| |
| |||||||
Log-Analyse und Auswertung: Viele Mail Delivery System Mails, auch aus meinem AdressbuchWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.11.2015, 22:38
| #1 |
| |  Viele Mail Delivery System Mails, auch aus meinem Adressbuch Hallo TB Team. Ich bekomme sehr viele Mail Delivery System Mails. Diese sind zum teil auch aus meinem Adressbuch. Bin mir sicher das mein Mailkonto gehackt wurde, vor einigen Wochen hatte ich das Problem schon einmal, habe dann mein Passwort geändert und dann war auch alles gut. Jetzt fängt es wieder an. Was mir dabei die größten Sorgen macht ist wie mein Passwort so schnell schon wieder gehackt wurde (falls dem so ist)? Antivir hat nichts gefunden. Ich bitte euch um Hilfe LG |
|
20.11.2015, 07:25
| #2 |
| /// the machine /// TB-Ausbilder    |  Viele Mail Delivery System Mails, auch aus meinem Adressbuch hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.11.2015, 17:31
| #3 |
| | Viele Mail Delivery System Mails, auch aus meinem AdressbuchCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:19-11-2015
durchgeführt von Marco (Administrator) auf SEL9000 (20-11-2015 17:25:24)
Gestartet von C:\Users\Marco\Downloads
Geladene Profile: Marco (Verfügbare Profile: Marco & Administrator)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
() C:\Program Files (x86)\PHotkey\KeyboardMonitorTool.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
() C:\Program Files (x86)\PHotkey\Dolbyosd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(1&1 Mail & Media GmbH) C:\Program Files\WindowsApps\4659BB81.GMXMail_1.14.9.0_x64__9r8rjdwa12808\WindowsMailApp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1389936 2014-07-14] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893600 2014-08-07] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [788176 2015-11-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4094503356-1156269335-3790758280-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> D:\Install\matrix.scr [92214 2007-07-20] ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C30E101F-9A34-48D3-BCB7-3591DBCB3FC6}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-4094503356-1156269335-3790758280-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4094503356-1156269335-3790758280-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.1 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-06-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-06-17] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-18] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
Chrome:
=======
CHR Profile: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-18]
CHR Extension: (Google Docs) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-18]
CHR Extension: (Google Drive) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
CHR Extension: (YouTube) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-18]
CHR Extension: (Google-Suche) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Google Tabellen) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-18]
CHR Extension: (Google Mail) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-18]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [936544 2015-11-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-11-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-11-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1105952 2015-11-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101152 2014-05-28] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [168216 2013-09-29] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 PGFNEXSrv; C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe [136192 2014-03-04] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-09-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-23] (Avira Operations GmbH & Co. KG)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDHIDUSB; C:\Windows\system32\DRIVERS\ETDHIDUSB.sys [168736 2014-07-31] (ELAN Microelectronic Corp.)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [210376 2014-07-03] (Intel Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation )
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [32024 2013-10-04] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\UBIOS\amifldrv64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-20 17:25 - 2015-11-20 17:25 - 00015043 _____ C:\Users\Marco\Downloads\FRST.txt
2015-11-20 17:25 - 2015-11-20 17:25 - 00000000 ____D C:\FRST
2015-11-20 17:24 - 2015-11-20 17:24 - 02020352 _____ (Farbar) C:\Users\Marco\Downloads\FRST64.exe
2015-11-18 09:50 - 2015-11-18 09:50 - 00002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-18 09:50 - 2015-11-18 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-18 09:49 - 2015-11-19 22:54 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-18 09:49 - 2015-11-18 21:34 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-18 09:49 - 2015-11-18 09:50 - 00000000 ____D C:\Users\Marco\AppData\Local\Google
2015-11-18 09:49 - 2015-11-18 09:50 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-18 09:49 - 2015-11-18 09:49 - 00004096 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-18 09:49 - 2015-11-18 09:49 - 00003860 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-18 09:49 - 2015-11-18 09:49 - 00000000 ____D C:\Users\Marco\AppData\Local\Deployment
2015-11-18 09:49 - 2015-11-18 09:49 - 00000000 ____D C:\Users\Marco\AppData\Local\Apps\2.0
2015-11-12 18:40 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-12 18:40 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-12 18:40 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-12 18:40 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-12 18:40 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-12 18:40 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-12 18:40 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-12 18:40 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-12 18:40 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-12 18:40 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-12 18:40 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-12 18:40 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-12 18:40 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-12 18:40 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-12 18:40 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-12 18:40 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-12 18:40 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-12 18:40 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-12 18:40 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-12 18:39 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-12 18:39 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-12 18:39 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-12 18:39 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-12 18:39 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-12 18:39 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-12 18:39 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-12 18:39 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-12 18:39 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-12 18:39 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-12 18:39 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-12 18:39 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-12 18:39 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-12 18:39 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-12 18:39 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-12 18:39 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-12 18:39 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-12 18:39 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-12 18:39 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-12 18:39 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-12 18:39 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-12 18:39 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-12 18:39 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-12 18:39 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-12 18:39 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-12 18:39 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-12 18:39 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-12 18:39 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-12 18:39 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-12 18:39 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-12 18:39 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-12 18:39 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-12 18:39 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-12 18:39 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-12 18:39 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-12 18:39 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-12 18:39 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-12 18:39 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-12 18:39 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-12 18:39 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-12 18:38 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-12 18:38 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-10-21 12:27 - 2015-10-21 12:27 - 00000000 ____D C:\Users\Marco\AppData\Local\GWX
2015-10-21 08:35 - 2015-10-21 08:35 - 00001690 _____ C:\Users\Marco\Desktop\Microsoft Word.lnk
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-20 17:23 - 2015-09-03 23:20 - 01168753 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-20 17:10 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-20 17:10 - 2013-08-22 15:46 - 00130908 _____ C:\WINDOWS\setupact.log
2015-11-19 23:13 - 2015-09-03 23:26 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4094503356-1156269335-3790758280-1001
2015-11-18 21:34 - 2015-08-20 21:41 - 00000000 __RDO C:\Users\Marco\OneDrive
2015-11-18 21:34 - 2014-08-05 09:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-11-18 12:59 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-17 10:25 - 2015-09-06 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-15 19:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-15 19:13 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-13 14:16 - 2014-07-09 12:34 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-13 14:16 - 2014-07-09 12:34 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-13 14:16 - 2014-03-18 16:26 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-13 14:11 - 2014-03-18 09:16 - 00493656 _____ C:\WINDOWS\PFRO.log
2015-11-13 14:11 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-13 14:11 - 2013-08-22 15:44 - 00493752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-12 21:36 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-12 18:33 - 2014-08-05 08:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-03 21:01 - 2014-03-18 16:10 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-03 21:01 - 2014-03-18 15:58 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-11-03 21:01 - 2014-03-18 15:58 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-11-03 21:01 - 2014-03-18 15:58 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-11-03 21:01 - 2014-03-18 15:58 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-11-03 21:01 - 2014-03-18 15:58 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-11-03 21:01 - 2014-03-18 15:58 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-11-03 21:01 - 2014-03-18 15:58 - 00000000 ____D C:\WINDOWS\en-GB
2015-11-03 21:01 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-03 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-11-03 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-11-03 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-11-03 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-11-03 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-11-03 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-11-03 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-11-03 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-03 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-11-03 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-11-03 21:01 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-11-03 21:01 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-11-03 21:01 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\servicing
2015-11-03 21:00 - 2014-03-18 15:58 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-11-03 21:00 - 2014-03-18 15:58 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-11-03 21:00 - 2013-08-22 16:36 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-11-03 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-11-03 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2015-11-03 01:23 - 2015-09-06 01:45 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2015-09-06 01:45 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-31 14:32 - 2015-09-06 15:07 - 00000000 ____D C:\Users\Marco\AppData\Roaming\vlc
2015-10-21 08:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppCompat
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-08-05 08:17 - 2014-08-05 08:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-06 14:08 - 2015-09-06 14:08 - 0000032 _____ () C:\ProgramData\Temp.log
2014-07-09 12:41 - 2014-07-09 12:42 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log
2014-07-09 12:42 - 2014-07-09 12:42 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-07-09 12:38 - 2014-07-09 12:39 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-07-09 12:41 - 2014-07-09 12:41 - 0000111 _____ () C:\ProgramData\{44510C84-AE2A-4079-A75B-D44E68D73B9A}.log
2014-07-09 12:40 - 2014-07-09 12:40 - 0000032 _____ () C:\ProgramData\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}.log
2014-07-09 12:37 - 2014-07-09 12:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-07-09 12:40 - 2014-07-09 12:41 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2014-07-09 12:37 - 2014-07-09 12:38 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2014-07-09 12:39 - 2014-07-09 12:39 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log
Einige Dateien in TEMP:
====================
C:\Users\Marco\AppData\Local\Temp\AppLauncher.exe
C:\Users\Marco\AppData\Local\Temp\avgnt.exe
C:\Users\Marco\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Marco\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-15 19:10
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:19-11-2015
durchgeführt von Marco (2015-11-20 17:26:31)
Gestartet von C:\Users\Marco\Downloads
Windows 8.1 (X64) (2015-09-03 22:18:19)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4094503356-1156269335-3790758280-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4094503356-1156269335-3790758280-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4094503356-1156269335-3790758280-1003 - Limited - Enabled)
Marco (S-1-5-21-4094503356-1156269335-3790758280-1001 - Administrator - Enabled) => C:\Users\Marco
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.14.259 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
ELAN HID TouchPad X64 12.6.3.9_WHQL (HKLM\...\Elantech) (Version: 12.6.3.9 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3366 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.14 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0105 - Pegatron Corporation)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - InvenSense (INVN_MotionApps) Sensor (06/04/2014 84.91.1.2) (HKLM\...\D6CB2687F0490418F0E24A5B57EF9ADA8EE8A961) (Version: 06/04/2014 84.91.1.2 - InvenSense)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4094503356-1156269335-3790758280-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Wiederherstellungspunkte =========================
15-11-2015 19:10:33 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1BAA42A6-EB52-47E8-A255-98C57E843E12} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {2C6C7152-E9C5-4F9E-B34A-1C4EBCC9A0DD} - System32\Tasks\Lenovo\sysrun-13687 => C:\Users\ADMINI~1\AppData\Local\Temp\sysrun-13687.cmd <==== ACHTUNG
Task: {51BA5A78-2CE2-4B55-A442-F2DA33BE1670} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-19] (Microsoft Corporation)
Task: {60BB1EA5-0A2D-491E-8271-26DE30AB2B75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-18] (Google Inc.)
Task: {C913F4EF-4BE4-4A07-B7F4-FAB639122880} - System32\Tasks\Lenovo\sysrun-13397 => C:\Users\ADMINI~1\AppData\Local\Temp\sysrun-13397.cmd <==== ACHTUNG
Task: {D8BED518-F688-4D60-AA5B-981FA311979A} - System32\Tasks\{51EE17CC-29B8-40A2-AAE6-B0F5C97AF8F5} => pcalua.exe -a "D:\Games\Warcraft III\Warcraft III.exe" -d "D:\Games\Warcraft III"
Task: {F5233D6E-E0AA-4571-9196-972BDF567E89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-18] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-08-05 09:20 - 2014-03-04 16:58 - 00136192 _____ () C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
2014-08-05 09:20 - 2014-07-11 17:15 - 02222592 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2014-08-05 09:20 - 2010-01-12 17:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2014-08-05 09:20 - 2010-01-12 17:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2015-08-22 20:07 - 2015-08-22 20:07 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-08-05 09:20 - 2010-12-17 14:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2014-08-05 09:20 - 2014-02-21 17:19 - 08857088 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2014-08-05 09:20 - 2014-07-08 14:39 - 03006464 _____ () C:\Program Files (x86)\PHotkey\KeyboardMonitorTool.exe
2014-04-07 16:13 - 2014-04-07 16:13 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-08-05 09:20 - 2014-03-18 21:54 - 05644800 _____ () C:\Program Files (x86)\PHotkey\Dolbyosd.exe
2015-10-29 18:11 - 2015-10-29 18:11 - 05185024 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\5b635adafd557846d0d2e3a87d132130\Windows.UI.Xaml.ni.dll
2015-10-20 16:47 - 2015-10-20 16:47 - 01782272 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\f1407bb1d381cf5dee299c4e5f0fdf9d\Windows.ApplicationModel.ni.dll
2015-10-20 16:47 - 2015-10-20 16:47 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b3972424579e18e6699549ecb948c4ef\Windows.Foundation.ni.dll
2015-10-20 16:47 - 2015-10-20 16:47 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\5c9c0b89a558d0e589c254af6b1ca238\Windows.UI.ni.dll
2015-10-29 18:12 - 2015-10-29 18:12 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\1b6c35238563de0cb93d3ed0826a69a3\Windows.Globalization.ni.dll
2015-10-20 16:47 - 2015-10-20 16:47 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\eea3e743a58cb4d556fe113d6336020b\Windows.Storage.ni.dll
2015-10-20 16:48 - 2015-10-20 16:48 - 00219648 _____ () C:\Users\Marco\AppData\Local\Packages\4659BB81.GMXMail_9r8rjdwa12808\AC\Microsoft\CLR_v4.0\NativeImages\MetroLog.Platform\73c54e26c85961529ec962f5625af376\MetroLog.Platform.ni.dll
2015-10-20 16:48 - 2015-10-20 16:48 - 00411648 _____ () C:\Users\Marco\AppData\Local\Packages\4659BB81.GMXMail_9r8rjdwa12808\AC\Microsoft\CLR_v4.0\NativeImages\MetroLog\b6f1bfbae987715c71ba362db5e30c2b\MetroLog.ni.dll
2015-10-29 18:12 - 2015-10-29 18:12 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\2333488328d673bea8d60a9f2e84759c\Windows.Security.ni.dll
2015-10-20 16:47 - 2015-10-20 16:47 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\e291aa8a59dc390d0cdf99d3c6d8b6e5\Windows.Data.ni.dll
2015-10-20 16:47 - 2015-10-20 16:47 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\84819467f44d3da49aa14236af8fcc9a\Windows.Networking.ni.dll
2015-10-29 18:12 - 2015-10-29 18:12 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\5ab6059d1e922dc371685c5207f6f7a6\Windows.System.ni.dll
2015-10-20 16:47 - 2015-10-20 16:47 - 01383936 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Web\87bd4b0afae2a321640d4aba350d58a4\Windows.Web.ni.dll
2015-10-29 18:12 - 2015-10-29 18:12 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\271d406467b9db0758ea399495d00731\Windows.Devices.ni.dll
2015-10-20 16:49 - 2015-10-20 16:49 - 00028160 _____ () C:\Users\Marco\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.PerfTrack\3aa4cbea7adc836ff7968cf73ce11027\Microsoft.PerfTrack.ni.dll
2014-07-09 14:41 - 2014-07-09 14:41 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.337_x64__8wekyb3d8bbwe\SqliteWrapper.dll
2014-07-09 14:41 - 2014-07-09 14:41 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.337_x64__8wekyb3d8bbwe\Sqlite3.dll
2015-11-17 12:25 - 2015-11-17 12:26 - 00280064 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.337_x64__8wekyb3d8bbwe\Microsoft.Bing.AppEx.Telemetry.winmd
2015-10-20 16:49 - 2015-10-20 16:49 - 00117248 _____ () C:\Users\Marco\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\SqliteWrapper\696bd1d3763da57b5fd727587a8edb94\SqliteWrapper.ni.dll
2015-10-29 18:12 - 2015-10-29 18:12 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\f4031c5dbdde97cb4a0c7572cc0d1f29\Windows.Graphics.ni.dll
2014-08-05 09:20 - 2009-12-18 15:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2014-08-05 09:20 - 2013-09-17 23:23 - 00108032 _____ () C:\Program Files (x86)\PHotkey\PGFNEX.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4094503356-1156269335-3790758280-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marco\Desktop\Christmas-Wallpaper-christmas-2624845-1680-1050.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3153B440-1248-49D1-92C5-B47D986ECBAA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CEE33C9D-7863-485C-B87B-11B48714C458}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE
FirewallRules: [{0C7D5886-8A19-4003-A179-AA74C5143C8A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B82C7587-D6FC-4146-8373-8620D19F6218}] => (Allow) LPort=2869
FirewallRules: [{2BE2F770-C157-425B-B2AD-BC87C80B0712}] => (Allow) LPort=1900
FirewallRules: [{37E34E69-4C03-44A8-8B23-35E837F2B9D7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0D98C19B-B88D-48A2-8F39-16CA68821E61}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{74BC8B4E-F266-4D3F-8383-6365DD5ADB29}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3A3EB068-D486-46BF-BC4B-5B0FC3611F16}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/19/2015 09:42:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEL9000)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/19/2015 09:42:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SEL9000)
Description: Die App „microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (11/19/2015 09:41:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: cc0
Startzeit: 01d12240955f2a5c
Endzeit: 31
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: f78d1d40-8efd-11e5-82a9-303a649297de
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail
Error: (11/15/2015 07:10:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{9eab731f-f4b3-453e-bd5f-c92a2a1ada75}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (11/15/2015 00:00:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f50
Startzeit: 01d11e14edfab9c1
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 76b9a24a-8b23-11e5-82a9-303a649297de
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (11/13/2015 09:33:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17840 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17c4
Startzeit: 01d11e150d56901b
Endzeit: 171
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID: c3dd11f0-8a45-11e5-82a9-303a649297de
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/13/2015 08:39:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 194c
Startzeit: 01d11e23b49a80c8
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 38cbe2b5-8a3e-11e5-82a9-303a649297de
Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (11/13/2015 08:34:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x545042b7
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54503c4d
Ausnahmecode: 0xc000027b
Fehleroffset: 0x0000000000063c1f
ID des fehlerhaften Prozesses: 0x808
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (11/13/2015 02:23:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11dc
Startzeit: 01d11e14f2cdf27b
Endzeit: 62
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: b430ffb1-8a09-11e5-82a9-303a649297de
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail
Error: (11/03/2015 06:28:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEL9000)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (11/18/2015 09:57:38 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (11/18/2015 09:41:01 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (11/18/2015 09:41:01 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (11/17/2015 11:27:16 AM) (Source: DCOM) (EventID: 10010) (User: SEL9000)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (11/17/2015 11:27:16 AM) (Source: DCOM) (EventID: 10010) (User: SEL9000)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (11/17/2015 10:44:28 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.
