498 0x0894 EhStorTcgDrv - ok
18:53:40.0517 0x0894 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
18:53:40.0544 0x0894 ErrDev - ok
18:53:40.0599 0x0894 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
18:53:40.0675 0x0894 EventSystem - ok
18:53:40.0689 0x0894 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
18:53:40.0784 0x0894 exfat - ok
18:53:40.0863 0x0894 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
18:53:40.0880 0x0894 fastfat - ok
18:53:40.0931 0x0894 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
18:53:41.0019 0x0894 Fax - ok
18:53:41.0039 0x0894 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
18:53:41.0067 0x0894 fdc - ok
18:53:41.0139 0x0894 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
18:53:41.0186 0x0894 fdPHost - ok
18:53:41.0218 0x0894 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
18:53:41.0243 0x0894 FDResPub - ok
18:53:41.0271 0x0894 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
18:53:41.0356 0x0894 fhsvc - ok
18:53:41.0396 0x0894 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
18:53:41.0407 0x0894 FileInfo - ok
18:53:41.0440 0x0894 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
18:53:41.0476 0x0894 Filetrace - ok
18:53:41.0585 0x0894 [ 4ABED7916DB028C614C888D2A6826311, B7EB4838C41EA382230970854FAFC2BF5C38E4D87FECA3192E6775944EBB6F6F ] FlexNet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:53:41.0631 0x0894 FlexNet Licensing Service 64 - ok
18:53:41.0659 0x0894 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
18:53:41.0689 0x0894 flpydisk - ok
18:53:41.0742 0x0894 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:53:41.0762 0x0894 FltMgr - ok
18:53:41.0829 0x0894 [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache C:\WINDOWS\system32\FntCache.dll
18:53:41.0943 0x0894 FontCache - ok
18:53:42.0041 0x0894 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:53:42.0052 0x0894 FontCache3.0.0.0 - ok
18:53:42.0086 0x0894 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
18:53:42.0097 0x0894 FsDepends - ok
18:53:42.0113 0x0894 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:53:42.0123 0x0894 Fs_Rec - ok
18:53:42.0184 0x0894 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
18:53:42.0212 0x0894 fvevol - ok
18:53:42.0247 0x0894 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
18:53:42.0277 0x0894 FxPPM - ok
18:53:42.0299 0x0894 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
18:53:42.0311 0x0894 gagp30kx - ok
18:53:42.0343 0x0894 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
18:53:42.0366 0x0894 gencounter - ok
18:53:42.0400 0x0894 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
18:53:42.0415 0x0894 GPIOClx0101 - ok
18:53:42.0489 0x0894 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
18:53:42.0549 0x0894 gpsvc - ok
18:53:42.0579 0x0894 [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
18:53:42.0585 0x0894 grmnusb - ok
18:53:42.0666 0x0894 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:53:42.0688 0x0894 gupdate - ok
18:53:42.0695 0x0894 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:53:42.0705 0x0894 gupdatem - ok
18:53:42.0729 0x0894 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
18:53:42.0835 0x0894 HDAudBus - ok
18:53:42.0855 0x0894 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
18:53:42.0883 0x0894 HidBatt - ok
18:53:42.0920 0x0894 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
18:53:42.0974 0x0894 HidBth - ok
18:53:43.0006 0x0894 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
18:53:43.0036 0x0894 hidi2c - ok
18:53:43.0066 0x0894 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
18:53:43.0078 0x0894 HidIr - ok
18:53:43.0110 0x0894 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
18:53:43.0173 0x0894 hidserv - ok
18:53:43.0198 0x0894 [ 894D982CEAB8CD45A56AE2C9988E86C0, AA2DEB62CB69FF1AEF772989342F2CF77CA48F212C9489A92A4FF97FD46D3866 ] HIDSwitch C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys
18:53:43.0205 0x0894 HIDSwitch - ok
18:53:43.0234 0x0894 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
18:53:43.0328 0x0894 HidUsb - ok
18:53:43.0369 0x0894 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
18:53:43.0411 0x0894 hkmsvc - ok
18:53:43.0455 0x0894 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
18:53:43.0543 0x0894 HomeGroupListener - ok
18:53:43.0590 0x0894 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
18:53:43.0613 0x0894 HomeGroupProvider - ok
18:53:43.0647 0x0894 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
18:53:43.0658 0x0894 HpSAMD - ok
18:53:43.0711 0x0894 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
18:53:43.0752 0x0894 HTTP - ok
18:53:43.0786 0x0894 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
18:53:43.0797 0x0894 hwpolicy - ok
18:53:43.0837 0x0894 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
18:53:43.0865 0x0894 hyperkbd - ok
18:53:43.0885 0x0894 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
18:53:43.0914 0x0894 HyperVideo - ok
18:53:43.0972 0x0894 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
18:53:44.0122 0x0894 i8042prt - ok
18:53:44.0155 0x0894 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
18:53:44.0164 0x0894 iaLPSSi_GPIO - ok
18:53:44.0186 0x0894 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
18:53:44.0196 0x0894 iaLPSSi_I2C - ok
18:53:44.0243 0x0894 [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
18:53:44.0266 0x0894 iaStorA - ok
18:53:44.0314 0x0894 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
18:53:44.0339 0x0894 iaStorAV - ok
18:53:44.0362 0x0894 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
18:53:44.0384 0x0894 iaStorV - ok
18:53:44.0493 0x0894 [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
18:53:44.0574 0x0894 IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
18:53:46.0967 0x0894 Detect skipped due to KSN trusted
18:53:46.0967 0x0894 IconMan_R - ok
18:53:46.0972 0x0894 IEEtwCollectorService - ok