Error: (11/17/2015 10:43:05 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (11/17/2015 10:43:05 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (11/17/2015 10:31:54 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (11/16/2015 11:16:06 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Prozentuale Nutzung des RAM: 53%
Installierter physikalischer RAM: 3985.47 MB
Verfügbarer physikalischer RAM: 1864.68 MB
Summe virtueller Speicher: 8081.47 MB
Verfügbarer virtueller Speicher: 5415.51 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:56.54 GB) (Free:22.14 GB) NTFS
Drive d: (Data) (Fixed) (Total:405.76 GB) (Free:296.08 GB) NTFS
Drive e: (Recover) (Fixed) (Total:60 GB) (Free:44.78 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 58.3 GB) (Disk ID: 74BF1121)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B43856D6)
Partition 1: (Not Active) - (Size=405.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
21.11.2015, 19:38
| #4 |
| /// the machine /// TB-Ausbilder | Viele Mail Delivery System Mails, auch aus meinem Adressbuch hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.11.2015, 15:18
| #5 |
| | Viele Mail Delivery System Mails, auch aus meinem Adressbuch Hallo, Malewarebytes und TDSSKiller haben beide nichts gefunden. Habe all eure angaben auf meinem Laptop ausgeführt, soll ich das ganze vielleicht auch mal auf meinem Desktop PC wiederholen? |
|
23.11.2015, 19:14
| #6 |
| /// the machine /// TB-Ausbilder | Viele Mail Delivery System Mails, auch aus meinem Adressbuch Ja bitte.
__________________ --> Viele Mail Delivery System Mails, auch aus meinem Adressbuch |
|
30.11.2015, 13:54
| #7 |
| | Viele Mail Delivery System Mails, auch aus meinem Adressbuch So, da die Untersuchung auf meinem Laptop nix gebracht hat hier nun die Überprüfung von meinem Desktop PC. FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
durchgeführt von Marco (Administrator) auf HAL9000 (30-11-2015 13:49:07)
Gestartet von C:\Users\Marco\Downloads\Neuer Ordner
Geladene Profile: Marco (Verfügbare Profile: Marco & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-10-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\matrix.scr [92214 2007-07-20] ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{98f804bc-43d7-429b-b75e-af7f246038a6}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Kein Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> Keine Datei
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll => Keine Datei
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll => Keine Datei
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3706712047-3497375799-4294627512-1000 -> hxxp://www.google.de/
FireFox:
========
FF ProfilePath: C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\81t8qDae.default
FF Homepage: user_pref("browser.startup.homepage","hxxp://search.strtpoint.com/?v=insMac&t=1411&ap=578080078");
FF SelectedSearchEngineuser_pref("browser.search.selectedEngine","Search The Web (Start Point)");: user_pref("browser.search.selectedEngine","Search The Web (Start Point)");
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename","Search The Web (Start Point)");: user_pref("browser.search.defaultenginename","Search The Web (Start Point)");
FF Keyword.URL:
FF NewTab:
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\81t8qDae.default\searchplugins\startpointkms.xml [2014-12-26]
FF Extension: Avira Browser Safety - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\81t8qDae.default\Extensions\abs@avira.com [2014-12-23] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => nicht gefunden
FF HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => nicht gefunden
Chrome:
=======
CHR Profile: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-11]
CHR Extension: (Google Docs) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-11]
CHR Extension: (YouTube) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-11]
CHR Extension: (Google-Suche) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-11]
CHR Extension: (Google Tabellen) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-11]
CHR Extension: (Avira Browserschutz) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-11]
CHR Extension: (Google Mail) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-10-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-31] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2015-11-15] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-09-07] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-10-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-10-28] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-26] (Disc Soft Ltd)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-30 13:48 - 2015-11-30 13:49 - 00000000 ____D C:\Users\Marco\Downloads\Neuer Ordner
2015-11-30 13:48 - 2015-11-30 13:49 - 00000000 ____D C:\FRST
2015-11-30 13:35 - 2015-11-30 13:35 - 00016148 _____ C:\WINDOWS\system32\HAL9000_Marco_HistoryPrediction.bin
2015-11-15 12:11 - 2015-11-15 12:11 - 00000000 ____D C:\Program Files\Google
2015-11-11 16:16 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 16:16 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 16:16 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 16:16 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 16:16 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 16:16 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 16:16 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 16:16 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 16:16 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 16:16 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 16:16 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 16:16 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 16:16 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 16:16 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 16:16 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 16:16 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 16:16 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 16:16 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 16:16 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 16:16 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 16:16 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 16:16 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 16:16 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 16:16 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 16:16 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 16:16 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 16:16 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 16:16 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-11 16:15 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 16:15 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 16:15 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 16:15 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 16:15 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 16:15 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 16:15 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 16:15 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 16:15 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 16:15 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 16:15 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 16:15 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 16:15 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 16:15 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 16:15 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 16:15 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 16:15 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 16:15 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 16:15 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 16:15 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 16:15 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 16:15 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 16:15 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 16:15 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 16:15 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-30 13:49 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-11-30 13:47 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-30 13:41 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-30 13:35 - 2015-03-11 21:05 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-26 10:09 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-26 08:33 - 2015-03-11 21:05 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-24 00:37 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-24 00:35 - 2015-09-05 17:39 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-24 00:35 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-24 00:34 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-15 12:36 - 2014-12-23 02:21 - 00000000 ____D C:\ProgramData\Origin
2015-11-15 12:25 - 2014-12-23 13:08 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-11-15 12:25 - 2014-12-23 08:01 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-11-15 12:25 - 2014-12-23 08:01 - 00280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-11-15 12:20 - 2015-01-26 22:54 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-15 12:11 - 2015-03-11 21:05 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-15 11:52 - 2014-12-23 02:21 - 00000000 ____D C:\Program Files (x86)\Origin
2015-11-12 09:37 - 2015-04-22 22:05 - 00000000 ____D C:\Users\Marco\Desktop\Neuer Ordner (2)
2015-11-11 17:18 - 2015-01-05 04:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 17:17 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 11:45 - 2015-02-15 19:24 - 00000000 ____D C:\Users\Marco\Desktop\ebay
2015-11-10 09:09 - 2014-12-23 01:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-10 09:08 - 2015-08-30 23:59 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-09 11:27 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-08 23:07 - 2015-08-31 22:24 - 00000000 ____D C:\Users\Marco\AppData\Local\Comms
2015-11-08 22:31 - 2015-08-31 00:01 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-08 22:31 - 2015-07-10 17:34 - 00883662 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-08 22:31 - 2015-07-10 17:34 - 00195796 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-03 19:20 - 2015-07-10 12:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 19:20 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-12-23 02:49 - 2015-04-26 21:36 - 0049652 _____ () C:\ProgramData\hpzinstall.log
Einige Dateien in TEMP:
====================
C:\Users\Marco\AppData\Local\Temp\avgnt.exe
C:\Users\Marco\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Marco\AppData\Local\Temp\drm_dyndata_7410004.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-24 00:49
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von Marco (2015-11-30 13:50:17)
Gestartet von C:\Users\Marco\Downloads\Neuer Ordner
Windows 10 Home (X64) (2015-08-31 07:41:35)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3706712047-3497375799-4294627512-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3706712047-3497375799-4294627512-503 - Limited - Disabled)
Gast (S-1-5-21-3706712047-3497375799-4294627512-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3706712047-3497375799-4294627512-1002 - Limited - Enabled)
Marco (S-1-5-21-3706712047-3497375799-4294627512-1000 - Administrator - Enabled) => C:\Users\Marco
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ACP Application (Version: 2.15.30.0019 - Advanced Micro Devices, Inc.) Hidden
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{d6a7cfcc-1f1c-4638-8f9e-0f184696fcdb}) (Version: 1.1.48.9049 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Betsson Tournament Director's Poker Clock (HKLM-x32\...\Betsson Tournament Director's Poker Clock) (Version: - )
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG5600 series Benutzerregistrierung (HKLM-x32\...\Canon MG5600 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG5600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5600_series) (Version: 1.00 - Canon Inc.)
Canon MG5600 series On-screen Manual (HKLM-x32\...\Canon MG5600 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Deaktivierungs-Add-on für Browser von Google Analytics (HKLM\...\{9F540EA8-086E-4D53-B845-A06E6903DED6}) (Version: 0.9.6.0 - Google Inc.)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301031}) (Version: 7.02.9753 - Nero AG)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PowerLine Utility (HKLM-x32\...\{A0384ECE-2017-4EA8-86C7-513ACB936BDF}) (Version: 1.1.830 - TP-LINK)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3706712047-3497375799-4294627512-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Marco\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
08-11-2015 23:37:03 Windows Update
16-11-2015 14:34:24 Windows Update
16-11-2015 14:36:03 Windows Update
24-11-2015 00:50:05 Windows Update
30-11-2015 13:47:27 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0061E6F0-EF0D-4558-B7A5-DE29129CB690} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {0381A576-19F1-488C-8241-F89FA5798F70} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0604F8B3-2CD1-4E0E-B77C-ECB12CA39529} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {096F1A4D-ACA9-42FA-AE30-9AB46C562595} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {0DC34098-0060-4388-AA34-4D9D58169CDC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {19100C3E-AAE0-47B3-9DCD-841006E9447A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {1915678B-CE85-45B4-8584-C0E0173CB3C7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2555682D-19EF-4310-A605-5364606DBCB0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {25E9730D-A3F6-4AD7-BAB3-94B0BF588A79} - System32\Tasks\{AC739AA6-64ED-4BB7-815C-7F5C2ADFFBA2} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.8.0.102/de/abandoninstall?source=lightinstaller&page=tsMain
Task: {2C200941-CDDE-45A6-8F04-8CA74AFACCF2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {307E4307-A28E-4823-AC08-D3A33CD82E33} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {33CC9305-242D-4A30-82C7-1DDD2AB5DF32} - System32\Tasks\{3FDDF03E-A9FA-4CDD-A75B-2A65F456E8BB} => pcalua.exe -a C:\Users\Marco\AppData\Local\StartPoint\startpoint\1.3.18.7\startup.exe -c /uninstl
Task: {3C3D1617-3F1E-412D-A8EF-813470F292BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {4155C4DC-827A-4227-85E7-89FA29682251} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {43F69D27-6A50-4323-A8B8-04FB1F198CF3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {4E899E63-6AF1-4929-A94E-96BC87501570} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {596B98DA-1FA6-4F5E-9FCD-E06BA9150F1B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {5D7EFC10-1325-4F21-8662-A3F893756E22} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {661D1FEE-5777-4537-AC8D-F48B8B591476} - System32\Tasks\StartPoint Updater => C:\Users\Marco\AppData\Local\StartPoint\startpoint\1.3.18.7\startup.exe <==== ACHTUNG
Task: {6696705A-B343-4D10-8F1C-0BE3E470429D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {6820F846-1841-45A4-8B07-76E308BA8348} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {691CE8DA-9B17-4842-B4A5-3389A0217605} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {74570E2A-3AA2-4B2D-896F-E4700B7911BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-19] (Microsoft Corporation)
Task: {80633849-1E2A-489D-8212-3C7F9FA339E0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {818F7A1E-03BF-41C9-A26A-A829EE0692F4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {9A75084F-6D32-4CE8-8A8F-D2B3AFB219FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A15C4893-5C92-42AD-A3AD-5944FC8E52DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {A179DCA8-970F-46C3-9357-D57A6967E6EC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {ABD0DE4E-6A01-4144-BF09-B6CA3725177E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {AD3F64A7-4761-42CA-9841-D439EBC3F2C1} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B8739088-8843-4676-BC18-227E1C270289} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {BB79D511-2831-49C9-B117-E48B05F9CA33} - System32\Tasks\{48BF336F-3788-4A5A-A5DA-921E3642E218} => pcalua.exe -a "E:\Games\Duke Nukem Forever\System\DukeForever.exe" -d "E:\Games\Duke Nukem Forever\System"
Task: {BD7F1593-EAEA-4031-B2F7-B91A4CBB6C5B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {CD6A9405-DB9D-4523-A2F7-490884A121C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-11] (Google Inc.)
Task: {D1E83A0F-9AA4-4632-80E2-7F4392F7B3D2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D93C4BAA-C341-46C8-B4B1-1F7480C40293} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DC4C8B44-F7B4-4EFB-B759-45EF9D96409E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-11] (Google Inc.)
Task: {DD162D8B-CADE-4FDE-A37E-07F5F478B4A6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {DDE0AD1C-F0A1-4C31-9354-4062F065AE1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-19] (Adobe Systems Incorporated)
Task: {F19B04C9-5FB6-495B-A6EE-A652552D48EB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F51F2AA4-6400-46DA-B5E6-53D896246179} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {FE41BA0B-6287-4167-A0A8-E7D3DBE2DD05} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-10 12:00 - 2015-07-10 12:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-31 00:52 - 2015-08-31 00:52 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-31 00:52 - 2015-08-31 00:52 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-12-23 08:01 - 2015-09-07 21:49 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-10-05 21:53 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-05 21:53 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-05 21:53 - 2015-09-17 06:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-10-05 21:52 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-05 21:52 - 2015-09-17 06:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-10-05 21:52 - 2015-09-17 06:43 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-10-05 21:52 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-05 21:53 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-05 21:52 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-05 21:53 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-12-23 01:05 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marco\Pictures\red-Christmas-HD-Wallpapers.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-3706712047-3497375799-4294627512-1000\...\StartupApproved\Run: => "Skype"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{36BE0ED9-35DC-4B74-8EE0-2D92A68AACDD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4084B618-A90A-415B-B341-5E20739A3D3E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A78A34A5-E53E-4643-8D9A-21383036FD29}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{89BA07AC-9519-4E4E-95C1-D77067B803C0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7F982740-6566-4DA7-8D38-6B0C7126BAF8}] => (Allow) E:\Games\Bioshock 2\MP\Builds\Binaries\Bioshock2.exe
FirewallRules: [{53E2D1DF-BB1A-4F10-9296-5548E6FE351A}] => (Allow) E:\Games\Bioshock 2\MP\Builds\Binaries\Bioshock2.exe
FirewallRules: [{3206CFD4-4FF5-413C-A7FE-1E53A727A7A7}] => (Allow) E:\Games\Bioshock 2\SP\Builds\Binaries\Bioshock2.exe
FirewallRules: [{CAED810A-AB35-4E7E-ADAF-08D1D4DF6C85}] => (Allow) E:\Games\Bioshock 2\SP\Builds\Binaries\Bioshock2.exe
FirewallRules: [UDP Query User{D6822EDA-F7DC-40C8-A6B3-D242D75BC079}F:\powerline utility\powerline scan.exe] => (Allow) F:\powerline utility\powerline scan.exe
FirewallRules: [TCP Query User{EC30729C-5A37-4C76-A42E-4270556BE369}F:\powerline utility\powerline scan.exe] => (Allow) F:\powerline utility\powerline scan.exe
FirewallRules: [UDP Query User{80E510DB-643B-43EE-BF4A-E6011276E165}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [TCP Query User{B041DFEA-C992-464C-8C03-5696F0A6FCF5}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [{67885724-2ECD-4C6D-905A-F2ACD77554CF}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{60E5BA2F-6E8B-4D72-BCB2-49333530E3FA}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{AF32FFAA-16D8-47DC-B486-C3E52DAA4ABA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{47E33E36-FFF2-4DDB-8101-D1BA5FFAF5BF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{CED98E07-C3EB-46E6-9654-99DCDA06C311}] => (Allow) LPort=1900
FirewallRules: [{9D8071EE-812F-47B6-8E5F-46D9B17771A5}] => (Allow) LPort=2869
FirewallRules: [{D3EAD9E8-562B-4352-BABF-1BDB5CF4AF8B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{CDED9BD5-C753-4F5D-B06E-2ABFBA163919}E:\games\jedi knight 2\gamedata\jk2mp.exe] => (Allow) E:\games\jedi knight 2\gamedata\jk2mp.exe
FirewallRules: [TCP Query User{B50F48C8-6EC5-4F41-B6D3-B6FCF66CCCFD}E:\games\jedi knight 2\gamedata\jk2mp.exe] => (Allow) E:\games\jedi knight 2\gamedata\jk2mp.exe
FirewallRules: [UDP Query User{9E5ADF62-2A62-449E-8466-15C63E9F74AD}E:\games\empire earth\empire earth.exe] => (Allow) E:\games\empire earth\empire earth.exe
FirewallRules: [TCP Query User{64D03650-D323-47EF-B5C9-C429E69C68F8}E:\games\empire earth\empire earth.exe] => (Allow) E:\games\empire earth\empire earth.exe
FirewallRules: [{F976B7DC-6B8A-4FC9-91C8-1811B9CCB58C}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{E9C5C4CA-73FD-4F00-BD25-AFE7C808971D}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{5C88FEBB-5A90-4855-901B-A82D64D79B93}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{2A9D3D8B-1457-4034-85F9-6AFD7A3A6D68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3802E836-5E51-4396-BEDD-DDFABDF1BF47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{CF3E24FA-2EAD-4D02-B922-0A8DC0E32C26}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{86A1486F-FF79-4DB9-BBEB-9DA96C2B2610}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{791B8FC2-F8F5-44B1-B22A-42887EC69E19}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{C752317B-B7CB-4A13-86A3-BD54EB5EAD81}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{27EACA31-3FD9-40CA-981A-75056AA4F436}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{17E56D82-D80D-42A7-8FE0-60F810F75FE2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{B47AA6F5-2E9E-48FC-AE7F-91156F3203B5}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{D41F7BE3-3A61-4F72-A435-CC5FEE9072C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6368237E-7283-49DD-BC83-07FF16E532AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{697DC00F-6BE7-4CFF-8C9A-C2FB3C563D10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{E5677BD6-C48D-4BFE-A2D3-D2F96206F103}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{E5C91C90-5971-496C-A981-EF7D5E5AEBCB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4637165D-382F-4B9E-9737-29AB41C6E8FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{660722FA-13D4-4313-8002-B4CE91B910EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{322EED63-5011-42D4-9408-43D7FBABA366}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D56974E1-D00B-432C-A95F-8FDD68AA60AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{F2E400AA-7ADA-4C8B-82AD-D67CFF7FC8A2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{E9EB29BB-F3D3-4F58-8F14-2855F039CD91}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{E3AE8CC4-3DFF-4433-AA30-960AB6A067E1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{2520EECD-4478-4A4D-946A-982A0799F573}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0A1B8825-373A-475C-AFE6-B91F4A86C52C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A5FF8223-C403-47C4-9CDB-E6D789069728}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7CF9F64E-D098-40E1-8AE3-8A66C93629C1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{387778C3-BBB4-4402-BD88-64730BF3DAAD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{810904E9-7411-495B-AF4F-4A481A48BAEF}] => (Allow) C:\Users\Marco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{266A89CA-B2A8-479A-A58C-7D77239A19F2}] => (Allow) C:\Users\Marco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{228E5B2E-A29E-4F13-AD49-32603B19F553}] => (Allow) C:\Users\Marco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4EA353E9-3D24-4A85-9BCB-980AE9D8CFCF}] => (Allow) C:\Users\Marco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EDCF06B4-D98D-43E6-8B51-867872216E0D}] => (Allow) C:\Users\Marco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B1AFA404-8F00-4B6F-8738-772B79D51407}] => (Allow) C:\Users\Marco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2DE84F86-7A38-4CAE-A378-01570ABE23B5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{6314056E-F1D6-42FD-ACC4-FB7221E8BF1C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{1C3F523E-49A8-49A6-9B7B-87ECC0939E3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/30/2015 01:47:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (11/24/2015 00:50:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (11/22/2015 04:11:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchUI.exe, Version: 10.0.10240.16515, Zeitstempel: 0x55fa5578
Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 10.0.10240.16548, Zeitstempel: 0x56133a14
Ausnahmecode: 0xc000027b
Fehleroffset: 0x00000000004aee7f
ID des fehlerhaften Prozesses: 0x1f38
Startzeit der fehlerhaften Anwendung: 0xSearchUI.exe0
Pfad der fehlerhaften Anwendung: SearchUI.exe1
Pfad des fehlerhaften Moduls: SearchUI.exe2
Berichtskennung: SearchUI.exe3
Vollständiger Name des fehlerhaften Pakets: SearchUI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SearchUI.exe5
Error: (11/22/2015 04:00:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HAL9000)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/16/2015 02:48:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HAL9000)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/16/2015 02:36:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (11/16/2015 02:34:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (11/15/2015 00:04:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16515, Zeitstempel: 0x55fa545a
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006644f
ID des fehlerhaften Prozesses: 0x270
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (11/14/2015 04:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16515, Zeitstempel: 0x55fa545a
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006644f
ID des fehlerhaften Prozesses: 0x19f8
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (11/11/2015 05:40:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HAL9000)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (11/26/2015 10:09:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/26/2015 10:09:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/26/2015 10:09:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/26/2015 10:09:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/26/2015 10:00:40 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/26/2015 10:00:16 AM) (Source: DCOM) (EventID: 10016) (User: HAL9000)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}HAL9000MarcoS-1-5-21-3706712047-3497375799-4294627512-1000LocalHost (unter Verwendung von LRPC)Microsoft.WindowsStore_2015.21.25.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157
Error: (11/26/2015 08:40:33 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (11/26/2015 00:36:04 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (11/25/2015 00:36:00 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (11/24/2015 09:12:34 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
CodeIntegrity:
===================================
Date: 2015-11-24 01:04:36.216
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-11-24 01:04:36.135
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2015-11-24 01:04:36.074
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2015-11-24 01:04:35.978
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-11-24 01:04:35.926
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2015-11-24 01:04:35.887
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2015-11-24 01:04:33.329
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-11-24 01:04:32.903
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-11-24 01:00:33.735
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-11-24 01:00:33.641
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 4057.06 MB
Verfügbarer physikalischer RAM: 2043.79 MB
Summe virtueller Speicher: 8153.06 MB
Verfügbarer virtueller Speicher: 5749.46 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:467.55 GB) (Free:367.09 GB) NTFS
Drive d: (Brainiac) (Fixed) (Total:164.06 GB) (Free:6.03 GB) NTFS
Drive e: (Matrix) (Fixed) (Total:299.8 GB) (Free:77.81 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F55B5AC6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=467.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=164.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=299.8 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
01.12.2015, 12:58
| #8 |
| /// the machine /// TB-Ausbilder | Viele Mail Delivery System Mails, auch aus meinem Adressbuch MBAR und TDSSKiller bitte auch auf dem Desktop ausführen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.12.2015, 16:06
| #9 |
| | Viele Mail Delivery System Mails, auch aus meinem Adressbuch MBAR hat nix gefunden, jedoch hat während MBAR lief mein Antivir 2 Viren gefunden, diese habe ich dann auch mit Antivir gelöscht. Werde jetzt noch TDSSKiller laufen lasen. Hier noch das logfile. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.12.01.03
rootkit: v2015.11.26.01
Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16590
Marco :: HAL9000 [administrator]
01.12.2015 14:27:31
mbar-log-2015-12-01 (14-27-31).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 409009
Time elapsed: 21 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Antivir hat folgendes gefungen: Code:
ATTFilter In der Datei 'C:\Users\Marco\AppData\Local\Temp\HYD32A4.tmp.1441823487\HTA\3rdparty\OCComSDK.dll'
wurde ein Virus oder unerwünschtes Programm 'PUA/OpenCandy.Gen' [riskware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter In der Datei 'C:\Users\Marco\AppData\Local\Temp\HYD32A4.tmp.1441823487\HTA\3rdparty\OCSetupHlp.dll'
wurde ein Virus oder unerwünschtes Programm 'PUA/OpenCandy.Gen' [riskware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter In der Datei 'C:\Users\Marco\AppData\Local\Temp\HYD8532.tmp.1441824032\HTA\3rdparty\OCComSDK.dll'
wurde ein Virus oder unerwünschtes Programm 'PUA/OpenCandy.Gen' [riskware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter Die Datei 'C:\Users\Marco\AppData\Local\Temp\HYD32A4.tmp.1441823487\HTA\3rdparty\OCSetupHlp.dll'
enthielt einen Virus oder unerwünschtes Programm 'PUA/OpenCandy.Gen' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
Code:
ATTFilter Die Datei 'C:\Users\Marco\AppData\Local\Temp\HYD32A4.tmp.1441823487\HTA\3rdparty\OCComSDK.dll'
enthielt einen Virus oder unerwünschtes Programm 'PUA/OpenCandy.Gen' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
Code:
ATTFilter Die Datei 'C:\Users\Marco\AppData\Local\Temp\HYD8532.tmp.1441824032\HTA\3rdparty\OCComSDK.dll'
enthielt einen Virus oder unerwünschtes Programm 'PUA/OpenCandy.Gen' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
Code:
ATTFilter 15:47:11.0414 0x27a0 TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04
15:47:15.0461 0x27a0 ============================================================
15:47:15.0461 0x27a0 Current date / time: 2015/12/01 15:47:15.0461
15:47:15.0461 0x27a0 SystemInfo:
15:47:15.0461 0x27a0
15:47:15.0461 0x27a0 OS Version: 10.0.10240 ServicePack: 0.0
15:47:15.0461 0x27a0 Product type: Workstation