18:53:47.0171 0x0894 [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
18:53:47.0376 0x0894 igfx - ok
18:53:47.0442 0x0894 [ 57322EBB67A59FB64E228F31A84CA43D, 258DA26BDFAB635F145E55CF65CDFCFE4EB91454E3F930489E92810250EF9FD7 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
18:53:47.0491 0x0894 IKEEXT - ok
18:53:47.0649 0x0894 [ DF74EBA74729CD86D011AB52111D6802, BEB72F83B7049A36C5B45F10C33EF4684ED5C55E6546B6D86D59DE65E15B08CB ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
18:53:47.0761 0x0894 IntcAzAudAddService - ok
18:53:47.0808 0x0894 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
18:53:47.0838 0x0894 IntcDAud - ok
18:53:47.0902 0x0894 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:53:47.0925 0x0894 Intel(R) Capability Licensing Service Interface - ok
18:53:48.0010 0x0894 [ 9656F8E29F6C3161A3E99BCD3A472FF9, 30AD00B53CCB2E4121508729F3471D3C0568F1C32324C398382C97E8BC43ECF0 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
18:53:48.0019 0x0894 Intel(R) ME Service - ok
18:53:48.0031 0x0894 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
18:53:48.0042 0x0894 intelide - ok
18:53:48.0064 0x0894 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
18:53:48.0074 0x0894 intelpep - ok
18:53:48.0095 0x0894 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
18:53:48.0127 0x0894 intelppm - ok
18:53:48.0163 0x0894 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:53:48.0246 0x0894 IpFilterDriver - ok
18:53:48.0304 0x0894 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
18:53:48.0353 0x0894 iphlpsvc - ok
18:53:48.0384 0x0894 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
18:53:48.0539 0x0894 IPMIDRV - ok
18:53:48.0567 0x0894 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
18:53:48.0643 0x0894 IPNAT - ok
18:53:48.0661 0x0894 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
18:53:48.0700 0x0894 IRENUM - ok
18:53:48.0729 0x0894 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
18:53:48.0739 0x0894 isapnp - ok
18:53:48.0781 0x0894 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
18:53:48.0799 0x0894 iScsiPrt - ok
18:53:48.0840 0x0894 [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:53:48.0851 0x0894 jhi_service - ok
18:53:48.0875 0x0894 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
18:53:48.0886 0x0894 kbdclass - ok
18:53:48.0919 0x0894 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
18:53:48.0943 0x0894 kbdhid - ok
18:53:48.0971 0x0894 [ A8080BEBCDB7A16495CE1205921DCAC5, D4B0EF97B75BF75934A0BEEE48CACD20E8F505600C3A07243DF7627680EE8552 ] kbfiltr C:\WINDOWS\System32\drivers\kbfiltr.sys
18:53:49.0007 0x0894 kbfiltr - ok
18:53:49.0045 0x0894 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
18:53:49.0122 0x0894 kdnic - ok
18:53:49.0143 0x0894 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
18:53:49.0154 0x0894 KeyIso - ok
18:53:49.0208 0x0894 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
18:53:49.0220 0x0894 KSecDD - ok
18:53:49.0252 0x0894 [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
18:53:49.0268 0x0894 KSecPkg - ok
18:53:49.0280 0x0894 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
18:53:49.0305 0x0894 ksthunk - ok
18:53:49.0334 0x0894 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
18:53:49.0354 0x0894 KtmRm - ok
18:53:49.0404 0x0894 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
18:53:49.0473 0x0894 LanmanServer - ok
18:53:49.0511 0x0894 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
18:53:49.0531 0x0894 LanmanWorkstation - ok
18:53:49.0564 0x0894 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
18:53:49.0646 0x0894 lfsvc - ok
18:53:49.0679 0x0894 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
18:53:49.0703 0x0894 lltdio - ok
18:53:49.0731 0x0894 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
18:53:49.0749 0x0894 lltdsvc - ok
18:53:49.0777 0x0894 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
18:53:49.0841 0x0894 lmhosts - ok
18:53:49.0885 0x0894 [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:53:49.0898 0x0894 LMS - ok
18:53:49.0940 0x0894 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
18:53:49.0953 0x0894 LSI_SAS - ok
18:53:49.0969 0x0894 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
18:53:49.0981 0x0894 LSI_SAS2 - ok
18:53:50.0002 0x0894 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
18:53:50.0014 0x0894 LSI_SAS3 - ok
18:53:50.0030 0x0894 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
18:53:50.0042 0x0894 LSI_SSS - ok
18:53:50.0095 0x0894 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
18:53:50.0194 0x0894 LSM - ok
18:53:50.0227 0x0894 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
18:53:50.0315 0x0894 luafv - ok
18:53:50.0391 0x0894 [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:53:50.0399 0x0894 MBAMProtector - ok
18:53:50.0451 0x0894 [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
18:53:50.0487 0x0894 MBAMService - ok
18:53:50.0516 0x0894 [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
18:53:50.0523 0x0894 MBAMWebAccessControl - ok
18:53:50.0559 0x0894 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
18:53:50.0570 0x0894 megasas - ok
18:53:50.0598 0x0894 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
18:53:50.0625 0x0894 megasr - ok
18:53:50.0658 0x0894 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
18:53:50.0665 0x0894 MEIx64 - ok
18:53:50.0704 0x0894 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
18:53:50.0757 0x0894 MMCSS - ok
18:53:50.0785 0x0894 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
18:53:50.0811 0x0894 Modem - ok
18:53:50.0850 0x0894 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
18:53:50.0907 0x0894 monitor - ok
18:53:50.0926 0x0894 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
18:53:50.0937 0x0894 mouclass - ok
18:53:50.0970 0x0894 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
18:53:50.0990 0x0894 mouhid - ok