15:47:15.0461 0x27a0 ComputerName: HAL9000
15:47:15.0461 0x27a0 UserName: Marco
15:47:15.0461 0x27a0 Windows directory: C:\WINDOWS
15:47:15.0461 0x27a0 System windows directory: C:\WINDOWS
15:47:15.0461 0x27a0 Running under WOW64
15:47:15.0461 0x27a0 Processor architecture: Intel x64
15:47:15.0461 0x27a0 Number of processors: 4
15:47:15.0461 0x27a0 Page size: 0x1000
15:47:15.0461 0x27a0 Boot type: Normal boot
15:47:15.0461 0x27a0 ============================================================
15:47:15.0742 0x27a0 KLMD registered as C:\WINDOWS\system32\drivers\76226146.sys
15:47:15.0992 0x27a0 System UUID: {4F37B5E6-E237-7FAA-1512-73AE1DDD04EB}
15:47:16.0454 0x27a0 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
15:47:16.0456 0x27a0 ============================================================
15:47:16.0456 0x27a0 \Device\Harddisk0\DR0:
15:47:16.0456 0x27a0 MBR partitions:
15:47:16.0456 0x27a0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:47:16.0456 0x27a0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A717800
15:47:16.0456 0x27a0 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3A74A000, BlocksNum 0x1481F800
15:47:16.0456 0x27a0 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x4EF6A000, BlocksNum 0x2579C000
15:47:16.0456 0x27a0 ============================================================
15:47:16.0481 0x27a0 C: <-> \Device\Harddisk0\DR0\Partition2
15:47:16.0516 0x27a0 D: <-> \Device\Harddisk0\DR0\Partition3
15:47:16.0552 0x27a0 E: <-> \Device\Harddisk0\DR0\Partition4
15:47:16.0552 0x27a0 ============================================================
15:47:16.0552 0x27a0 Initialize success
15:47:16.0552 0x27a0 ============================================================
15:47:20.0807 0x12b8 ============================================================
15:47:20.0807 0x12b8 Scan started
15:47:20.0807 0x12b8 Mode: Manual;
15:47:20.0807 0x12b8 ============================================================
15:47:20.0807 0x12b8 KSN ping started
15:47:23.0151 0x12b8 KSN ping finished: true
15:47:26.0667 0x12b8 ================ Scan system memory ========================
15:47:26.0667 0x12b8 System memory - ok
15:47:26.0667 0x12b8 ================ Scan services =============================
15:47:26.0839 0x12b8 [ 22CE801AD25C51E2553F41A076BB0CB2, 0520216417F1619FB642734EC937C59D5E79A24306C1E9B793C82FAE077851E6 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
15:47:26.0854 0x12b8 1394ohci - ok
15:47:26.0870 0x12b8 [ 2C49A2441EBB24C6ACFB524C1459115F, 0ABACB6F21C41C0297994E61F1BFABB3905AF6B569D0446FE8E174EB9225B8EF ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
15:47:26.0870 0x12b8 3ware - ok
15:47:26.0917 0x12b8 [ B87D3D07FE6F15328C6860D542F0E2BD, 46CF069EDD7DBFB4DB800BABA3081DAB363DD2CFD724AFF5916D3419F62A3574 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
15:47:26.0948 0x12b8 ACPI - ok
15:47:26.0964 0x12b8 [ 1E3C4EDBB7F3F668B7205E351010BB79, A3CA12F72836C4F77B671264828B370B9EBA9CD71110E2C0514994760B6B12FF ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
15:47:26.0964 0x12b8 acpiex - ok
15:47:26.0979 0x12b8 [ 13B1C26AEDCB40082CDD97506F968129, 883442206B4C60AA493E84CC3037B6C1568441E1F43D2B1FCBFD8D87D135D511 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
15:47:26.0979 0x12b8 acpipagr - ok
15:47:26.0995 0x12b8 [ B3D64FF927D611721DA73A61BF3A18B3, 96B51AFDC3078B5088AAF66F0CF3E07D2FCBBC84A19D309A25DF0A5C6CECB958 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
15:47:26.0995 0x12b8 AcpiPmi - ok
15:47:27.0010 0x12b8 [ 19F793B2203D94AC1F8AEDB08B494E2E, DC98CCF9935E1F1C32FA88575A9A678B74916EFF48E39A64CF1FF92232F64A52 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
15:47:27.0010 0x12b8 acpitime - ok
15:47:27.0073 0x12b8 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:47:27.0073 0x12b8 AdobeARMservice - ok
15:47:27.0167 0x12b8 [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:47:27.0182 0x12b8 AdobeFlashPlayerUpdateSvc - ok
15:47:27.0214 0x12b8 [ 2A24E10C1A1DE0E0035E353EED494A1C, CBBFA86578BE74CAADDCA923D65E3BFFC57BC17B887936ADE5C6952530546A22 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
15:47:27.0245 0x12b8 ADP80XX - ok
15:47:27.0276 0x12b8 [ A3D96563BF46FC8A0E5756B796127D14, BAD3C30714F6514D2AF725077A79FF671CC022E415786E1666C0B7C24CE3670A ] AFD C:\WINDOWS\system32\drivers\afd.sys
15:47:27.0292 0x12b8 AFD - ok
15:47:27.0307 0x12b8 [ EF09D07626820F7F89519514C17FE768, C3EC1DC163CD5946270ED876CD414889BBF2C586A8AF5DC7825FA5D77001E827 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
15:47:27.0307 0x12b8 agp440 - ok
15:47:27.0323 0x12b8 [ 8A289EF0721F95267BF2404BABEE146D, E263D258F03DF3BB405D49AE7230C37E7EB8F392FDEE48059C7C1E3709520D35 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
15:47:27.0323 0x12b8 ahcache - ok
15:47:27.0354 0x12b8 [ C301499987AF909258774AE9DC5778BB, 3ED539C999847116AE9DB9C8C5A34AB09703BAE3018E1EAF6DBC779BB6736F32 ] AJRouter C:\WINDOWS\System32\AJRouter.dll
15:47:27.0354 0x12b8 AJRouter - ok
15:47:27.0385 0x12b8 [ DD69535D379F9E40AD0D6002887AAA99, 579DD18CE2B264B4058C6069B8AEE6FD9FE6A882B7DA19E300DFE40B37A4E5BE ] ALG C:\WINDOWS\System32\alg.exe
15:47:27.0385 0x12b8 ALG - ok
15:47:27.0401 0x12b8 [ 6763084E8322A4876D1613854640F914, 89EEEB47517A9964FA799821E5E45BDD6009EBDC628D6DADE6A7F03DE7CDA6CD ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
15:47:27.0417 0x12b8 AmdK8 - ok
15:47:27.0432 0x12b8 [ BE258C17CFD09F4210602105432E784A, FD38B50785206D6E5EADE65396030E18C8B9D993D7225057B0C24F3256BCE2E3 ] amdkmafd C:\WINDOWS\system32\drivers\amdkmafd.sys
15:47:27.0432 0x12b8 amdkmafd - ok
15:47:27.0432 0x12b8 amdkmdag - ok
15:47:27.0479 0x12b8 [ 5BC406A4BBB2EF7FEFD990B4A48DE059, 5F9B33879B4FBCB3C7171330DD380D3354E0E7EC60376AEB30BD443297A9686E ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
15:47:27.0495 0x12b8 amdkmdap - ok
15:47:27.0510 0x12b8 [ DE29D8AB57AD67D4940CAB4A48B3E230, 4E92AFCD9107573DAB8E65AC6318E4B8851DCCBE17E135DFF8CF5733210B52E6 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
15:47:27.0510 0x12b8 AmdPPM - ok
15:47:27.0526 0x12b8 [ 4C1F9BBAF5CCD76D4642F3B92B97B454, 514CCAA8B586B1019658BE101046386EB727AD48D7913AEF9A168763E91F0DE5 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
15:47:27.0526 0x12b8 amdsata - ok
15:47:27.0542 0x12b8 [ F8195C1A15955180DD663E7FF4C2F6DD, F3C0C6B38FB9478217EE25EBDBDF7A18F01B97655BC38373E70E71171705D5E9 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
15:47:27.0542 0x12b8 amdsbs - ok
15:47:27.0557 0x12b8 [ DD2F5BBCFAC4D8E48DB1A95A7EEBFF08, 619E3106072C6F785144D785C4AFB4C607CAF7ED29AAA4A1411BE262E62B7ADE ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
15:47:27.0557 0x12b8 amdxata - ok
15:47:27.0651 0x12b8 [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
15:47:27.0667 0x12b8 AntiVirMailService - ok
15:47:27.0698 0x12b8 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:47:27.0698 0x12b8 AntiVirSchedulerService - ok
15:47:27.0729 0x12b8 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:47:27.0729 0x12b8 AntiVirService - ok
15:47:27.0760 0x12b8 [ D84E576299C73B0B1DC477D2B99958C4, D6703C2B63B9FA87C2DA009CC7B6DF76C3603C6A9874B152D685A1B92EE2DF28 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
15:47:27.0776 0x12b8 AntiVirWebService - ok
15:47:27.0823 0x12b8 [ E4AFE476D9F758514A8A571DF6A24372, A37055A2CDB577CC8B76D4B020924A6C68D94166C1C9A64F7C0E9E16692709FC ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
15:47:27.0823 0x12b8 AppHostSvc - ok
15:47:27.0839 0x12b8 [ 46AAF119090573A80D603745582229ED, 8D7C4AED66DD32A104965DC23D17C0815CD1BE2E3D52375C1A63863664EE174F ] AppID C:\WINDOWS\system32\drivers\appid.sys
15:47:27.0839 0x12b8 AppID - ok
15:47:27.0870 0x12b8 [ 24315B385F515D6D5476757EAFD62633, CE645397BF43CC54B864A0E4FCB86F76C10B9C2D2482E85DBBE15EF7BF045F17 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
15:47:27.0885 0x12b8 AppIDSvc - ok
15:47:27.0885 0x12b8 [ 2CE396457D5C18F034D243EC7E159010, DDF588A568DF5EAE058DF315535BD746760363E2242EF8C705F8DCBA2D5DA4A7 ] Appinfo C:\WINDOWS\System32\appinfo.dll
15:47:27.0885 0x12b8 Appinfo - ok
15:47:27.0917 0x12b8 [ A8AC0B8ED134888731D1A1BCEF930FA1, 917D2C99CB28C5F20BA386148B6A93541AEF900A9A99D310D732B501322945E5 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
15:47:27.0932 0x12b8 AppReadiness - ok
15:47:27.0995 0x12b8 [ 43BE4036BC793A48BB0021B0FFF943CF, 233102A2B0D4B0527C6C2894EA5D14D556AD4C00BCFFC4E2B171F8B9DD200BAA ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
15:47:28.0042 0x12b8 AppXSvc - ok
15:47:28.0057 0x12b8 [ 0756EECAC010BE449D07502DF27E7701, 6A895CA80050D021DB5E130102F626027339A22673B7C15C51A375C0401F03D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
15:47:28.0057 0x12b8 arcsas - ok
15:47:28.0120 0x12b8 [ BD63768F58666341BE007DAA21B3A063, 1D6112E97042E19E4D916AA22F8AEB7FCC2F36CA45F55049D77042DAF3B8847C ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:47:28.0120 0x12b8 aspnet_state - ok
15:47:28.0135 0x12b8 [ A5792F971EFE86B7F56EE7299ED1082B, 82DCD15E2C9D8A3EA663941C9CE73020FEEF2F91354D0BB51E8A142AA1E30217 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
15:47:28.0135 0x12b8 AsyncMac - ok
15:47:28.0151 0x12b8 [ 8921DF6060DB5C7700AA48CB12E9EA08, 8F18841B454CDE4926C50B23F818D00ECE0AE884DB198E396445CB44CB39B2C4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
15:47:28.0151 0x12b8 atapi - ok
15:47:28.0167 0x12b8 [ FD9A5BCC3AFB02E87668B749546B6229, 4BE969A11CEE8033F40EDE7E06A5904B328D3FC1842855C0DB38D5EEF458219C ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
15:47:28.0182 0x12b8 AtiHDAudioService - ok
15:47:28.0214 0x12b8 [ 240FF83DD79546B26F187FAB20F83864, C4DC0159016B4A4630357131E614814C068D07BEA94AAF6393E882A78C9FCA1E ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
15:47:28.0229 0x12b8 AudioEndpointBuilder - ok
15:47:28.0276 0x12b8 [ 6300722E8527EC54D426FD00EE5196B2, 71376BE797E8F3E2E671167DA400239D5289DE7EE56CF29564C98715B9DB1D09 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
15:47:28.0292 0x12b8 Audiosrv - ok
15:47:28.0307 0x12b8 [ AC82CC4F2A41E098EB34C0A9F8125DDC, CC416DD5FC8E14A1F99F8DF52D795CA6E16EDBF8FD7C9624B10BA83D9D954BF2 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:47:28.0307 0x12b8 avgntflt - ok
15:47:28.0323 0x12b8 [ 45061BD6F11B80BF1C07A9253A659BF1, 9A1AFE963672E23F3C19FACE2CEB64766C964B165ECB26F36B6FB5730CEAFD2D ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:47:28.0323 0x12b8 avipbb - ok
15:47:28.0385 0x12b8 [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
15:47:28.0385 0x12b8 Avira.ServiceHost - ok
15:47:28.0401 0x12b8 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:47:28.0401 0x12b8 avkmgr - ok
15:47:28.0417 0x12b8 [ 74179E7C103F3A44B33D7D982E21E35D, 7F2384B065EA9959734D65426781D901CDB0DA8DFCAD13BF05044DDF33CA5688 ] avnetflt C:\WINDOWS\system32\DRIVERS\avnetflt.sys
15:47:28.0417 0x12b8 avnetflt - ok
15:47:28.0448 0x12b8 [ 2F7F80543129210CA75995D0DCA488E8, 353E598FF26FA363C02A2B44BA8D7D1ED97B8AC8C69F1B5C5D521BD0D5D5AB94 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
15:47:28.0448 0x12b8 AxInstSV - ok
15:47:28.0495 0x12b8 [ 00D64E82900E4EC9062805ED87C2D75A, 577110F9A7C6C2C4CF86FFF4F60E23F61623ED325FC950033900A5102754A677 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
15:47:28.0511 0x12b8 b06bdrv - ok
15:47:28.0526 0x12b8 [ 5164A66EC1565711A7B4CF2F143B4979, DA29F0FB63F3EB2BF92D51FEB4BB7D2B964553D2F634556325953927464CB3A5 ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
15:47:28.0526 0x12b8 BasicDisplay - ok
15:47:28.0542 0x12b8 [ F4C58BBF2972BD84C73F6A14CA35AC4E, B7A226EB861B63ACF4BF9B5A331ACA6FFC9B787DCCAA7697EEFC4F634508A6D5 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
15:47:28.0542 0x12b8 BasicRender - ok
15:47:28.0557 0x12b8 [ 25349D0B334E528667980948ED107D89, 70EF9D3B8DCAC6E9720C6F3EBC77392FADC182A6925F9024FE30A21321E0137F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
15:47:28.0557 0x12b8 bcmfn2 - ok
15:47:28.0589 0x12b8 [ DF78B56EEE6004DEE8CE57763128075E, 5758CAF4B0182F3F2E2508B3BB58B0271F2689808D09675B2753FE373D1D77D2 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
15:47:28.0604 0x12b8 BDESVC - ok
15:47:28.0620 0x12b8 [ 1E8A9267F8886803AAE02982FC1B5BC4, 655DF84E037BD6E582A6BA89737A4388956219171AF7253D126E54A23F16BE59 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:47:28.0620 0x12b8 Beep - ok
15:47:28.0667 0x12b8 [ 7FAFFFC4C59F5010D6E7CEA152076B92, 945FD6C04E109D4E5A4164BAA9A8120EC85AB809555AAD83E61B9F179F976FD7 ] BFE C:\WINDOWS\System32\bfe.dll
15:47:28.0698 0x12b8 BFE - ok
15:47:28.0745 0x12b8 [ BD60F5633F6BD617D9ECCA3FFDC0D37E, 2F0DECAEB7096CD628387263381E123C883F483BD87F7F2BA6DEFBB5A184BAA3 ] BITS C:\WINDOWS\System32\qmgr.dll
15:47:28.0761 0x12b8 BITS - ok
15:47:28.0776 0x12b8 [ C9FD65687EF89715999C582D3E568812, 42BA59A78A47C510CB2AFDC6C6080B33F9F611F84FEE5262DFF16D7633C50EB1 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
15:47:28.0776 0x12b8 bowser - ok
15:47:28.0823 0x12b8 [ 3A4A543F135DE9A06ABA9DF982D79DD7, ABA165435C27BE15D7EBD3E7D023E295CB7AE2A099DF9E253C78EC45EADD75EA ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
15:47:28.0823 0x12b8 BrokerInfrastructure - ok
15:47:28.0854 0x12b8 [ 2AAD720B32904B97EDD8C3211344F79E, 41B1AEA5FAA48033B2581E18D68EFC986C3D65B383847E250C054CE3133A893C ] Browser C:\WINDOWS\System32\browser.dll
15:47:28.0854 0x12b8 Browser - ok
15:47:28.0854 0x12b8 [ F8DD3B0EAC1EF1D087AE47E5819540AC, 866C951B52E3202AC89552AEA72A45123367199335578F03815E2ED55DA2FDAE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
15:47:28.0854 0x12b8 BthAvrcpTg - ok
15:47:28.0886 0x12b8 [ 647E2A425AD43637EAA01096A58B7089, 8F76D024FEBCBA1AC54363133DE1E0DD5B9D696E5E688EFEBC3B79F7F1B9C568 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
15:47:28.0886 0x12b8 BthHFEnum - ok
15:47:28.0886 0x12b8 [ B95040CAD3434D9EE003065363A0FAFF, D441E0676EA1AE1ABC305732024311CA59715E6763B3D7ADB728DEEFC403E182 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
15:47:28.0886 0x12b8 bthhfhid - ok
15:47:28.0917 0x12b8 [ F334BF7B0737CEB3B6822631EAD55A87, 4E5AEB1F8E109BA01A5D1CDE2E3C677FF07F2AFE8B195CB5F82AA28816D2060E ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
15:47:28.0917 0x12b8 BthHFSrv - ok
15:47:28.0933 0x12b8 [ 29AEE352AED4FCD2191436D263D75347, 3D21262EA26BF423BFA4A9146E53F8B036B2A1157DBE91A11C5603AF7A670B6F ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
15:47:28.0948 0x12b8 BTHMODEM - ok
15:47:28.0964 0x12b8 [ 26DD0127A05B333E36316E6EA9A6AAE2, A2DC4483FF5639EE8DD315AB2989865CA6A6992C578FD7F7D31698A015355941 ] bthserv C:\WINDOWS\system32\bthserv.dll
15:47:28.0964 0x12b8 bthserv - ok
15:47:28.0979 0x12b8 [ 854AF190F55E6D70EC65A85798F896E2, 6D39F9131BE93F934502BA1DB109E7AD35D3987B636F7B32F9C34823DF25746B ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
15:47:28.0979 0x12b8 buttonconverter - ok
15:47:29.0089 0x12b8 [ 68BD23A0AD9E934F037A1D8A1929D1E2, 7104B04435930D085D01779065C8F293A265800D90C9DEFB19C998D9326E44E7 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