18:53:51.0021 0x0894 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
18:53:51.0033 0x0894 mountmgr - ok
18:53:51.0097 0x0894 [ 6215DA3AD492CFBEBEE2ADBED0A6CC22, 07B290B58EF722825D50AF97E10B7098A2118B3F335E1FFF8F9E5E9AF7A0A6CE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:53:51.0109 0x0894 MozillaMaintenance - ok
18:53:51.0143 0x0894 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
18:53:51.0201 0x0894 mpsdrv - ok
18:53:51.0250 0x0894 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
18:53:51.0298 0x0894 MpsSvc - ok
18:53:51.0339 0x0894 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
18:53:51.0412 0x0894 MRxDAV - ok
18:53:51.0452 0x0894 [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:53:51.0547 0x0894 mrxsmb - ok
18:53:51.0574 0x0894 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
18:53:51.0640 0x0894 mrxsmb10 - ok
18:53:51.0649 0x0894 [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
18:53:51.0680 0x0894 mrxsmb20 - ok
18:53:51.0734 0x0894 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
18:53:51.0766 0x0894 MsBridge - ok
18:53:51.0800 0x0894 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:53:51.0815 0x0894 MSDTC - ok
18:53:51.0854 0x0894 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:53:51.0879 0x0894 Msfs - ok
18:53:51.0911 0x0894 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
18:53:51.0921 0x0894 msgpiowin32 - ok
18:53:51.0933 0x0894 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
18:53:51.0962 0x0894 mshidkmdf - ok
18:53:51.0976 0x0894 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
18:53:52.0000 0x0894 mshidumdf - ok
18:53:52.0018 0x0894 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
18:53:52.0028 0x0894 msisadrv - ok
18:53:52.0064 0x0894 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
18:53:52.0079 0x0894 MSiSCSI - ok
18:53:52.0083 0x0894 msiserver - ok
18:53:52.0101 0x0894 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:53:52.0112 0x0894 MSKSSRV - ok
18:53:52.0154 0x0894 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
18:53:52.0197 0x0894 MsLldp - ok
18:53:52.0210 0x0894 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:53:52.0231 0x0894 MSPCLOCK - ok
18:53:52.0249 0x0894 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:53:52.0272 0x0894 MSPQM - ok
18:53:52.0296 0x0894 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
18:53:52.0319 0x0894 MsRPC - ok
18:53:52.0327 0x0894 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
18:53:52.0337 0x0894 mssmbios - ok
18:53:52.0350 0x0894 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:53:52.0378 0x0894 MSTEE - ok
18:53:52.0412 0x0894 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
18:53:52.0442 0x0894 MTConfig - ok
18:53:52.0449 0x0894 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
18:53:52.0460 0x0894 Mup - ok
18:53:52.0482 0x0894 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
18:53:52.0493 0x0894 mvumis - ok
18:53:52.0532 0x0894 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
18:53:52.0571 0x0894 napagent - ok
18:53:52.0620 0x0894 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
18:53:52.0705 0x0894 NativeWifiP - ok
18:53:52.0740 0x0894 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
18:53:52.0782 0x0894 NcaSvc - ok
18:53:52.0811 0x0894 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
18:53:52.0871 0x0894 NcbService - ok
18:53:52.0906 0x0894 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
18:53:52.0972 0x0894 NcdAutoSetup - ok
18:53:53.0021 0x0894 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
18:53:53.0067 0x0894 NDIS - ok
18:53:53.0106 0x0894 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
18:53:53.0134 0x0894 NdisCap - ok
18:53:53.0171 0x0894 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
18:53:53.0195 0x0894 NdisImPlatform - ok
18:53:53.0218 0x0894 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:53:53.0277 0x0894 NdisTapi - ok
18:53:53.0314 0x0894 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:53:53.0358 0x0894 Ndisuio - ok
18:53:53.0390 0x0894 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
18:53:53.0419 0x0894 NdisVirtualBus - ok
18:53:53.0443 0x0894 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:53:53.0479 0x0894 NdisWan - ok
18:53:53.0487 0x0894 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:53:53.0506 0x0894 NdisWanLegacy - ok
18:53:53.0525 0x0894 [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:53:53.0552 0x0894 NDProxy - ok
18:53:53.0596 0x0894 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
18:53:53.0667 0x0894 Ndu - ok
18:53:53.0700 0x0894 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:53:53.0729 0x0894 NetBIOS - ok
18:53:53.0753 0x0894 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:53:53.0827 0x0894 NetBT - ok
18:53:53.0846 0x0894 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
18:53:53.0858 0x0894 Netlogon - ok
18:53:53.0900 0x0894 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
18:53:53.0936 0x0894 Netman - ok
18:53:53.0989 0x0894 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
18:53:54.0016 0x0894 netprofm - ok
18:53:54.0066 0x0894 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:53:54.0091 0x0894 NetTcpPortSharing - ok
18:53:54.0118 0x0894 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
18:53:54.0209 0x0894 netvsc - ok
18:53:54.0241 0x0894 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
18:53:54.0289 0x0894 NlaSvc - ok
18:53:54.0325 0x0894 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:53:54.0349 0x0894 Npfs - ok
18:53:54.0377 0x0894 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
18:53:54.0421 0x0894 npsvctrig - ok
18:53:54.0452 0x0894 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
18:53:54.0493 0x0894 nsi - ok
18:53:54.0524 0x0894 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
18:53:54.0550 0x0894 nsiproxy - ok
18:53:54.0654 0x0894 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:53:54.0736 0x0894 Ntfs - ok
18:53:54.0783 0x0894 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
18:53:54.0805 0x0894 Null - ok
18:53:55.0214 0x0894 [ E71E299FF15390E585BACF2C18F55078, 7A51D989DA55349B1761839DEAFD593B6E6F88C433B132E7B027467E050FBA67 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
18:53:55.0580 0x0894 nvlddmkm - ok
18:53:55.0615 0x0894 [ FCC3A3F875C8CF258F71BE2F2CAA2355, BD174C47329F0A15D821E51997E4CDAA68FB9BFD72A89A2F2A85A8603625EB18 ] nvpciflt C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
18:53:55.0622 0x0894 nvpciflt - ok
18:53:55.0654 0x0894 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
18:53:55.0668 0x0894 nvraid - ok
18:53:55.0687 0x0894 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
18:53:55.0701 0x0894 nvstor - ok
18:53:55.0761 0x0894 [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
18:53:55.0793 0x0894 nvsvc - ok
18:53:55.0936 0x0894 [ C63E582366EAD77978BFFD959A66DBB8, BBAC11300AFED29291A08EEC8A740DA67C8C003AF89D06F9E0671CCF0E7908A0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:53:55.0978 0x0894 nvUpdatusService - ok
18:53:56.0022 0x0894 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
18:53:56.0035 0x0894 nv_agp - ok
18:53:56.0119 0x0894 [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:53:56.0138 0x0894 odserv - ok
18:53:56.0163 0x0894 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:53:56.0172 0x0894 ose - ok
18:53:56.0237 0x0894 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
18:53:56.0295 0x0894 p2pimsvc - ok
18:53:56.0333 0x0894 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
18:53:56.0382 0x0894 p2psvc - ok
18:53:56.0422 0x0894 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
18:53:56.0435 0x0894 Parport - ok
18:53:56.0469 0x0894 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
18:53:56.0481 0x0894 partmgr - ok
18:53:56.0533 0x0894 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
18:53:56.0568 0x0894 PcaSvc - ok
18:53:56.0612 0x0894 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
18:53:56.0630 0x0894 pci - ok
18:53:56.0645 0x0894 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
18:53:56.0655 0x0894 pciide - ok
18:53:56.0672 0x0894 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
18:53:56.0686 0x0894 pcmcia - ok
18:53:56.0700 0x0894 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
18:53:56.0711 0x0894 pcw - ok
18:53:56.0739 0x0894 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
18:53:56.0751 0x0894 pdc - ok
18:53:56.0811 0x0894 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
18:53:56.0903 0x0894 PEAUTH - ok
18:53:56.0975 0x0894 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
18:53:57.0043 0x0894 PerfHost - ok
18:53:57.0053 0x0894 pfc - ok
18:53:57.0136 0x0894 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
18:53:57.0190 0x0894 pla - ok
18:53:57.0230 0x0894 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
18:53:57.0245 0x0894 PlugPlay - ok
18:53:57.0283 0x0894 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
18:53:57.0318 0x0894 PNRPAutoReg - ok
18:53:57.0357 0x0894 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
18:53:57.0378 0x0894 PNRPsvc - ok
18:53:57.0434 0x0894 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
18:53:57.0467 0x0894 PolicyAgent - ok
18:53:57.0494 0x0894 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
18:53:57.0531 0x0894 Power - ok
18:53:57.0709 0x0894 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:53:57.0838 0x0894 PrintNotify - ok
18:53:57.0882 0x0894 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
18:53:57.0908 0x0894 Processor - ok
18:53:57.0942 0x0894 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
18:53:58.0003 0x0894 ProfSvc - ok
18:53:58.0035 0x0894 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
18:53:58.0050 0x0894 Psched - ok
18:53:58.0094 0x0894 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
18:53:58.0133 0x0894 QWAVE - ok
18:53:58.0157 0x0894 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
18:53:58.0178 0x0894 QWAVEdrv - ok
18:53:58.0203 0x0894 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:53:58.0227 0x0894 RasAcd - ok
18:53:58.0268 0x0894 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:53:58.0283 0x0894 RasAuto - ok
18:53:58.0320 0x0894 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:53:58.0376 0x0894 RasMan - ok
18:53:58.0419 0x0894 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:53:58.0448 0x0894 RasPppoe - ok
18:53:58.0482 0x0894 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:53:58.0644 0x0894 rdbss - ok
18:53:58.0681 0x0894 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
18:53:58.0731 0x0894 rdpbus - ok
18:53:58.0753 0x0894 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
18:53:58.0850 0x0894 RDPDR - ok
18:53:58.0885 0x0894 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:53:58.0895 0x0894 RdpVideoMiniport - ok
18:53:58.0948 0x0894 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
18:53:58.0969 0x0894 rdyboost - ok
18:53:59.0076 0x0894 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
18:53:59.0119 0x0894 ReFS - ok
18:53:59.0161 0x0894 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:53:59.0178 0x0894 RemoteAccess - ok
18:53:59.0212 0x0894 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:53:59.0249 0x0894 RemoteRegistry - ok
18:53:59.0286 0x0894 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
18:53:59.0324 0x0894 RpcEptMapper - ok
18:53:59.0377 0x0894 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
18:53:59.0424 0x0894 RpcLocator - ok
18:53:59.0491 0x0894 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:53:59.0526 0x0894 RpcSs - ok
18:53:59.0569 0x0894 [ C9C5BEF303759B932F48164F3A23DF2C, 85213F1D9E01E81254496CE8C7104AAE803CFCEC67F346FE2A2801EC713F5455 ] RSBASTOR C:\WINDOWS\system32\DRIVERS\RtsBaStor.sys
18:53:59.0591 0x0894 RSBASTOR - ok
18:53:59.0623 0x0894 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:53:59.0664 0x0894 rspndr - ok