15:47:29.0104 0x12b8 c2cautoupdatesvc - ok
15:47:29.0167 0x12b8 [ 13297729C696656F990A5DBA53023129, EB2B34B04B79756199DBBBDE99ACBB576D20C7C0AF3E4F3C0CF0040948216AAC ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
15:47:29.0183 0x12b8 c2cpnrsvc - ok
15:47:29.0198 0x12b8 [ A10A1E05A943B10ECE5D57D131B7404D, 71BB816B6841001A4305DF1814926B639265E91895CA5D06284B0970E40CE386 ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
15:47:29.0198 0x12b8 CapImg - ok
15:47:29.0214 0x12b8 [ F2829DC6D292DCAC5029893BB2E9FEE3, AF2A25722D3BE37BABD1F6668786AAF39E9D6CA18CE8E845E63266E218C64526 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
15:47:29.0214 0x12b8 cdfs - ok
15:47:29.0229 0x12b8 [ F3A9E38AE23AD4015764AF89E4AE3519, 57ED6AC834177E128720FEC5B5793F35C7C36474E2D787F182B6730933222CC9 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
15:47:29.0229 0x12b8 CDPSvc - ok
15:47:29.0245 0x12b8 [ CA160E02F35A61C6F5C681FB4669C519, E6BC66156EE226F16804C4FDC8A60EB15CE6212EAFB9FB841FAC899979E140E2 ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
15:47:29.0245 0x12b8 cdrom - ok
15:47:29.0276 0x12b8 [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
15:47:29.0276 0x12b8 CertPropSvc - ok
15:47:29.0308 0x12b8 [ 60D7D304DF75DFF6A46CF633F583B592, 4141D8D1C6FE829C02053DA91AC6B0628BDEB3322CAAD4AD958190F9D173340E ] circlass C:\WINDOWS\System32\drivers\circlass.sys
15:47:29.0308 0x12b8 circlass - ok
15:47:29.0323 0x12b8 [ FF9D4BCE19E5D36CB3A845A3286DA6C3, A0E2C38D629359EEC6F8EEC6F92A3E571AEF018BAF259F395DC497ED4827460B ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
15:47:29.0323 0x12b8 CLFS - ok
15:47:29.0354 0x12b8 [ 5C4648673693724C8D4A1A92E1AA06E6, 5D548241715687BFA52E40B867EF73CB45D01B7F9A9B7F00B92BF2B4C97BE1D0 ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
15:47:29.0370 0x12b8 ClipSVC - ok
15:47:29.0386 0x12b8 [ 8EBA63416EC166EBA6EF6D34A505D8C8, 5EB0236ABEA2277B71D9F009DA71934C618606B20BBEC07B8595195E40C12A2B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
15:47:29.0386 0x12b8 CmBatt - ok
15:47:29.0417 0x12b8 [ 3B64DA873CEA5BEC42570BFF1054A014, 3649B25855CB9BE5BA3B3FEE4221575381FB2D488B8B050B5DD0088386AA0F7B ] CNG C:\WINDOWS\system32\Drivers\cng.sys
15:47:29.0417 0x12b8 CNG - ok
15:47:29.0433 0x12b8 [ 5EEA0856000F81B3D709BC81B3AA1EF2, C04E4E31D3FC38102BA410D312F58AF848920EE37004A5C306D79229C9B6079A ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
15:47:29.0433 0x12b8 cnghwassist - ok
15:47:29.0495 0x12b8 [ 74CD3BF688E2B408227FE012A2F2D8ED, CC01AC79CEB9DC94FA5675D66F048928C9968B8944E34F5482A73C14B70EE8A8 ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
15:47:29.0495 0x12b8 CompositeBus - ok
15:47:29.0495 0x12b8 COMSysApp - ok
15:47:29.0511 0x12b8 [ D38774D1D383A2CDB9A4F64B7206913B, 6CDDC46D1D431342F00CA537FC327B23B8AA4D513CEEEE61F3E19C77975DF9C8 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
15:47:29.0511 0x12b8 condrv - ok
15:47:29.0558 0x12b8 [ 8AFDD74F2DC5BAD9B2215FB19DB65240, A2BDDA4C77C63D3D8E9F1D397D7B41EC1BF093A6399C14D311D4D230B5F1E093 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
15:47:29.0558 0x12b8 CoreMessagingRegistrar - ok
15:47:29.0589 0x12b8 [ 35DB06AACD8AD5999161DA71FF0E16F0, 22AD27811AAD14666ACEF4115447B0CFAA70D1E73923059FB2A9B4C3CBE500A6 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
15:47:29.0589 0x12b8 CryptSvc - ok
15:47:29.0636 0x12b8 [ F038EAF73AAB72A4A89185A5A7B9FD75, 8213A60B3BEAFC1C554C5D049DFE3C6E44CEFE639EDD6A335AC18A9DAEDA2D4B ] dam C:\WINDOWS\system32\drivers\dam.sys
15:47:29.0636 0x12b8 dam - ok
15:47:29.0667 0x12b8 [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:47:29.0683 0x12b8 DcomLaunch - ok
15:47:29.0714 0x12b8 [ 0605AB12BF1856DF21AB708F28EA91CF, 3A6A7F8F84044DC1EA490A007E6DBC52203BA237ECF1B845961D9BB95E9BF8C8 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
15:47:29.0714 0x12b8 DcpSvc - ok
15:47:29.0745 0x12b8 [ BABB7BB5AD3CECFF466E6080F43CFC58, 1B8FF66557EC4C749156ED6DACC4D61D5DC4E25DD58F6DB3713C356214B80FDA ] defragsvc C:\WINDOWS\System32\defragsvc.dll
15:47:29.0745 0x12b8 defragsvc - ok
15:47:29.0776 0x12b8 [ 63C9464B165D31ACC46B6B089AB36B41, DE38DE4E6331D07630B63224F8014C27368C29791EDB58CC5DAE7CBACD37160A ] DeviceAssociationService C:\WINDOWS\system32\das.dll
15:47:29.0776 0x12b8 DeviceAssociationService - ok
15:47:29.0792 0x12b8 [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
15:47:29.0792 0x12b8 DeviceInstall - ok
15:47:29.0808 0x12b8 [ CF3895DD260ADE05BC91D8FBE0A82907, D7D8A29E873BE5C3832C9264F0165F6CD50D42ED0E04B0FCF07F054793092334 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
15:47:29.0808 0x12b8 DevQueryBroker - ok
15:47:29.0823 0x12b8 [ 25435407D97419627F4B10653433BF2B, 5429B0DB7C5302E9A6AF92C046637183D4147D4A206963ABEA3A611214D6AB04 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
15:47:29.0839 0x12b8 Dfsc - ok
15:47:29.0854 0x12b8 [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
15:47:29.0854 0x12b8 dg_ssudbus - ok
15:47:29.0886 0x12b8 [ E59C209F1F633C1AEAF151B2CA46BBAA, 6A4DA927418B56A228CC8D9DFA3351B2B53A9328F5C56C10F0C7B19974B2ED89 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
15:47:29.0886 0x12b8 Dhcp - ok
15:47:29.0917 0x12b8 [ 95AA7877FD4161BFBC8493F9279B1901, F6B7DF75D763A89901BD12454BEF92D161B392F721B8568505073929D9F419BD ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
15:47:29.0917 0x12b8 diagnosticshub.standardcollector.service - ok
15:47:29.0980 0x12b8 [ 58395E37ED838B93A56F1D089C2F53CF, 57D167B58DF5B33F7E2A98E1B8B33C8F076D34CA032D22F050AE6F83A48DC8E6 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
15:47:29.0995 0x12b8 DiagTrack - ok
15:47:30.0027 0x12b8 [ FDCD449AE9E75D7690593D16ADAF4DB4, 3366C4BDB031EB525F85850E903C46802A2AC762C0772C6F6E543DDA4AF1E9D5 ] disk C:\WINDOWS\system32\drivers\disk.sys
15:47:30.0027 0x12b8 disk - ok
15:47:30.0058 0x12b8 [ 43A1B8B43CA4E213E0FD920F2FD6BCBA, 839C6047FD6EA951538209C30C9D8AE68F9B47A58DA151D071C03408250B0ECD ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
15:47:30.0058 0x12b8 DmEnrollmentSvc - ok
15:47:30.0073 0x12b8 [ F10A8F6D036CEDD14A5471782C52F041, E0DA3C4F76DBBEAED549375E57819F8825B33A118F7674D417D294054863F648 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
15:47:30.0073 0x12b8 dmvsc - ok
15:47:30.0105 0x12b8 [ 7228733177F673B4D51BD1AA082D47C1, DBE155CDCFAA7C32407A207F637F252FA0CE30F1DE7E7DBEC42DB37FADB5BFA7 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
15:47:30.0105 0x12b8 dmwappushservice - ok
15:47:30.0120 0x12b8 [ 592E41B3C11CA12203D3708AD8FC3D37, 6C69D5D603FBF038C069EDDCE29F7C6A60CAAE58B985AB218E1497F2BA934D42 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:47:30.0136 0x12b8 Dnscache - ok
15:47:30.0167 0x12b8 [ 6184C7A2F12625C108AEFD3A43429967, 689153F319BB1013FF60F71317E8380A6945EEE8141EDBDD6B185A966E23BB93 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
15:47:30.0167 0x12b8 dot3svc - ok
15:47:30.0183 0x12b8 [ A616D8297C1BEA690BBC796736A7A78D, 9365470F4609606410AD79D98E1E77D815DC7C5AA924FB639FCF713EE8EDEA76 ] DPS C:\WINDOWS\system32\dps.dll
15:47:30.0198 0x12b8 DPS - ok
15:47:30.0230 0x12b8 [ 45771610FF181434073B5A0A00F20F8D, 6A17DB09AA6D021F000F7315317235E1FCF41FD58EA7DF81A7C9F5A6DE999984 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:47:30.0230 0x12b8 drmkaud - ok
15:47:30.0245 0x12b8 [ 00D9A948FB7344C62CEBED88E50EE39A, EF33FE7FB34DE571F3956C1F7AC8EFAA25BFD9F3AFA3ECD25DD34C5890873245 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
15:47:30.0261 0x12b8 DsmSvc - ok
15:47:30.0277 0x12b8 [ D920A8B070A9BA5C9DEFC3BA7C3883B5, 8EA05CDE58930EB16B4B502561AF2DB5229658FDC1948A9A8F249A7402C21398 ] DsSvc C:\WINDOWS\System32\DsSvc.dll
15:47:30.0277 0x12b8 DsSvc - ok
15:47:30.0308 0x12b8 [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01 C:\WINDOWS\System32\drivers\dtsoftbus01.sys
15:47:30.0323 0x12b8 dtsoftbus01 - ok
15:47:30.0386 0x12b8 [ 89C9C3745F270EF93988DA57BC6AA62B, 947886F3121919427BDCB123C6FC28E29CA73D427E92025E1BEAA743D27306D3 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
15:47:30.0417 0x12b8 DXGKrnl - ok
15:47:30.0448 0x12b8 [ 6E36BDBB46DF7F865D0DD30663AE3891, 98967B01EA450AD4D5FE8085F710359C022D783B839A51BD4A266718156B01EB ] Eaphost C:\WINDOWS\System32\eapsvc.dll
15:47:30.0448 0x12b8 Eaphost - ok
15:47:30.0542 0x12b8 [ 3070013B01EDA42C7EB67D731340C396, C083CA05650750876E70CB6AB51D5C047C06098C2ED86B083A74C97830247BFC ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
15:47:30.0605 0x12b8 ebdrv - ok
15:47:30.0620 0x12b8 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] EFS C:\WINDOWS\System32\lsass.exe
15:47:30.0620 0x12b8 EFS - ok
15:47:30.0636 0x12b8 [ 59EE187E333EE9914DD9BEA5F4E0D85D, E34BB8075E38FC6AEC056323C6E3B5B4E7041EE6F4D51699B706DEEA18BDB911 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
15:47:30.0636 0x12b8 EhStorClass - ok
15:47:30.0636 0x12b8 [ 9297F1CC486F24BDFD2874156AC5430F, 1AF8689ADE4E658FC9418F7886B6C19F7D005EAB2AEF9B0E14FC81C61A74CECF ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
15:47:30.0652 0x12b8 EhStorTcgDrv - ok
15:47:30.0667 0x12b8 [ 9E8FF6B95FD420FA9E40BE548E5C8D92, 8825B81418335D03CFAADB792C1466023C459BE489ACACBD6686FFB544F22D30 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
15:47:30.0667 0x12b8 embeddedmode - ok
15:47:30.0698 0x12b8 [ DC2F91EAE9A28FA8C6610A9B7701B70D, 480DB509BF944AAC3617594F1245B4603069DE39186BC1FA7EDB8E0536B05E79 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
15:47:30.0698 0x12b8 EntAppSvc - ok
15:47:30.0948 0x12b8 [ F7FCCA6300485EF60CEA6D991D6C8C78, 24080D80CF1FD678DF4C9CAE70F65F8D9232F5F6A6F2B73A77B5E3C91E6505F3 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
15:47:30.0948 0x12b8 ErrDev - ok
15:47:30.0980 0x12b8 [ 2093F65AA84478E28C8E9D05BC413845, 086D4E0D4B993F4041AA8A9DCBEEDB53BD05B88E2BEFB218837FB10FACDF4233 ] EventSystem C:\WINDOWS\system32\es.dll
15:47:30.0995 0x12b8 EventSystem - ok
15:47:31.0027 0x12b8 [ DCCDC3F35F0618692117DF90800A4284, B636B2A39AE89A9C2CDE17EC52DA669DA8AA9E2B04CA5CA19926DA8009655244 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
15:47:31.0027 0x12b8 exfat - ok
15:47:31.0058 0x12b8 [ 5A1C6AFFF6946C5C21A27AE05084C0D1, 558CB87E596E85182F6976F215EE0E35F57BF901409A2805E6A3C29D8984B048 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
15:47:31.0073 0x12b8 fastfat - ok
15:47:31.0120 0x12b8 [ 046FC9CF53A91E2FBA498CA7B0C3B028, BCFB06DF53065706DD6287E8C47BF5047F8A1E33981E1881E6ED7510337F5BC8 ] Fax C:\WINDOWS\system32\fxssvc.exe
15:47:31.0120 0x12b8 Fax - ok
15:47:31.0152 0x12b8 [ 4E4B7D935DBF522B2F23D3573596181D, 9D0EC9F65920EE0FFFB2D49C58E4D5151C8CEEB7AA82543D226E4B84EEE4B3F0 ] fcvsc C:\WINDOWS\System32\drivers\fcvsc.sys
15:47:31.0152 0x12b8 fcvsc - ok
15:47:31.0167 0x12b8 [ 583EB1C7690E361213BBD0472155128B, 5F5871490A6DAC4A824F4428941AC86FBFA9AA349B99B5D9544E5D62EB459FA8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
15:47:31.0167 0x12b8 fdc - ok
15:47:31.0167 0x27b8 Object required for P2P: [ 6300722E8527EC54D426FD00EE5196B2 ] Audiosrv
15:47:31.0183 0x12b8 [ 94B1A46EDD335F0C54C7BDAFC43348E6, 58073D58D0BE7389C2A4736AFE108835E5AE9C9950FF630644F585C99B964043 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
15:47:31.0183 0x12b8 fdPHost - ok
15:47:31.0198 0x12b8 [ BC855BB7DFE06F27F78E0EB2A8CCB70D, D16C3DAB99C16B077BA5DA5E9E0646B0B9237B00ABAE867D9F81A2D072D583B1 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
15:47:31.0198 0x12b8 FDResPub - ok
15:47:31.0214 0x12b8 [ F1125F20D56F28DDCD1A6F3E81EB4F5F, A6620ECCB15FAA70E4A43ADA4CE82CF97D708B6FA07F3FAED276359E7F92FD0F ] fhsvc C:\WINDOWS\system32\fhsvc.dll
15:47:31.0230 0x12b8 fhsvc - ok
15:47:31.0245 0x12b8 [ CDFD81CACE0E11596A3BB61EC4CF6467, 569FA86A215B054131AA9AFEECFEE7FD7143DCFFE275B84196004AEA538B2476 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
15:47:31.0245 0x12b8 FileCrypt - ok
15:47:31.0261 0x12b8 [ 3F02FEDAE894CBF4BAADDF8C8E1D53A8, DA32ABB1CDA867B8456C46F8581FA7F3A8D8B89D9F6E7422F51941D5FFA15B13 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
15:47:31.0261 0x12b8 FileInfo - ok
15:47:31.0261 0x12b8 [ 2824933386E30DE5BA089DF539CE19A3, 7B33E514576C68B444AE99CBA1360EBFAE8A46EEE5C01F4EE4CF471A712AB148 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
15:47:31.0277 0x12b8 Filetrace - ok
15:47:31.0277 0x12b8 [ 6A598249640F8BEDD79EC73917E1664F, A675238EA19E6632CDEB4EEFF7CF509EAAEF76AD8DFD247664E5607555D9CEE1 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
15:47:31.0277 0x12b8 flpydisk - ok
15:47:31.0308 0x12b8 [ 44B6A6832134DF651E887E941478CA35, FCF4EB726D00F5A17DD66C81CFDA49427281C94CF9CA2008397D591AEA61AE05 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:47:31.0308 0x12b8 FltMgr - ok
15:47:31.0370 0x12b8 [ C197284A9D565A38497733AF2BDFA111, C6615AF0D366C2DD6D431B073901EED02D49AA3F252230735DBB52A90BCFA833 ] FontCache C:\WINDOWS\system32\FntCache.dll
15:47:31.0386 0x12b8 FontCache - ok
15:47:31.0433 0x12b8 [ 109AACC7FB0170535F71491F673AFD38, 212B6761ABBAC29993DA0A47C3DDE8074EA9E5A8FFA8FF6EAB95AC69D8FDD5A0 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:47:31.0433 0x12b8 FontCache3.0.0.0 - ok
15:47:31.0449 0x12b8 [ 3F3B9E8CECD5604BC7746EF3A852EB67, 51AF62A9563379266C0C873E82F55427900032DFD7AC3EBDCDF77F8F8DE91A5D ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
15:47:31.0449 0x12b8 FsDepends - ok
15:47:31.0472 0x12b8 [ A60583221C7BB7CEC35C63285A297BE1, 3C842FBEAD1FA2BD8D37B2B0E8EDF77F4F50508C56FB25DFA81DE9679090D51D ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:47:31.0473 0x12b8 Fs_Rec - ok
15:47:31.0501 0x12b8 [ 58013A50225174EEF1410E37795D7908, F8E557CA4110ABB203192DEAF59D91A5FEF2A5EA394637276DAB7F4D2E7BFA39 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
15:47:31.0512 0x12b8 fvevol - ok
15:47:31.0529 0x12b8 [ 0DAAE3EFCE00133AB3E383A36C47CDAF, 9145665F4F0575F951803AAFAA1A7DC0FAA35430CAE7D90E902074D60D6F4C62 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
15:47:31.0531 0x12b8 gagp30kx - ok
15:47:31.0551 0x12b8 [ F59155B95D01C08F9ED774B626B504A1, EF0FCF35AD9CD5E5D695F0C064244D2B327E7FB10FD7CBB0586253EC75562918 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
15:47:31.0552 0x12b8 gencounter - ok
15:47:31.0566 0x12b8 [ AE24452F55C6F1784CBD7489D0CDDB02, 4E13C51CBF30A8662B1180AC74E968CFC428B6EA7931F09357E7D120063D4823 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
15:47:31.0567 0x12b8 genericusbfn - ok
15:47:31.0591 0x12b8 [ 96F0D3A583A91B634EE2AC2507356EDC, 43D2575F33D28F61C13D2DCF358BFA9DCEAE276C83152DBE7AE2020A66929CD9 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
15:47:31.0594 0x12b8 GPIOClx0101 - ok
15:47:31.0653 0x12b8 [ E50CE978F571B900D9A7E2F1C5BCC070, EA14873A5F1B700D7CDBE55B9D214DC457262866A90D80B3E8325A8EB7932CE7 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
15:47:31.0684 0x12b8 gpsvc - ok
15:47:31.0700 0x12b8 [ BA2455D93BD57989A04FE4094AA6F941, B579FB367C063EA30C034381148410D49D38E183A5A4D51D2334A81DAEE95CEC ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