18:53:59.0715 0x0894 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
18:53:59.0763 0x0894 RTL8168 - ok
18:53:59.0788 0x0894 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
18:53:59.0816 0x0894 s3cap - ok
18:53:59.0847 0x0894 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
18:53:59.0861 0x0894 SamSs - ok
18:53:59.0899 0x0894 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
18:53:59.0912 0x0894 sbp2port - ok
18:53:59.0956 0x0894 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
18:53:59.0988 0x0894 SCardSvr - ok
18:54:00.0023 0x0894 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
18:54:00.0058 0x0894 ScDeviceEnum - ok
18:54:00.0078 0x0894 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
18:54:00.0108 0x0894 scfilter - ok
18:54:00.0179 0x0894 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:54:00.0263 0x0894 Schedule - ok
18:54:00.0349 0x0894 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
18:54:00.0380 0x0894 SCPolicySvc - ok
18:54:00.0429 0x0894 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
18:54:00.0446 0x0894 sdbus - ok
18:54:00.0484 0x0894 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
18:54:00.0496 0x0894 sdstor - ok
18:54:00.0524 0x0894 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
18:54:00.0572 0x0894 secdrv - ok
18:54:00.0640 0x0894 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
18:54:00.0666 0x0894 seclogon - ok
18:54:00.0696 0x0894 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
18:54:00.0711 0x0894 SENS - ok
18:54:00.0754 0x0894 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
18:54:00.0845 0x0894 SensrSvc - ok
18:54:00.0926 0x0894 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
18:54:00.0937 0x0894 SerCx - ok
18:54:00.0961 0x0894 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
18:54:00.0976 0x0894 SerCx2 - ok
18:54:00.0988 0x0894 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
18:54:01.0000 0x0894 Serenum - ok
18:54:01.0017 0x0894 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
18:54:01.0039 0x0894 Serial - ok
18:54:01.0100 0x0894 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
18:54:01.0124 0x0894 sermouse - ok
18:54:01.0174 0x0894 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
18:54:01.0233 0x0894 SessionEnv - ok
18:54:01.0284 0x0894 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
18:54:01.0308 0x0894 sfloppy - ok
18:54:01.0360 0x0894 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:54:01.0393 0x0894 SharedAccess - ok
18:54:01.0432 0x0894 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:54:01.0489 0x0894 ShellHWDetection - ok
18:54:01.0522 0x0894 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
18:54:01.0536 0x0894 SiSRaid2 - ok
18:54:01.0555 0x0894 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
18:54:01.0572 0x0894 SiSRaid4 - ok
18:54:01.0603 0x0894 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
18:54:01.0618 0x0894 smphost - ok
18:54:01.0654 0x0894 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
18:54:01.0685 0x0894 SNMPTRAP - ok
18:54:01.0727 0x0894 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
18:54:01.0753 0x0894 spaceport - ok
18:54:01.0772 0x0894 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
18:54:01.0787 0x0894 SpbCx - ok
18:54:01.0864 0x0894 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\WINDOWS\System32\spoolsv.exe
18:54:01.0936 0x0894 Spooler - ok
18:54:02.0171 0x0894 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
18:54:02.0405 0x0894 sppsvc - ok
18:54:02.0452 0x0894 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:54:02.0596 0x0894 srv - ok
18:54:02.0646 0x0894 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
18:54:02.0707 0x0894 srv2 - ok
18:54:02.0755 0x0894 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
18:54:02.0824 0x0894 srvnet - ok
18:54:02.0867 0x0894 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:54:02.0903 0x0894 SSDPSRV - ok
18:54:02.0940 0x0894 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
18:54:02.0973 0x0894 SstpSvc - ok
18:54:03.0013 0x0894 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
18:54:03.0025 0x0894 ssudmdm - ok
18:54:03.0078 0x0894 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
18:54:03.0089 0x0894 stexstor - ok
18:54:03.0141 0x0894 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
18:54:03.0227 0x0894 stisvc - ok
18:54:03.0248 0x0894 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
18:54:03.0260 0x0894 storahci - ok
18:54:03.0281 0x0894 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
18:54:03.0292 0x0894 storflt - ok
18:54:03.0308 0x0894 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
18:54:03.0319 0x0894 stornvme - ok
18:54:03.0355 0x0894 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
18:54:03.0420 0x0894 StorSvc - ok
18:54:03.0449 0x0894 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
18:54:03.0460 0x0894 storvsc - ok
18:54:03.0488 0x0894 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
18:54:03.0508 0x0894 svsvc - ok
18:54:03.0542 0x0894 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
18:54:03.0552 0x0894 swenum - ok
18:54:03.0598 0x0894 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
18:54:03.0640 0x0894 swprv - ok
18:54:03.0721 0x0894 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
18:54:03.0832 0x0894 SysMain - ok
18:54:03.0878 0x0894 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
18:54:03.0964 0x0894 SystemEventsBroker - ok
18:54:03.0991 0x0894 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
18:54:04.0047 0x0894 TabletInputService - ok
18:54:04.0086 0x0894 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:54:04.0150 0x0894 TapiSrv - ok
18:54:04.0271 0x0894 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
18:54:04.0361 0x0894 Tcpip - ok
18:54:04.0430 0x0894 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:54:04.0518 0x0894 TCPIP6 - ok
18:54:04.0548 0x0894 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
18:54:04.0629 0x0894 tcpipreg - ok
18:54:04.0667 0x0894 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
18:54:04.0698 0x0894 tdx - ok
18:54:04.0726 0x0894 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
18:54:04.0736 0x0894 terminpt - ok
18:54:04.0805 0x0894 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
18:54:04.0848 0x0894 TermService - ok
18:54:04.0886 0x0894 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
18:54:04.0899 0x0894 Themes - ok
18:54:04.0937 0x0894 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
18:54:04.0955 0x0894 THREADORDER - ok
18:54:04.0981 0x0894 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
18:54:05.0052 0x0894 TimeBroker - ok
18:54:05.0070 0x0894 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
18:54:05.0087 0x0894 TPM - ok
18:54:05.0124 0x0894 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
18:54:05.0140 0x0894 TrkWks - ok
18:54:05.0194 0x0894 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
18:54:05.0255 0x0894 TrustedInstaller - ok
18:54:05.0275 0x0894 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
18:54:05.0365 0x0894 TsUsbFlt - ok
18:54:05.0396 0x0894 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
18:54:05.0447 0x0894 TsUsbGD - ok
18:54:05.0470 0x0894 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
18:54:05.0504 0x0894 tunnel - ok
18:54:05.0537 0x0894 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
18:54:05.0549 0x0894 uagp35 - ok
18:54:05.0573 0x0894 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
18:54:05.0585 0x0894 UASPStor - ok
18:54:05.0629 0x0894 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
18:54:05.0647 0x0894 UCX01000 - ok
18:54:05.0679 0x0894 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
18:54:05.0715 0x0894 udfs - ok
18:54:05.0734 0x0894 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
18:54:05.0745 0x0894 UEFI - ok
18:54:05.0789 0x0894 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
18:54:05.0829 0x0894 UI0Detect - ok
18:54:05.0890 0x0894 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
18:54:05.0901 0x0894 uliagpkx - ok
18:54:05.0921 0x0894 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
18:54:05.0933 0x0894 umbus - ok
18:54:05.0946 0x0894 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
18:54:06.0004 0x0894 UmPass - ok
18:54:06.0047 0x0894 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
18:54:06.0131 0x0894 UmRdpService - ok
18:54:06.0272 0x0894 [ E1A119AD21F5AFE22EB516C549306D3D, 48769D5E7A78B7A2C00F1F6798AC133CF3E0B2C76F71D3719BD741DDD8F2D229 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:54:06.0289 0x0894 UNS - ok
18:54:06.0338 0x0894 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:54:06.0363 0x0894 upnphost - ok
18:54:06.0399 0x0894 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
18:54:06.0413 0x0894 usbccgp - ok
18:54:06.0451 0x0894 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
18:54:06.0478 0x0894 usbcir - ok
18:54:06.0499 0x0894 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
18:54:06.0511 0x0894 usbehci - ok
18:54:06.0543 0x0894 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
18:54:06.0566 0x0894 usbhub - ok
18:54:06.0605 0x0894 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
18:54:06.0629 0x0894 USBHUB3 - ok
18:54:06.0692 0x0894 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
18:54:06.0897 0x0894 usbohci - ok
18:54:06.0928 0x0894 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
18:54:06.0987 0x0894 usbprint - ok
18:54:07.0017 0x0894 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
18:54:07.0031 0x0894 USBSTOR - ok
18:54:07.0053 0x0894 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
18:54:07.0090 0x0894 usbuhci - ok
18:54:07.0126 0x0894 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
18:54:07.0151 0x0894 usbvideo - ok
18:54:07.0183 0x0894 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
18:54:07.0202 0x0894 USBXHCI - ok
18:54:07.0213 0x0894 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
18:54:07.0224 0x0894 VaultSvc - ok
18:54:07.0252 0x0894 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
18:54:07.0262 0x0894 vdrvroot - ok
18:54:07.0333 0x0894 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
18:54:07.0389 0x0894 vds - ok
18:54:07.0414 0x0894 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
18:54:07.0429 0x0894 VerifierExt - ok
18:54:07.0459 0x0894 [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
18:54:07.0486 0x0894 vhdmp - ok
18:54:07.0516 0x0894 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
18:54:07.0526 0x0894 viaide - ok
18:54:07.0550 0x0894 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
18:54:07.0562 0x0894 vmbus - ok
18:54:07.0582 0x0894 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
18:54:07.0608 0x0894 VMBusHID - ok
18:54:07.0653 0x0894 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
18:54:07.0678 0x0894 vmicguestinterface - ok
18:54:07.0696 0x0894 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
18:54:07.0721 0x0894 vmicheartbeat - ok
18:54:07.0737 0x0894 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
18:54:07.0762 0x0894 vmickvpexchange - ok
18:54:07.0779 0x0894 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
18:54:07.0804 0x0894 vmicrdv - ok
18:54:07.0822 0x0894 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
18:54:07.0848 0x0894 vmicshutdown - ok
18:54:07.0865 0x0894 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
18:54:07.0890 0x0894 vmictimesync - ok
18:54:07.0907 0x0894 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
18:54:07.0932 0x0894 vmicvss - ok
18:54:07.0952 0x0894 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
18:54:07.0963 0x0894 volmgr - ok
18:54:07.0985 0x0894 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
18:54:08.0011 0x0894 volmgrx - ok
18:54:08.0051 0x0894 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