15:47:31.0700 0x12b8 GpuEnergyDrv - ok
15:47:31.0746 0x12b8 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:47:31.0746 0x12b8 gupdate - ok
15:47:31.0746 0x12b8 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:47:31.0746 0x12b8 gupdatem - ok
15:47:31.0762 0x12b8 [ C277A49F8A8295840DEBC9240B75A282, 8B2BA0E6A8300323765D95ECD843105B0FC4B80B85EE2220E677C4E9A760C9D8 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
15:47:31.0762 0x12b8 HDAudBus - ok
15:47:31.0778 0x12b8 [ D5A57EF4822A0388352FFF9F5CD53495, 509F365386859157E9078821FAA56D2A3C0BA296CA129E0D42453428A14687A5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
15:47:31.0778 0x12b8 HidBatt - ok
15:47:31.0809 0x12b8 [ 39575B53EB80C77FF2A3F1449D00B7F5, 37E66B38BACE00AFEF7093F990A234399D8451A9D2C2C8CBECAB69C664E63EA6 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
15:47:31.0809 0x12b8 HidBth - ok
15:47:31.0825 0x12b8 [ 35C3B602664116E737FF729F9A7156AD, 7A3C5CAD716E819CC53405971F3ACD135BCF023EC2228C1095E2116BCC384E62 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
15:47:31.0825 0x12b8 hidi2c - ok
15:47:31.0856 0x12b8 [ C4ABE526BBF2A18E8AF70177FBAD9C6E, 4DA06B563A08AC15D949F4599F73F172B3BFCB5D23B34240D1E2114438A11929 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
15:47:31.0856 0x12b8 hidinterrupt - ok
15:47:31.0856 0x12b8 [ 348416C7D7EB05BC3099FE2F2B27985C, F30E8682E9DD731A1AD7328FB8A48A2BB7D6E52780AE1FDE839D26E84B4FA7B5 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
15:47:31.0856 0x12b8 HidIr - ok
15:47:31.0871 0x12b8 [ 5576DF399CF2D3B63608F7F282151249, 04939E79B8B8035547CE6FFE9001252CA810BAD46D8DB75FF5C13EB10EEB5C57 ] hidserv C:\WINDOWS\system32\hidserv.dll
15:47:31.0871 0x12b8 hidserv - ok
15:47:31.0887 0x12b8 [ 01F732724AF6EFE69886DA95A4E51820, E048A480F9396418BDE9659596E7EDA5FF97D3CE029D186048609B47575BEAE1 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
15:47:31.0887 0x12b8 HidUsb - ok
15:47:31.0918 0x12b8 [ 7433A8D28EE11A661C7A45AF28BA7987, 8A73DB423924E84CD3629BF6C7298CD093D2437B73B3F4520D39330923DDA2D6 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
15:47:31.0918 0x12b8 HomeGroupListener - ok
15:47:31.0965 0x12b8 [ 3FDBFBE5AE639996EB8D482C16BA7EA9, 7E48304818AABB4C5B0CB7FD32D96D6F90F4180AB0F668A2FE653A7097A40673 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
15:47:31.0965 0x12b8 HomeGroupProvider - ok
15:47:31.0981 0x12b8 [ 3844CE7DD23530CAD59D8CABA57CCB05, A44BB60686A0E98FF370D9DED5B32C3F34F0352ACFA3B3052BA4023922B53DB7 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
15:47:31.0981 0x12b8 HpSAMD - ok
15:47:32.0012 0x12b8 [ CA6EADBB8731CA27BDA4037BF290AC14, 31EC9397D55D4EEC416AD722134E2D6B5D14E46D2150CB94889C4BFDAACBF421 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
15:47:32.0028 0x12b8 HTTP - ok
15:47:32.0043 0x12b8 [ 8841D927EB1F7FFC8B1805BC0CF190ED, B063E686380EEF582CF736E33751812F0041C593C7F30EE97D13DEDC9B246AB5 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
15:47:32.0043 0x12b8 hwpolicy - ok
15:47:32.0059 0x12b8 [ 53436C3835E80F4421652A67F44D6313, 8731091945A839713348DF3060A4C96033874E2B3DC7E099BEEC8C65B07F98CF ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
15:47:32.0059 0x12b8 hyperkbd - ok
15:47:32.0075 0x12b8 [ B2DC6C2F313EBB967B556B4E73A75451, B1816A0AE15705F0325F167EA76166779607D6086EC36A4A960E3BA47B4EBC4B ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
15:47:32.0075 0x12b8 HyperVideo - ok
15:47:32.0090 0x12b8 [ D4CDEE4A62BDFFF6E8558A9552148EA7, 55306786CB45082AE374937EBA256FF9CD640BB2E8C19DC6C704489D4743F5CC ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
15:47:32.0106 0x12b8 i8042prt - ok
15:47:32.0106 0x12b8 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
15:47:32.0121 0x12b8 iaLPSSi_GPIO - ok
15:47:32.0137 0x12b8 [ F1DF87463AC308047B089E9F0456B4C8, DFFF3C63D3124C2B879B888104042406FE326D4E7C8C1881A269BD4287B9CD33 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
15:47:32.0137 0x12b8 iaLPSSi_I2C - ok
15:47:32.0168 0x12b8 [ 9FDD4763A115D04F565C38183DE4646F, A8B0653E7C5F5B3CB2A1B642F502269FB1BB1E35DBB1CBABDBDADF92C9815727 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
15:47:32.0168 0x12b8 iaStorAV - ok
15:47:32.0200 0x12b8 [ 4E69EE8F8E5DA036535D433C544AF9E2, 2ADE9B97CE1C19FF984D8BB99CF31415872C2D9628864BD78C0E44D21CC94EE3 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
15:47:32.0200 0x12b8 iaStorV - ok
15:47:32.0231 0x12b8 [ 15C59DF20F74A0C2C764B991FED7F4A5, 6E9804775E815F32A4D73C346E627D64A3096525E78FAE3B6E43CFECAE270428 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
15:47:32.0231 0x12b8 ibbus - ok
15:47:32.0262 0x12b8 [ 88E6A429944544346EC3AE1FD7D24BCC, B6B8D51E5491C91D2FCDC77C1D82A5168B0C860252208E1B4612D8D5C19401AD ] icssvc C:\WINDOWS\System32\tetheringservice.dll
15:47:32.0262 0x12b8 icssvc - ok
15:47:32.0262 0x12b8 IEEtwCollectorService - ok
15:47:32.0293 0x12b8 [ 6F9C31435DD3E3D3BC247212EA144EBF, 05C4A0BD4BABD27783CEFEE6108C1A05911A212189233F09AF1A56BDC60F60F8 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
15:47:32.0309 0x12b8 IKEEXT - ok
15:47:32.0418 0x12b8 [ C2F868881D48A568B525255F084EF063, EFB1704AE223CF886EDA5F1411C8178EDE4B5E1F7EE373E3DA89A6EA1A57D91D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
15:47:32.0481 0x12b8 IntcAzAudAddService - ok
15:47:32.0543 0x12b8 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:47:32.0559 0x12b8 Intel(R) Capability Licensing Service Interface - ok
15:47:32.0575 0x12b8 [ 498759139F71142888CF7EFA1ABE18C8, 9CD0CD748B143F947B4DEDE39344A8C284717CC8AC97E25827EB73CF10831419 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
15:47:32.0575 0x12b8 intelide - ok
15:47:32.0590 0x12b8 [ DC270DDCDDC2EF65D484A65CC5166222, A88BEAD819ABEFE28B6F9A10586ADCB0EE2A5ED9273F176E9313750609C7892F ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
15:47:32.0590 0x12b8 intelpep - ok
15:47:32.0606 0x12b8 [ B4D9C777762B1F7356958B9C0AA93BEB, F11B07FE939A107AB4EED4857854DF269C2D86A80C8507C8B1E95F7805975EDB ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
15:47:32.0622 0x12b8 intelppm - ok
15:47:32.0637 0x12b8 [ 22BD83268B80A8C89AAC0BDF46E4EB5D, E7DC0C2E4104B51EA545BA8D0CFF11FD6A15BFD8EE16E546E8FC220853402CB3 ] IoQos C:\WINDOWS\system32\drivers\ioqos.sys
15:47:32.0637 0x12b8 IoQos - ok
15:47:32.0637 0x12b8 [ A49E47A6E1429123F46A7CA9C05AEFC1, FFD68CA46DFAA4954FD76145808E2C74BDC34FFD6979BB3FB6A3EE4DC33CDC78 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:47:32.0653 0x12b8 IpFilterDriver - ok
15:47:32.0700 0x12b8 [ 8FBA61B7CB44F136226BE3B346FC6D19, 2190A523AC948B18C2C7B6DC96ABB654DAB471AD5E5E13F79899416E91777AED ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
15:47:32.0715 0x12b8 iphlpsvc - ok
15:47:32.0731 0x12b8 [ E0C276985AF968CE295B8E09C121321F, 07B54165E80D4254C29A6CF00CC634E70F190EF0EB8EEF73EC14F38B841087A5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
15:47:32.0731 0x12b8 IPMIDRV - ok
15:47:32.0747 0x12b8 [ 5D3744E6FDEC1A6FB3FA9B1DD4AF0694, 209BE9FC25C8BF8CE058B7E993B6A902B881380DADC69F5208733077DA7F4382 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
15:47:32.0747 0x12b8 IPNAT - ok
15:47:32.0778 0x12b8 [ B18202D72C0EF4B53CEC6F59E3E1B955, 6DA244E6485372C16CF0B38838DC90B48079A85F5D22B0F2F197C8DA37F0A293 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
15:47:32.0778 0x12b8 IRENUM - ok
15:47:32.0778 0x12b8 [ CD04CBCCCB4C0E4BB06B98E0F45C888A, 106B3E823C188BD14328F2BEA28559D2F637C270064B2FD214522FAC4E616F4C ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
15:47:32.0778 0x12b8 isapnp - ok
15:47:32.0793 0x12b8 [ 5D90E942C94B20E0F321015C0ABF3EEA, 4110551B172D4A5524DD857D7CB65FAF2594310BE7883D5641BC0DF5EF49C82C ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
15:47:32.0809 0x12b8 iScsiPrt - ok
15:47:32.0856 0x12b8 [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:47:32.0856 0x12b8 jhi_service - ok
15:47:32.0887 0x12b8 [ 4192DFE6CA143C0AD8AF42C51A82BECA, 31FB3A261D0D5241CC87EF7DFF8BFC1A1EACE8CEC42138918EC5958DAEE100CD ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
15:47:32.0887 0x12b8 kbdclass - ok
15:47:32.0903 0x12b8 [ B63C0DB341DCB46CF7AA259333A737DD, F1B43BA68707F3F99CD31AB2035F5E86CD967AE4E5393928C69861785E960872 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
15:47:32.0903 0x12b8 kbdhid - ok
15:47:32.0918 0x12b8 [ 53C79A7FABDAAFD11EAB31963FB2CED7, 357418645DDCEFA5546AE78EDCAE86D50928710CA7A3F65F01CF721AADA36623 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
15:47:32.0918 0x12b8 kdnic - ok
15:47:32.0934 0x12b8 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] KeyIso C:\WINDOWS\system32\lsass.exe
15:47:32.0934 0x12b8 KeyIso - ok
15:47:32.0950 0x12b8 [ 1E99B26BDB9B9C9BC775ED4543558560, 890870A6737B4910735D1B23F714AA73FCCD1C131D135FACBA6909F06D31B3FF ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
15:47:32.0950 0x12b8 KSecDD - ok
15:47:32.0965 0x12b8 [ 6198A79011C67497B324798B3D4272CE, C587F7D86837550D07918F6AACF26BF65EBAF7FF57475DC9196B4D011E83AE47 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
15:47:32.0965 0x12b8 KSecPkg - ok
15:47:32.0981 0x12b8 [ 503597D9B72DBD9998F722F12A51ACFC, 9B3585282191163AA70243BAD921ED8725A98454E0D3879E0F671E0E4F56AB4F ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
15:47:32.0981 0x12b8 ksthunk - ok
15:47:33.0028 0x12b8 [ ED5AE20C27F27F293C6C61AEC9881054, 4D5BE394D129BD559B0A9D237F3F59CB3D24C15ABDD97AE2E64931D6B9D14FF1 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
15:47:33.0043 0x12b8 KtmRm - ok
15:47:33.0043 0x12b8 [ 50AECF8C21AB2A6428A6E1E10549D8E5, 6BC7C60CF5E8AFB9972619EE1C78357756E9C0A3EC783C3056CEB600DCBB1555 ] L1C C:\WINDOWS\System32\drivers\L1C63x64.sys
15:47:33.0043 0x12b8 L1C - ok
15:47:33.0075 0x12b8 [ C529DA0AD5A21878E318801B024AF8E7, A14E8ADCA33C37B1D256CB4926A19F56D2D19B94EDF314A4ED34A8B5AB62CA5A ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
15:47:33.0090 0x12b8 LanmanServer - ok
15:47:33.0122 0x12b8 [ D6D9F4CAFD3F1A7E30AD02E508552CD2, F0D225E5951CFE1D8349F634CC91BDD5B3F9DCF6233CCB965E99BFEAFE642265 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
15:47:33.0122 0x12b8 LanmanWorkstation - ok
15:47:33.0153 0x12b8 [ 24881F16D2829764681F5FAE7B86D7D3, 290348CFAF3165847E4B53965D22E9D417EE20FFD23293B5C1855C57E6328599 ] lfsvc C:\WINDOWS\System32\lfsvc.dll
15:47:33.0153 0x12b8 lfsvc - ok
15:47:33.0184 0x12b8 [ 6ED675774BDC3735AB6DA12D29F825CF, 4317C7CF491F4E806975E7A973CFF11CFEE9E94730DDABCC67C3D693691DDDE5 ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
15:47:33.0184 0x12b8 LicenseManager - ok
15:47:33.0184 0x12b8 [ DB789F57CE94C827FBFF709CA5ABD29E, 4CA4DD079A63649C36F76A31C4081F11F5CF6574AC573B63EF930DB19B1D1C95 ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
15:47:33.0184 0x12b8 lltdio - ok
15:47:33.0200 0x12b8 [ FECBC6C4981772E5D0F517B34A5496EE, 15DB097BFB221B91E580E5CD1DD6B34A9A2C78A1A6FCE4162A855BB4AFE673E9 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
15:47:33.0215 0x12b8 lltdsvc - ok
15:47:33.0231 0x12b8 [ 24C87BDC66AB192FEB273BEE5FD5AA38, BFAAE1F2450DEBD1A14877C046C6EBA91014DB0B5D0FB95EC14CB714B773B3C0 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
15:47:33.0231 0x12b8 lmhosts - ok
15:47:33.0247 0x12b8 [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:47:33.0247 0x12b8 LMS - ok
15:47:33.0278 0x12b8 [ 3BB39166E446D456C277C17DFEA3DAC6, 1A08E1D017BBCE91E508D876835FA7AD2DA0859A8CFE8F8F31B4F12B48E2573D ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
15:47:33.0278 0x12b8 LSI_SAS - ok
15:47:33.0309 0x12b8 [ 25CF625E46307A5D6674C8DFA1A289AA, 1D00EB70B6B0157013A7C15EF194F51B8596612066EF31B337D8134D6BD0BBBE ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
15:47:33.0309 0x12b8 LSI_SAS2i - ok
15:47:33.0325 0x12b8 [ 722C52B12EA4C198D56994934C9DDAB6, 5F4AB818251C770821BAF41C19B1C483A31CCC28EB96F2084D4092E33EAF906B ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
15:47:33.0325 0x12b8 LSI_SAS3i - ok
15:47:33.0325 0x12b8 [ 3371FF1D5D745C3306C6A2C4E99C25A9, DD6F0099001501BAEDDF8411FBCD930BD6472662D209199249203CB2FDAA23FB ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
15:47:33.0340 0x12b8 LSI_SSS - ok
15:47:33.0356 0x12b8 [ E2EEF074F5260378F9AAFBCD592319A3, DC56674A08FA03FA7AF7DD8B3CC55D8324D1CB51546092A990A935FF9AB48A3C ] LSM C:\WINDOWS\System32\lsm.dll
15:47:33.0372 0x12b8 LSM - ok
15:47:33.0387 0x12b8 [ C692B9C0352315417CF49FFA664957A3, C2D4F9A936B809889F7C51FE48214A1923175913A6C5D0B72D3BA469214B5174 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
15:47:33.0387 0x12b8 luafv - ok
15:47:33.0419 0x12b8 [ 6A4C75FD28F60062FEA3DF3B15D956C0, 4FC58F3320D33BDACCF759A50C623A3E58E4320749E6691B397DF0C8EAAA8A6F ] MapsBroker C:\WINDOWS\System32\moshost.dll
15:47:33.0419 0x12b8 MapsBroker - ok
15:47:33.0434 0x12b8 [ B2ED9A7A5587A128A0EFD0DBE7662E95, 63070AAFD44E3CD2A4B262DF27222B103455A4D8C2E45914502BFA03D84D32C9 ] megasas C:\WINDOWS\system32\drivers\megasas.sys
15:47:33.0434 0x12b8 megasas - ok
15:47:33.0465 0x12b8 [ 083F71488E6780A67290273180256EA5, 5F43CE66F5A48850BABB70F4D219FDD002F9BC2B2F0E58E66FE2C492AA335E50 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
15:47:33.0465 0x12b8 megasr - ok
15:47:33.0497 0x12b8 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
15:47:33.0497 0x12b8 MEIx64 - ok
15:47:33.0528 0x12b8 [ 5907A10D46747A2B6DBFD6A198254DC2, 6C283E9DC75C7ABFD270D6FABBF4F54628A1786E7CE2F603BF664CBB9E4FE583 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
15:47:33.0544 0x12b8 mlx4_bus - ok
15:47:33.0544 0x12b8 [ 91ED6F0EDF4158D63C52194F17D4F42E, ACF543978E253650C167C6C370699AEA7340EBCECF7CAB904CBDD334D1BD6928 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
15:47:33.0544 0x12b8 MMCSS - ok
15:47:33.0575 0x12b8 [ 2C4CC9F6ADBED5A6D131FDB97A78FF68, 04DC76E3F0959C0A9B00DF2133B075194FB7DCBD76832B9D25B0E37223D300DC ] Modem C:\WINDOWS\system32\drivers\modem.sys
15:47:33.0575 0x12b8 Modem - ok
15:47:33.0590 0x12b8 [ D8DB13529C8AD6FBAF8E2F382024374F, 13025035C479E2EF76EDCB90D83BE65B4ADD9F7000AD31FEAD628D5DDFE69158 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
15:47:33.0590 0x12b8 monitor - ok
15:47:33.0606 0x12b8 [ 2DAAF1EE1C30F2FCF59851A64ADA0422, 08CD801E63E2862DE058CD732C3DB3D87B1A2898732365440E3F8919932E96FC ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
15:47:33.0606 0x12b8 mouclass - ok
15:47:33.0622 0x12b8 [ D30FE074503283829ED194BCAE6239C3, A3A127381ECC798417D01F6B8A1894EED7D71989047BC4D1D74D0E7C8394AD65 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
15:47:33.0622 0x12b8 mouhid - ok
15:47:33.0622 0x27b8 Object send P2P result: true
15:47:33.0622 0x27b8 Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost
15:47:33.0637 0x12b8 [ D5EC9413527B286CFEEB0294C53ABB95, B094C611F5A7E33D2F8667B2A4D6260E1D57BD135867F984EE5B674C7EE72B95 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
15:47:33.0637 0x12b8 mountmgr - ok
15:47:33.0653 0x12b8 [ 989A1BBD9C49B107B4A47D06E6827A69, 62D90B22AE13AC84324DFD5FEBA595813AD07469B7FEC41380CE223D93020CCA ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
15:47:33.0653 0x12b8 mpsdrv - ok
15:47:33.0715 0x12b8 [ A0DBB9386BEA8DA1A159C2A2E07081A3, 9D3F26005A76A72F9512F040D45C16124D17F8C8DA45C51FFAF74F066357D0A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
15:47:33.0731 0x12b8 MpsSvc - ok
15:47:33.0747 0x12b8 [ 5B37FDC07159FE9F5F52399F7D78F60B, A0C20EB9A7918395A13A5E21917887DDC9897C475D33091B518354163CAE108A ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
15:47:33.0762 0x12b8 MQAC - ok
15:47:33.0762 0x12b8 [ C1E74DD1D84861D8F12FF8BC0BA11975, 5912A0455C840F5C8AD6383823C9C7DE6FF8B5CAF1B72EA181864999891EAF30 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
15:47:33.0778 0x12b8 MRxDAV - ok
15:47:33.0794 0x12b8 [ 1DF2C5FD2710A13B07E663A12F0E0EEA, 8EBCA9269F52A5CF602F5DE2B0C2AB2BFD82F415465DBB74C73D43F321D9FD46 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:47:33.0809 0x12b8 mrxsmb - ok
15:47:33.0825 0x12b8 [ 185932B1149BD707F8A13174CDAB365B, BC26CB10DD6E81A94477564444E91F76D47E685E897BD77B9C1393F0D31AB718 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
15:47:33.0825 0x12b8 mrxsmb10 - ok
15:47:33.0840 0x12b8 [ 99E24D4DBACBC569833B9A67710D65E7, 93BC765E7B6E19E83AFF783DE8080A80A1D69A406B496F1E36C47AE6E86AFB76 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
15:47:33.0856 0x12b8 mrxsmb20 - ok
15:47:33.0856 0x12b8 [ 6F8BE4FB6262012E61BBADB5444628DC, E87489207AA48106C08E4BADDD8D66D14BC9DD6AD2A4CDD880BA655932CDDE60 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
15:47:33.0872 0x12b8 MsBridge - ok
15:47:33.0903 0x12b8 [ 283BDF3602F442336DAF242BDD07FB98, 185F046B6AA24FFD1567F00AA70357C82002FF627E329CEF9B926645A6DDB172 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:47:33.0903 0x12b8 MSDTC - ok
15:47:33.0919 0x12b8 [ 7C55F1751CAC199680D4489D1EE46544, 967EC8137D321F6139C3382D19A338FD97A3023EB654747AC57C2008BE4AF677 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:47:33.0919 0x12b8 Msfs - ok
15:47:33.0934 0x12b8 [ 988588C16A53C2581488C15FF18934BF, F021FD31163CB5C7012CF96EF642C5E551708C835039075268F4CBED002D441D ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
15:47:33.0934 0x12b8 msgpiowin32 - ok
15:47:33.0950 0x12b8 [ 09622DBC24D0178F15DB8461BB6970DF, C0B3F9B2219AAF87E417EE9FF54C64B8AD9944E101EA79B5DC81D99E8C2ECF30 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
15:47:33.0950 0x12b8 mshidkmdf - ok
15:47:33.0965 0x12b8 [ 34BB07495C0159BE4189841E16F3BC2F, 264B5735D9A68C85BEDE363D4C0AE1FCC381B39EA884B4BAEE185EB8A873184A ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
15:47:33.0965 0x12b8 mshidumdf - ok
15:47:33.0981 0x12b8 [ 7BF3F0DA362C053918F5F2EC43CE39E2, AA773FA3F83C0C572160D3D0286A697DC628FF4F3655EF21D01C6D1B7BE5DF1C ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
15:47:33.0981 0x12b8 msisadrv - ok
15:47:33.0997 0x12b8 [ 669DA2006C0B9D882D2014617E1E88F5, 090F558818806CAEF6C81D369F8BFFE4A8240295EF37CAA7102A18F4CD20D868 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
15:47:33.0997 0x12b8 MSiSCSI - ok
15:47:33.0997 0x12b8 msiserver - ok
15:47:34.0012 0x12b8 [ B2D0FD21FE67D6434769CC6F7A7883CA, B2368BD72952C6EE6DAF1AA006DF575A3019E4721BEFB108D3DF1B9E07B2BC5D ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:47:34.0012 0x12b8 MSKSSRV - ok
15:47:34.0028 0x12b8 [ FB3801F176376286A3F8F20FFB8CDC53, EEF89081665B9BBA93AE9F5912C40C1698E8BA8DBBCCC3BBE0BAB5A86B7E05D4 ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
15:47:34.0028 0x12b8 MsLldp - ok
15:47:34.0074 0x12b8 [ 85EBF0A28B8B132B67C84C6CE5EBAC29, D0012CF4822A3D16F7BF61C94C5650DC1ED310A0DD1A3333465D28C73D40ECDB ] MSMQ C:\WINDOWS\system32\mqsvc.exe
15:47:34.0076 0x12b8 MSMQ - ok
15:47:34.0092 0x12b8 [ 8CBDF0E7A6CD824352F37A682A33DF7E, 4567FF4C73648FF26EA68EAE2B524B767099789086C158875C97768C77B81359 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:47:34.0093 0x12b8 MSPCLOCK - ok
15:47:34.0103 0x12b8 [ 33E5B6261D69ACD4948A5C64B9D8F29F, 1D32340640312372E52E59AFB5DB872E6F9DFE3AC16B56F9D928AE230DA02B8A ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:47:34.0105 0x12b8 MSPQM - ok
15:47:34.0134 0x12b8 [ 557DF8C0DBBBF518AC395C6EB1B179AE, B294B5A7882C0C60D91FB853FC87505B6E7638D25E360FDAE002AEBB714ED471 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
15:47:34.0145 0x12b8 MsRPC - ok
15:47:34.0166 0x12b8 [ 0A29AFA668F5DD50482A98ECE70C77A7, 4C1F23B062361D97B1C8D864AB227E5F398F774A99B5E60A1149A4F78D5BEC20 ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
15:47:34.0168 0x12b8 mssmbios - ok
15:47:34.0177 0x12b8 [ 30CE30877FD5BFADE74FA27D7829BF89, B5EA1F8C91E75722DB1E3E2172C8607FEDBF35BDC4141258A3E6D29D8B0E193B ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:47:34.0179 0x12b8 MSTEE - ok
15:47:34.0194 0x12b8 [ 13D88C0B8A2FA001CD72D454955A6974, 19DD5C8BBD07B64F355737436BF702FFC209D84A8855D2224D3377E233D4BB34 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
15:47:34.0195 0x12b8 MTConfig - ok
15:47:34.0210 0x12b8 [ 00C7F0F06A0A48B9CDB6B3AC3BE288F0, BF469A2DDF495ACB9FEE9063C6680C95BCC8686682C9EDAE6D1893D4058E8AA6 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
15:47:34.0210 0x12b8 Mup - ok
15:47:34.0225 0x12b8 [ 8E237527CA260C71D39ED4081BDF3419, CA52DD174C756A404B1FAD3F2A70E50085C2820BF12369259F61DA649101A179 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
15:47:34.0225 0x12b8 mvumis - ok
15:47:34.0257 0x12b8 [ 48D0587A8302FD3302CFE6F59F7345B0, 26D48AF3F7FF4867E179347CD635055DEA9A751C6C61CE2C391A7F74FC0DC1DE ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
15:47:34.0272 0x12b8 NativeWifiP - ok
15:47:34.0350 0x12b8 [ B498A14133BD09AD0817590ACE4470AD, 14CCC922C6596C97A5CF580209C4AFB6138A8FFD3A0E60CD506810DFCBC43A1A ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
15:47:34.0382 0x12b8 NBService - ok
15:47:34.0413 0x12b8 [ 11BE8117653C542D264788A700AC5BFE, 87EAAC2DF62BB26619DA72950F5EE41DCA1DBDF93F098647F9D200D588F14003 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
15:47:34.0413 0x12b8 NcaSvc - ok
15:47:34.0444 0x12b8 [ 286C6276B2BA86F29A0F687D05466277, AC8551536F37717A0ACE4A260F5696D1276F7AC62F669E8F12AA158DD86F71A5 ] NcbService C:\WINDOWS\System32\ncbservice.dll
15:47:34.0460 0x12b8 NcbService - ok
15:47:34.0475 0x12b8 [ C55DA734ED2A831E0BACAAFA01CEB7FF, 9D989B03D07BBAD287B317D238691664B0694331D6A69B7A1AA3D8AB7D1323FC ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
15:47:34.0475 0x12b8 NcdAutoSetup - ok
15:47:34.0491 0x12b8 [ CF8296427834CF8BBB3EE1444C17362D, 6EFBE1F015DFFA0704C66DF5C88089DD5771E1542018E4AE98389CFF3D0B2309 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
15:47:34.0491 0x12b8 ndfltr - ok
15:47:34.0538 0x12b8 [ 616F40B897DA651221F86A1741E9609B, 22D66029726313D92FC8E074BCC51C1E1560CB5FE36DCB735E7E063EA53E299A ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
15:47:34.0553 0x12b8 NDIS - ok
15:47:34.0569 0x12b8 [ A0719D1EBA971DFC5DF5F7CC010385F8, A982487D3A74E66F3C29AAA5B46CE9A0969F07F267DDEFE58C58573573AB0024 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
15:47:34.0569 0x12b8 NdisCap - ok
15:47:34.0600 0x12b8 [ 0C557932CCCC65AEB37326DD36504527, C0AF3066DEE4BCC32DB30CCC16B7A91442A8383BB36C7C4E3CC0A5EFE0FAAA9B ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
15:47:34.0600 0x12b8 NdisImPlatform - ok
15:47:34.0600 0x12b8 [ 56F9345D1945826135FBAB7589592B1F, 6BC2A5900076B917823C7392C582A2648D0C8000F2F65D309D5B48E36D4FB4D6 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:47:34.0600 0x12b8 NdisTapi - ok
15:47:34.0616 0x12b8 [ AADFC340939D99E5D756E713E1D452EB, EFEFDBB2188DE82C2C5E67929861B269FD4C127D34D1DE6D0596ABC33E2C2B51 ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
15:47:34.0616 0x12b8 Ndisuio - ok
15:47:34.0616 0x12b8 [ 312DFD787D99D3BF1427B0388BC04F71, C082CA1F332AD57FF2100748518D3D7B3D0F1B042F69BD7401C44B77AFE97462 ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
15:47:34.0616 0x12b8 NdisVirtualBus - ok
15:47:34.0616 0x12b8 [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
15:47:34.0632 0x12b8 NdisWan - ok
15:47:34.0632 0x12b8 [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:47:34.0632 0x12b8 ndiswanlegacy - ok
15:47:34.0663 0x12b8 [ 6E98F16983C4AE8703FF9F90AB4B31DD, BB8BD5DB4B5FB31F3A257747C27CBEFA4B7837EC5C0CF3D4F408E626E4003F4C ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
15:47:34.0663 0x12b8 ndproxy - ok
15:47:34.0678 0x12b8 [ F1B7CC77F412C8D45B2DDCF76EDA4F9D, 25F2AA76E675D9BCC0B1FD47AFEC6DF2D0B47E7B1C8AF6FB27C1ED2FB902961A ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
15:47:34.0678 0x12b8 Ndu - ok
15:47:34.0710 0x12b8 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:47:34.0710 0x12b8 Net Driver HPZ12 - ok
15:47:34.0710 0x12b8 [ 824FDC990A3F79069BE468A132EB6888, D09F7A9EC04E37DA504CE54EEC25C312B407B6A8B214CBB074BEB50DE420F52A ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
15:47:34.0710 0x12b8 NetBIOS - ok
15:47:34.0741 0x12b8 [ F0D791348AD254360CC3C3E501CCB745, E4CAB4D3C2CD3169731283B00DEBFE26438BB66A3F0D78BDB68E876A14FC7070 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:47:34.0741 0x12b8 NetBT - ok
15:47:34.0757 0x12b8 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:47:34.0757 0x12b8 Netlogon - ok
15:47:34.0790 0x12b8 [ 7C8A7380CBE45DFD3DF118D8601499A7, C137280B7696F8CF4258BDC8B241C66BB3AA5708C5410D85255E46C7E8284826 ] Netman C:\WINDOWS\System32\netman.dll
15:47:34.0795 0x12b8 Netman - ok
15:47:34.0846 0x12b8 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:47:34.0874 0x12b8 NetMsmqActivator - ok
15:47:34.0878 0x12b8 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:47:34.0880 0x12b8 NetPipeActivator - ok
15:47:34.0916 0x12b8 [ BBE9D72EFC7BD66B28309C3607683DBA, FC372EFBC650CE0BDB117858D840A1FB361947B1C67D1DD16BABA95D0286856A ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
15:47:34.0925 0x12b8 netprofm - ok
15:47:34.0947 0x12b8 [ 5D046D71B18BEFB2E4D164C3DEEDD672, 536834D020889973854830919B23DF22CC1B27236AFAEDEBDF42D432CE48FCDE ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
15:47:34.0951 0x12b8 NetSetupSvc - ok
15:47:34.0955 0x12b8 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:47:34.0957 0x12b8 NetTcpActivator - ok
15:47:34.0962 0x12b8 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:47:34.0964 0x12b8 NetTcpPortSharing - ok
15:47:34.0998 0x12b8 [ 46E862DA2CF8F351375EF537276B69B5, AC0FE0977E56380849DCE668AC0F5AF183AAB115ED84ADD964E390CC0BEDF6D3 ] netvsc C:\WINDOWS\System32\drivers\netvsc.sys
15:47:35.0000 0x12b8 netvsc - ok
|
|
01.12.2015, 16:07
| #10 |
| | Viele Mail Delivery System Mails, auch aus meinem Adressbuch Teil 2 Code:
ATTFilter 15:47:35.0051 0x12b8 [ 88CE4AC85F36B6347C1D820FA373B998, E10B5DF8883928A2062FC6180DE4CF0DE33C68622C2E3E4E1AFC56A0682F8E75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
15:47:35.0062 0x12b8 NgcCtnrSvc - ok
15:47:35.0069 0x12b8 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] NgcSvc C:\WINDOWS\system32\lsass.exe
15:47:35.0072 0x12b8 NgcSvc - ok
15:47:35.0116 0x12b8 [ EA1C2DAB8A63712B94897A58557B086C, 98DD7E5C84F3CDF2DAA89484892D6B439F5D14297B5243436925BEEAA0C02EE1 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
15:47:35.0125 0x12b8 NlaSvc - ok
15:47:35.0168 0x12b8 [ A328A46D87BB92CE4D8A4528E9D84787, D3245ED700151111592BA82FB675B284DA7FCE52B07A7F68352F64A402CAB37C ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
15:47:35.0173 0x12b8 NMIndexingService - ok
15:47:35.0199 0x12b8 [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] NPF C:\WINDOWS\system32\drivers\npf.sys
15:47:35.0200 0x12b8 NPF - ok
15:47:35.0211 0x12b8 [ 41557BE174E9EC6AC703A8A4ADBC6650, 8CF6DF3FDC3C7C44B32851538A67BF86A54AB6444A424D7A20B7A9A94B4158D8 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:47:35.0213 0x12b8 Npfs - ok
15:47:35.0222 0x12b8 [ AC3F70FCFBCE97AA2F12BA43EE13B86E, D0AC50FB022C0F3031531CEE210D47FC3244C6FB55FAAD4AAB04081F0A21DAE4 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
15:47:35.0223 0x12b8 npsvctrig - ok
15:47:35.0237 0x12b8 [ 0AF4872D3D6FD3A030E836DAC2B3EF2D, 03EE7B6FAFC0BB5C26793BC5FF8BD1019AC96B3104688009C1E062C3F4F34D6D ] nsi C:\WINDOWS\system32\nsisvc.dll
15:47:35.0239 0x12b8 nsi - ok
15:47:35.0249 0x12b8 [ 66A98C407085B8920DF1E6D722F1ADB8, 3FE307E4A9E41B08E0453507E50D6D0C67FA6F4245A863D90181463C749C83B5 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
15:47:35.0251 0x12b8 nsiproxy - ok
15:47:35.0303 0x12b8 [ 466EC5659C02ED53DBD47DC1BC2B8086, 1F35DE75386F7D029C01D67B09D5E5157141C6892858885C11972CE73D6078AC ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
15:47:35.0337 0x12b8 NTFS - ok
15:47:35.0337 0x12b8 [ 383E546EF4982262A0EF6CC2B6E9D525, 3C6C90B62E8EB094E6928C388E5081A3F73DF87B0F34F716B72EA7B6EF71FBB7 ] Null C:\WINDOWS\system32\drivers\Null.sys
15:47:35.0337 0x12b8 Null - ok
15:47:35.0368 0x12b8 [ 466F875F1D4C6ABB46AF28007009237C, 26F5A5579737A7CF2267F79DDE5A551149C682D5FD24663B53FCEC5AA6B448CE ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
15:47:35.0368 0x12b8 nvraid - ok
15:47:35.0384 0x12b8 [ 76F19EAE7A52CBAF7B8EC428BE6E0DA0, CF1E55D92FA32744A20AB75D466A3E05E6FACF4694F9265C41F5C27C1E7243DC ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
15:47:35.0399 0x12b8 nvstor - ok
15:47:35.0399 0x12b8 [ 0D0CB77D74B38E0EC62341C19E469D8D, A05D3CC67FEEB2FD219BFAA34BF98CB3F3718042124AF28F0E9FDFB9F132DD76 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
15:47:35.0415 0x12b8 nv_agp - ok
15:47:35.0477 0x12b8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:47:35.0493 0x12b8 odserv - ok
15:47:35.0509 0x12b8 [ EA3FFE8617B9FCA1620AD9876E92F4F1, 68D5143CA71D10A2BB44E29B3C76580596669D0624076BCF6CCBA7AF3140538E ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
15:47:35.0524 0x12b8 OneSyncSvc - ok
15:47:35.0634 0x12b8 [ F34655869378762CEEF159E82BE95C3E, 346211DEB3D9C1D4C0688F737BF154A75C986921465FAF04E8CFED48385E64E8 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
15:47:35.0665 0x12b8 Origin Client Service - ok
15:47:35.0696 0x12b8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:47:35.0696 0x12b8 ose - ok
15:47:35.0727 0x12b8 [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
15:47:35.0743 0x12b8 p2pimsvc - ok
15:47:35.0759 0x12b8 [ 3612CE3432E0A2BE0081E6B488ACF84C, F1A641735FD374CA293FB98FADA2C41E2033B17FECCA3B6D225D0E591AFFF413 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
15:47:35.0774 0x12b8 p2psvc - ok
15:47:35.0774 0x12b8 [ 38F1AE32339731F6E5A7281AE8042545, 308954518C45D29FC199525F0CC7FE4EA805322EC0B871DDDCBEEC15355514C8 ] Parport C:\WINDOWS\System32\drivers\parport.sys
15:47:35.0790 0x12b8 Parport - ok
15:47:35.0790 0x12b8 [ 707889D2F95AAE8C9DD254D8767AD908, BE7BD94728D7629F8B7567523FFB42B8979941CEA2EA03E11BFCD51CF119FC27 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
15:47:35.0805 0x12b8 partmgr - ok
15:47:35.0837 0x12b8 [ A09B0D8F9F0FC17EBCE6481AC9FD5CDF, 8E8D68992D98CF3DBC4B70C7902B3EC28A1E2DA8D4DB38F0AD9D52B1A5A1D40F ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
15:47:35.0852 0x12b8 PcaSvc - ok