18:54:08.0069 0x0894 volsnap - ok
18:54:08.0100 0x0894 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
18:54:08.0112 0x0894 vpci - ok
18:54:08.0132 0x0894 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
18:54:08.0147 0x0894 vsmraid - ok
18:54:08.0232 0x0894 [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS C:\WINDOWS\system32\vssvc.exe
18:54:08.0300 0x0894 VSS - ok
18:54:08.0327 0x0894 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
18:54:08.0347 0x0894 VSTXRAID - ok
18:54:08.0402 0x0894 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
18:54:08.0472 0x0894 vwifibus - ok
18:54:08.0500 0x0894 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
18:54:08.0548 0x0894 vwififlt - ok
18:54:08.0566 0x0894 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
18:54:08.0589 0x0894 vwifimp - ok
18:54:08.0623 0x0894 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
18:54:08.0699 0x0894 W32Time - ok
18:54:08.0733 0x0894 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
18:54:08.0744 0x0894 WacomPen - ok
18:54:08.0832 0x0894 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
18:54:08.0916 0x0894 wbengine - ok
18:54:08.0956 0x0894 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
18:54:09.0002 0x0894 WbioSrvc - ok
18:54:09.0028 0x0894 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
18:54:09.0049 0x0894 Wcmsvc - ok
18:54:09.0101 0x0894 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
18:54:09.0125 0x0894 wcncsvc - ok
18:54:09.0162 0x0894 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
18:54:09.0218 0x0894 WcsPlugInService - ok
18:54:09.0258 0x0894 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
18:54:09.0269 0x0894 WdBoot - ok
18:54:09.0319 0x0894 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
18:54:09.0351 0x0894 Wdf01000 - ok
18:54:09.0377 0x0894 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
18:54:09.0395 0x0894 WdFilter - ok
18:54:09.0429 0x0894 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
18:54:09.0458 0x0894 WdiServiceHost - ok
18:54:09.0463 0x0894 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
18:54:09.0479 0x0894 WdiSystemHost - ok
18:54:09.0503 0x0894 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
18:54:09.0516 0x0894 WdNisDrv - ok
18:54:09.0535 0x0894 WdNisSvc - ok
18:54:09.0567 0x0894 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\WINDOWS\System32\webclnt.dll
18:54:09.0616 0x0894 WebClient - ok
18:54:09.0649 0x0894 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
18:54:09.0682 0x0894 Wecsvc - ok
18:54:09.0719 0x0894 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
18:54:09.0797 0x0894 WEPHOSTSVC - ok
18:54:09.0826 0x0894 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
18:54:09.0909 0x0894 wercplsupport - ok
18:54:09.0952 0x0894 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
18:54:09.0998 0x0894 WerSvc - ok
18:54:10.0032 0x0894 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
18:54:10.0046 0x0894 WFPLWFS - ok
18:54:10.0084 0x0894 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
18:54:10.0114 0x0894 WiaRpc - ok
18:54:10.0133 0x0894 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
18:54:10.0144 0x0894 WIMMount - ok
18:54:10.0147 0x0894 WinDefend - ok
18:54:10.0196 0x0894 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
18:54:10.0233 0x0894 WinHttpAutoProxySvc - ok
18:54:10.0294 0x0894 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:54:10.0347 0x0894 Winmgmt - ok
18:54:10.0456 0x0894 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:54:10.0565 0x0894 WinRM - ok
18:54:10.0611 0x0894 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys
18:54:10.0641 0x0894 WinUsb - ok
18:54:10.0729 0x0894 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
18:54:10.0808 0x0894 WlanSvc - ok
18:54:10.0954 0x0894 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
18:54:11.0009 0x0894 wlidsvc - ok
18:54:11.0033 0x0894 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
18:54:11.0062 0x0894 WmiAcpi - ok
18:54:11.0100 0x0894 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
18:54:11.0129 0x0894 wmiApSrv - ok
18:54:11.0160 0x0894 WMPNetworkSvc - ok
18:54:11.0196 0x0894 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
18:54:11.0212 0x0894 Wof - ok
18:54:11.0303 0x0894 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
18:54:11.0418 0x0894 workfolderssvc - ok
18:54:11.0456 0x0894 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
18:54:11.0467 0x0894 wpcfltr - ok
18:54:11.0501 0x0894 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
18:54:11.0553 0x0894 WPCSvc - ok
18:54:11.0591 0x0894 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
18:54:11.0647 0x0894 WPDBusEnum - ok
18:54:11.0681 0x0894 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:54:11.0691 0x0894 WpdUpFltr - ok
18:54:11.0723 0x0894 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:54:11.0748 0x0894 ws2ifsl - ok
18:54:11.0784 0x0894 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
18:54:11.0852 0x0894 wscsvc - ok
18:54:11.0856 0x0894 WSearch - ok
18:54:11.0989 0x0894 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
18:54:12.0113 0x0894 WSService - ok
18:54:12.0254 0x0894 [ 3F726FF7B1ACC7D5E89940EA5BFF0E61, DF84486870C677B30985005A909CFDF8446BD566F601A295FF29F258E1D1AFF4 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
18:54:12.0398 0x0894 wuauserv - ok
18:54:12.0443 0x0894 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
18:54:12.0499 0x0894 WudfPf - ok
18:54:12.0525 0x0894 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
18:54:12.0552 0x0894 WUDFRd - ok
18:54:12.0561 0x0894 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\System32\drivers\WUDFRd.sys
18:54:12.0577 0x0894 WUDFSensorLP - ok
18:54:12.0611 0x0894 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
18:54:12.0642 0x0894 wudfsvc - ok
18:54:12.0652 0x0894 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
18:54:12.0668 0x0894 WUDFWpdFs - ok
18:54:12.0677 0x0894 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
18:54:12.0693 0x0894 WUDFWpdMtp - ok
18:54:12.0734 0x0894 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
18:54:12.0776 0x0894 WwanSvc - ok
18:54:12.0787 0x0894 ================ Scan global ===============================
18:54:12.0832 0x0894 [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
18:54:12.0869 0x0894 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
18:54:12.0905 0x0894 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
18:54:12.0945 0x0894 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
18:54:12.0955 0x0894 [ Global ] - ok
18:54:12.0955 0x0894 ================ Scan MBR ==================================
18:54:12.0963 0x0894 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:54:13.0027 0x0894 \Device\Harddisk0\DR0 - ok
18:54:13.0028 0x0894 ================ Scan VBR ==================================
18:54:13.0059 0x0894 [ DDC29BA4EF4D1FA0CAD995648C787812 ] \Device\Harddisk0\DR0\Partition1
18:54:13.0119 0x0894 \Device\Harddisk0\DR0\Partition1 - ok
18:54:13.0136 0x0894 [ F344480E5EA24526200E7E1602077340 ] \Device\Harddisk0\DR0\Partition2
18:54:13.0205 0x0894 \Device\Harddisk0\DR0\Partition2 - ok
18:54:13.0216 0x0894 [ 66FAA80B9274EE79831AFC0B93D4E7DB ] \Device\Harddisk0\DR0\Partition3
18:54:13.0216 0x0894 \Device\Harddisk0\DR0\Partition3 - ok
18:54:13.0223 0x0894 [ 519366CC092273A6085FA13139766911 ] \Device\Harddisk0\DR0\Partition4
18:54:13.0294 0x0894 \Device\Harddisk0\DR0\Partition4 - ok
18:54:13.0308 0x0894 [ EE56D18186C6A6091388A2544A6795FB ] \Device\Harddisk0\DR0\Partition5
18:54:13.0362 0x0894 \Device\Harddisk0\DR0\Partition5 - ok
18:54:13.0369 0x0894 [ AA99F6A4F0CFA3A56A283B4D7D5BB4EF ] \Device\Harddisk0\DR0\Partition6
18:54:13.0379 0x0894 \Device\Harddisk0\DR0\Partition6 - ok
18:54:13.0403 0x0894 [ 17590303ABE1D5D04DB6D34865D12651 ] \Device\Harddisk0\DR0\Partition7
18:54:13.0421 0x0894 \Device\Harddisk0\DR0\Partition7 - ok
18:54:13.0421 0x0894 ================ Scan generic autorun ======================
18:54:13.0907 0x0894 [ 9AC062437035B077C0F3B1BD738EC82A, DAC42AA903C3A6F7CB196D3D738FFDDADC8BD2138F0703F1DB035337540D53B7 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:54:14.0236 0x0894 RTHDVCPL - ok
18:54:14.0338 0x0894 [ B7BCA8A30CE13A283CDBDECEF5616C39, C734A8C3633653E0C903E7F14F574DEED763613F9E6A5CE7862D547CAE9AEDDB ] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
18:54:14.0353 0x0894 ACMON - ok
18:54:14.0385 0x0894 [ 28062B17191C9450BF6C6C3EF8C7EB27, 4859C5708DFD119021F7B7FFB38F0B316675E1E4D5D51A10D4265F712CF8CDB6 ] C:\WINDOWS\system32\igfxtray.exe
18:54:14.0397 0x0894 IgfxTray - ok
18:54:14.0410 0x0894 [ 28FC280487F0BAAE5E8119257C4EEF8C, F574BC70B79B77912FC683B3EB0BE6929E7758284ED5B47008E18B0E4A4A09FD ] C:\WINDOWS\system32\hkcmd.exe
18:54:14.0428 0x0894 HotKeysCmds - ok
18:54:14.0465 0x0894 [ F29BEA821C753E4F00177690F70CDC13, 0EDB40F4A4C23553C0288E6E3AD65E7B523F6764C87C6C36C3ECB0C1940C5176 ] C:\WINDOWS\system32\igfxpers.exe
18:54:14.0483 0x0894 Persistence - ok
18:54:14.0492 0x0894 Adobe Reader Speed Launcher - ok
18:54:14.0546 0x0894 [ B7995C675014EEBE77A0BEB7AFCCFC08, 41D186C63273301CF0A1C1EE7B6EB0BB75A251DD441532C5CEB7A4095FB103CD ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
18:54:14.0554 0x0894 RemoteControl10 - ok
18:54:14.0730 0x0894 [ FF3ADE2620DD221C3E011DC614EA71EF, 572A0D40E30A1F8B2121B5B4AE9B46301CEF0E370318EAF1F8FC7916DE7470F2 ] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe
18:54:14.0834 0x0894 ASUSWebStorage - ok
18:54:14.0917 0x0894 [ 27F8A7A78773427E5D931628F89D6839, 61A312590322109BEA9EA70345E6FB40435D9BACE2B9CFF3ADF68C7B3D6FA163 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
18:54:14.0944 0x0894 avgnt - ok
18:54:15.0005 0x0894 [ 2199723879C9F75A709680E2935C052F, DDD5B5CC86463284D9137372CB8541D1258AC020EA811F1AD3735809F314B086 ] C:\Program Files (x86)\PDF24\pdf24.exe
18:54:15.0026 0x0894 PDFPrint - ok
18:54:15.0074 0x0894 [ F5060B034D37EA26D325A4319806E202, D43ACE85421DB29A6B6E8080D838152AB3858F83C2B373731945460E217C7D9F ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
18:54:15.0083 0x0894 Avira SystrayStartTrigger - ok
18:54:15.0138 0x0894 [ 369993D4B8C009393A2F9BCBB7BD2587, DD9FBF8C32BB3A29F7062BABA23B84FB9F7395A4AB3FB7001071154CDE92F7D5 ] C:\Program Files (x86)\Windows Mail\wab.exe
18:54:15.0214 0x0894 WAB Migrate - ok
18:54:15.0215 0x0894 Waiting for KSN requests completion. In queue: 136
18:54:16.0216 0x0894 Waiting for KSN requests completion. In queue: 136
18:54:17.0216 0x0894 Waiting for KSN requests completion. In queue: 136
18:54:18.0228 0x0894 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.12.420 ), 0x41000 ( enabled : updated )
18:54:18.0254 0x0894 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
18:54:18.0257 0x0894 Win FW state via NFP2: enabled ( trusted )
18:54:20.0639 0x0894 ============================================================
18:54:20.0639 0x0894 Scan finished
18:54:20.0639 0x0894 ============================================================
18:54:20.0648 0x11ac Detected object count: 0
18:54:20.0648 0x11ac Actual detected object count: 0
|
|
06.10.2015, 16:33
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot sehe ich auch nix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.10.2015, 20:20
| #12 |
| | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot Auch gut. Fragt sich nur, was die Telekom da festgestellt hat. Ich bedanke mich auf jeden Fall für die Hilfe! |
|
07.10.2015, 17:58
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot Naja, ca 30% der Meldungen der Telekom sind Falschmeldungen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot |
| antivir, antivirus, avira, defender, dnsapi.dll, e-mail, excel, failed, firefox, flash player, helper, home, mozilla, popup, prozesse, realtek, registry, rundll, secur, server, services.exe, software, svchost.exe, system, udp, windows |
Linear-Darstellung