15:47:35.0868 0x12b8 [ 2834089EA4E550FF3B96E61FB4AA34ED, D25DAB47F9778675E984E0738D2014024C2758D52D7E071167A12FF466B7898E ] pci C:\WINDOWS\system32\drivers\pci.sys
15:47:35.0884 0x12b8 pci - ok
15:47:35.0915 0x12b8 [ 3D587E4295B11B8480F7ACB09A89D718, 8C3BD62B3451E1B2E7197EDAE381785406DF86C03BEEC486602C642FDD37DBC1 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
15:47:35.0915 0x12b8 pciide - ok
15:47:35.0930 0x12b8 [ B8F07002B5F1DA23CFF979C2806B09F3, AD5C589A02BB8185AA070420BF30E78BC8BE3C6F9B0F66319A8CA05B70A5ED32 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
15:47:35.0930 0x12b8 pcmcia - ok
15:47:35.0946 0x12b8 [ FF588077D0C6AC2EA3FCBF1903CE08D0, 64BE1646FB6D8CC902B6F386255F7C0420E3C334E14DECD527DD541B43A1DCD6 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
15:47:35.0946 0x12b8 pcw - ok
15:47:35.0977 0x12b8 [ 70469C8AC4AD367295E70CFDD81B754C, 3EC6FD742C7C60363939E5343477810D751D91D32A2F24285976C08A7C4477AB ] pdc C:\WINDOWS\system32\drivers\pdc.sys
15:47:35.0977 0x12b8 pdc - ok
15:47:36.0024 0x12b8 [ 688F47C342E1BBC87A48AB71D316233E, CE99AB67C7E7A11AC69C2F4513AEBDACA385BA7F8CC49BE6313CE04ED404A0E7 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
15:47:36.0055 0x12b8 PEAUTH - ok
15:47:36.0055 0x27b8 Object send P2P result: true
15:47:36.0071 0x12b8 [ 189265498945593D5256CFF7FEBB9665, 9CB88CC3C726BFE6EDCE8D9E4544306AACD3FB9E969E3A438D9FD533F25C1281 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
15:47:36.0071 0x12b8 percsas2i - ok
15:47:36.0071 0x12b8 [ 9B86965114F6831A5130EFE6657B17D9, 4C5B657DB9A9F96BFD3EAFA756ED60D911EB58857C439F5FA6E495A473ED1145 ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
15:47:36.0087 0x12b8 percsas3i - ok
15:47:36.0149 0x12b8 [ 8A5A52C855FB5BFEF019AE9938AEA8AE, 77CB8A09B209DB5895319BA9D073A67148926E22C47836343050DFC178AFAEEE ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
15:47:36.0149 0x12b8 PerfHost - ok
15:47:36.0180 0x12b8 [ 839BD56425530973FF3F6F7C0057CD22, 9BADF39BC4628409CFCD5F1300C6040C49B2ED72D0FA389C6BB042E5B17E1A40 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
15:47:36.0196 0x12b8 PimIndexMaintenanceSvc - ok
15:47:36.0243 0x12b8 [ 82FDEC2A262728F62F2111A84CC04B16, A1FCE38D4F55F10BB9B3BFB7D9E3EF7C27D499D9C8882218C8A9A73487798188 ] pla C:\WINDOWS\system32\pla.dll
15:47:36.0274 0x12b8 pla - ok
15:47:36.0290 0x12b8 [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
15:47:36.0305 0x12b8 PlugPlay - ok
15:47:36.0321 0x12b8 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:47:36.0321 0x12b8 Pml Driver HPZ12 - ok
15:47:36.0321 0x12b8 PnkBstrA - ok
15:47:36.0352 0x12b8 [ F1E9C35A8DFD4D64382CFB9019A950F9, 24E0381C6909F9876D6DC4697DC6405FE18DF91531891B2CCA6DB0191B9C6DF4 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
15:47:36.0352 0x12b8 PNRPAutoReg - ok
15:47:36.0352 0x12b8 [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
15:47:36.0368 0x12b8 PNRPsvc - ok
15:47:36.0399 0x12b8 [ 62C0BD179961132EF2C5B952210C11F5, 2473FBB3619D0DDA229D4BEC30CEFE7497C27ED3844A5B7655F6F2D328FEAF61 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
15:47:36.0399 0x12b8 PolicyAgent - ok
15:47:36.0415 0x12b8 [ 6390391EDFC43DD11CE9E6AADCAC20EA, C8BC222FFBB9E47489D16BB5248E0E2E594011C46CFF71F5DBCC4D5CC6788098 ] Power C:\WINDOWS\system32\umpo.dll
15:47:36.0415 0x12b8 Power - ok
15:47:36.0430 0x12b8 [ 1433EB7908E5E1E20FFD50E4126C3484, 34D81680C8F2F2C5892FC0E0A6DFCBB241AFF493267A1FE182ED28AE9F712456 ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
15:47:36.0446 0x12b8 PptpMiniport - ok
15:47:36.0587 0x12b8 [ 12E2582F69ACA40A6BAE91DA578CBF34, 648C6394763906AA4163976DA2C3308F8B706486D9D8F16258CB1D61C2929930 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
15:47:36.0634 0x12b8 PrintNotify - ok
15:47:36.0665 0x12b8 [ 22DE54C3974E4FD98F61D095C22C59B7, 64E78D6DEC4A28ABB0A23F2CF078459D81796EC79235AE45976ABB4F72B1D1E6 ] Processor C:\WINDOWS\System32\drivers\processr.sys
15:47:36.0665 0x12b8 Processor - ok
15:47:36.0695 0x12b8 [ 27D0B024BB356C6BEB1214B61E47DE02, 8CBDD62E243CC652F2197AE83DEDD21D91D2792558A6D7D1CC680B37607DEF4B ] ProfSvc C:\WINDOWS\system32\profsvc.dll
15:47:36.0700 0x12b8 ProfSvc - ok
15:47:36.0715 0x12b8 [ EDD52C352CBAAAD13FD7BD5DCEA309B3, EC7D294B23FD5C309E5C4C455896937B85DC615E1B36C9F8F3BDC90E75EBF9CF ] Psched C:\WINDOWS\system32\drivers\pacer.sys
15:47:36.0718 0x12b8 Psched - ok
15:47:36.0744 0x12b8 [ DD3FF2053356D11C785999BBC633F3E0, E9A5B7C657F4523E5DEF7AEE7ECFCC94E911FC65F1D491BEF01239F357B8D8E0 ] QWAVE C:\WINDOWS\system32\qwave.dll
15:47:36.0750 0x12b8 QWAVE - ok
15:47:36.0766 0x12b8 [ 51590F442C6E5D43244BA30DDB0CE79D, 9C7FD0A19753C13FD4A27EBFD60703A2414D5A2F6F451F0B32769C8D7C953980 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
15:47:36.0768 0x12b8 QWAVEdrv - ok
15:47:36.0780 0x12b8 [ E951E70019865B06126AF850BCCA2026, C590DE38C7603149AFA0271D57EEBAF956F18F50584FCF04BC2C8D8CEC5C5932 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:47:36.0781 0x12b8 RasAcd - ok
15:47:36.0808 0x12b8 [ 0BF8607133AE264BC3C41A5BAA5FFB7B, 9A4F6AC6013AB5C2A99BCFC2CCF161DD225DE8D85D61579655ADBF04A4383A61 ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
15:47:36.0810 0x12b8 RasAgileVpn - ok
15:47:36.0817 0x12b8 [ FE0976379F9E7DB6F7945FCEB88C7E29, BA331CE55C02E86478714DA87FAC547B50D53BC7D02BCA5A64D484DED44BFAA5 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:47:36.0821 0x12b8 RasAuto - ok
15:47:36.0831 0x12b8 [ CA60F6C03611AF1710BC903ED9F566FB, B5C9E8BAC631738761E11168AB68EB1ECC5EC96BF9A8248B9127DCF744CA4691 ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
15:47:36.0834 0x12b8 Rasl2tp - ok
15:47:36.0852 0x12b8 [ 586A17C10D417D889F1FF7D8636E2F34, EEDA4EE8D2BC5C8C7756AB79F1F19AF8B1C4057996748FAE4E3F37844DB0EB33 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:47:36.0854 0x12b8 RasMan - ok
15:47:36.0870 0x12b8 [ E5FA41160F5A3D78D8F7765E5C5F6BB0, 31BA423FFFC3206717DC34B482149421EE28B27A4A3BA2DC78C3B3A9EE0C1365 ] RasPppoe C:\WINDOWS\System32\drivers\raspppoe.sys
15:47:36.0870 0x12b8 RasPppoe - ok
15:47:36.0886 0x12b8 [ DF0834AE921E633E05D1FDC55C318957, 851A00961224DACBEF9DA427122F6B4B73BB99849D5ECB55DBBD311B2EA84C33 ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
15:47:36.0886 0x12b8 RasSstp - ok
15:47:36.0901 0x12b8 [ FC9B7AC6E2B837EF7CD6C64F7068D41D, 9B0DD842033E82BC7EE80416A62B084BF5200923EB7A6C80415BB28004E9B5E3 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:47:36.0917 0x12b8 rdbss - ok
15:47:36.0917 0x12b8 [ FB7375657F8A5932C35EAA45E9B4B416, 99594708BFD6DC9F8CECBF092058D4D0D4F1BC3204E86F9FDAD5207ED5ECF194 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
15:47:36.0933 0x12b8 rdpbus - ok
15:47:36.0948 0x12b8 [ A32AED8C644734B283A7C9D08D76064D, A12F67C57E43B6A2FE6449EA3822B1108FE70C66AF9911798777F85D760E384C ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
15:47:36.0948 0x12b8 RDPDR - ok
15:47:36.0964 0x12b8 [ 37CC7E41243EFBB4FBC0510E5CA32A02, 634E2F81D61F937F30E5ECE01FB581E090C6DA073EF7B1A3F6083ECAF363CB46 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
15:47:36.0964 0x12b8 RdpVideoMiniport - ok
15:47:36.0995 0x12b8 [ DAF957B25A35757E9D814611FAE8FE3B, 5244A427B2DEB5349B9F336A4A39A6834A6E8118A8EDA00738C6CE09F2452C24 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
15:47:36.0995 0x12b8 rdyboost - ok
15:47:37.0042 0x12b8 [ 2C72E029C153D25325CA182A669E4ADE, 5CE0E04A6B53A1F11E8159DFD1E59F2AE6631E3B5BD27BAAEC4A35BC02A55722 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
15:47:37.0058 0x12b8 ReFSv1 - ok
15:47:37.0089 0x12b8 [ BABEE4A896D005BD0D205F1C932DA25E, 269FDF65BE3A226FA2A5CA25085366E32ADAD30A020484FE844962E8C61CB1D2 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:47:37.0104 0x12b8 RemoteAccess - ok
15:47:37.0136 0x12b8 [ 066062967A77867BDCF665960EFDAD32, 68143DBDFA7C68786C22F5CC4E80200255C663A844069C080E7816F423ABB1F4 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:47:37.0136 0x12b8 RemoteRegistry - ok
15:47:37.0167 0x12b8 [ DF84555A734BA2BDA55BCCCC47095ADD, 639814A7F5B758792FE6D84E3FF312F9CE9DACB21B93EA43394DC7A04526CB81 ] RetailDemo C:\WINDOWS\system32\RDXService.dll
15:47:37.0183 0x12b8 RetailDemo - ok
15:47:37.0214 0x12b8 [ B60F58F175DE20A6739194E85B035178, 6E66D6041AF0B69896E4556F9FF3A3AA70CF4B09FFBE68E14E60313C5E3FFDDB ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
15:47:37.0214 0x12b8 rpcapd - ok
15:47:37.0229 0x12b8 [ 6451FE42C35FDE3862D99579444F4A8F, BD56A1120AACF6143E6EB739E12BEE86DF142F1159865608BDF1BBE54B66AFCE ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
15:47:37.0229 0x12b8 RpcEptMapper - ok
15:47:37.0276 0x12b8 [ F24131EAD1D0B73463052BB042A37B6C, 43B5772310B200DF1914C8E4D10401A0BCE9082BDEAC34736AFB2920B39D7956 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:47:37.0276 0x12b8 RpcLocator - ok
15:47:37.0308 0x12b8 [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:47:37.0323 0x12b8 RpcSs - ok
15:47:37.0339 0x12b8 [ DC66C1D262D64E30A30B68E9F21AC74B, A5ED3D31BCD68DBC00A956787517ACA167C86F5FFDAF7C9A85505FA2B705C6CB ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
15:47:37.0339 0x12b8 rspndr - ok
15:47:37.0370 0x12b8 [ C20F64FCD5E2B40310A1774495877ACD, 459E337266EE510E67C5065D2CFDA6804BA5BAF82A4B6E43E80238C86269770D ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMIVX.sys
15:47:37.0386 0x12b8 RTHDMIAzAudService - ok
15:47:37.0401 0x12b8 [ 88F7703F2A4677C828124AE2110D3EBC, 529F6A5815806F2EA2235802BD28AF8D7A40E7799356BD3EC337C9E71B6B53E6 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
15:47:37.0401 0x12b8 s3cap - ok
15:47:37.0417 0x12b8 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] SamSs C:\WINDOWS\system32\lsass.exe
15:47:37.0417 0x12b8 SamSs - ok
15:47:37.0448 0x12b8 [ B467E932FE4E16E201DC7E56870CB559, 6FCE9A2DFC5D222BBEA4AA271A17B830FCF8EAE44B07BEE5FF34AE50CABCBB6A ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
15:47:37.0448 0x12b8 sbp2port - ok
15:47:37.0464 0x12b8 [ 3E115C63649402D321D396F8D606C9B0, F4BA7FE0E89D563A57B6865E4CF1334998987D11A0D70FF7491726A507B40DF4 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
15:47:37.0479 0x12b8 SCardSvr - ok
15:47:37.0479 0x12b8 [ 67EFFD3D1BB6D2B67DF7F8FDCB1A51FC, DE41539FAC730F5CFF6C8754ECFF1253AFDC1C86743AE71B61D716B7A84E85FD ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
15:47:37.0495 0x12b8 ScDeviceEnum - ok
15:47:37.0511 0x12b8 [ 31DDA0716EC265CA57DAF9D2295FD76F, E6F39C1B3CF81918277DB8C6E3DF9A82812E1C9063DEB1FB85FE433DC9A16CBA ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
15:47:37.0511 0x12b8 scfilter - ok
15:47:37.0542 0x12b8 [ 1BFAC03B6422E878EFCDA934BF4C4823, 0BA537A4B9E8020E6B709A44F1382DB3B41CEF631B847201F812152FEB303CD3 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:47:37.0558 0x12b8 Schedule - ok
15:47:37.0573 0x12b8 [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
15:47:37.0589 0x12b8 SCPolicySvc - ok
15:47:37.0620 0x12b8 [ 004C66464D8FE76D5DA78BE6777D61AF, 58B5C436798EEBBE7081D54B55B70DEB15331856802CD45E3FF8BDE794F06A27 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
15:47:37.0620 0x12b8 sdbus - ok
15:47:37.0636 0x12b8 [ A906C527B838A4922611C63EBD250F91, 6BB0054A9C2408138BDF49D834FF99B5B9764E7747ABC15016F54FBA1D28394F ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
15:47:37.0636 0x12b8 SDRSVC - ok
15:47:37.0651 0x12b8 [ F4BF50A7D16A97A887BFA0F193693C42, EEBF5AAC149C72F490BAC954B25BB6882B10FC38F93CA4F4829A06702B1ECEF9 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
15:47:37.0651 0x12b8 sdstor - ok
15:47:37.0667 0x12b8 [ 648A299839E8F48A946C41DE270D28F5, EEC9A5FCBE3FF78FB5E0452FF1932A8B0C7399688041E22555703CB1977A4428 ] seclogon C:\WINDOWS\system32\seclogon.dll
15:47:37.0667 0x12b8 seclogon - ok
15:47:37.0683 0x12b8 [ 29452A9DA3E3482F0C2963312F979053, E1782D36C336C4B4C261AD665C1E9051905AA86020E08FC94069972AF4C4DB4B ] SENS C:\WINDOWS\System32\sens.dll
15:47:37.0698 0x12b8 SENS - ok
15:47:37.0729 0x12b8 [ 919BA7E3054E4F1D61A3524ADCE6A970, 3C382673DF5AF2F38A5AE4A268F5856B0CC9E65D52213DE6D2C06E252753B73C ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
15:47:37.0745 0x12b8 SensorDataService - ok
15:47:37.0776 0x12b8 [ 01C2EEA7870FE26A4A6CCBA5421CC7E5, 9E643AB6BCBECE4F2A5FD4C96547A4E3F2BDFEFC5FE24B802467718EC69929F8 ] SensorService C:\WINDOWS\system32\SensorService.dll
15:47:37.0776 0x12b8 SensorService - ok
15:47:37.0792 0x12b8 [ D2FEE824B4AA0BE377F1353E5F915BF4, 00D754C62F3482BBD0EA72C896139C39D15192B2D9FCC7B755D1FB9DF9FCFD9B ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
15:47:37.0808 0x12b8 SensrSvc - ok
15:47:37.0823 0x12b8 [ 9DB0BBE3ABE1F49651AE51EC5BCABE58, 0B46C1F231F41766AB73EE7E9834D3CDACA602D12E702D9277E28B47417D9CA4 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
15:47:37.0823 0x12b8 SerCx - ok
15:47:37.0839 0x12b8 [ C4AF79C37334D995D95C22C14FDBF7FD, 4D4985921261909F2123467A22EDB102B490710F60AB935624435E5BB808A0E9 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
15:47:37.0839 0x12b8 SerCx2 - ok
15:47:37.0839 0x12b8 [ FC541A272F47BE03E67A9FCB87FA8C3E, 730A3616FD67E9F2832442144B2655A8EF78B9AFCB204113E73E257256491354 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
15:47:37.0855 0x12b8 Serenum - ok
15:47:37.0855 0x12b8 [ 2A5F5F95FCA123DCBF53B5F603B64789, DE5C9E1D88B2C180B137DA7839F3EF6C936A171ABA49F89C10EE9C73A2226F3F ] Serial C:\WINDOWS\System32\drivers\serial.sys
15:47:37.0855 0x12b8 Serial - ok
15:47:37.0870 0x12b8 [ C8738887228B7BFA3B1A906816A8BB12, 328283569201791891D5E9FB3028DB5B9FD93A7BEFC00C7DEBC2CC5731DE64D5 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
15:47:37.0870 0x12b8 sermouse - ok
15:47:37.0901 0x12b8 [ B1CB58853153397DFFA2D13A81451D09, CC9B3B064711E9B5CB38DC1C84DC410033939848BD31BB0D12F990E8154F357E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
15:47:37.0917 0x12b8 SessionEnv - ok
15:47:37.0933 0x12b8 [ 67832B68752CDF7FDE56949E4A2E70BF, A72320EA8575A751DF86A1EE7969AD9D548D6185F2520197262E11B79FF8222B ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
15:47:37.0933 0x12b8 sfloppy - ok
15:47:37.0964 0x12b8 [ F10E5536E1C753E01CF19FA4F466CE90, C9897F22B176D84CA233F864078895E3DAD4DAD090FACBB01BD6E59EE337B47C ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:47:37.0980 0x12b8 SharedAccess - ok
15:47:37.0995 0x12b8 [ 4AC12D495B3CB4275F74C68A7A017561, DC53EBD606ECCD8BCF6D618C0EB58B03F5C20F09E0F0AEDE9B8082D6B208B19A ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:47:38.0011 0x12b8 ShellHWDetection - ok
15:47:38.0026 0x12b8 [ ED058030296CF9B79C8D48BF43724323, 01DC7C2590DF48116CD1A126F207FE5DE439A53286BAE3736E22EE3D1CA80BE3 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
15:47:38.0026 0x12b8 SiSRaid2 - ok
15:47:38.0026 0x12b8 [ 633D3D1581E9DCCD5A2D8F039104C9A5, C44B5097016C2AEC8B41F77425FE44413562F9DCF0C0C11CA69D8178970B4706 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
15:47:38.0026 0x12b8 SiSRaid4 - ok
15:47:38.0073 0x12b8 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:47:38.0089 0x12b8 SkypeUpdate - ok
15:47:38.0120 0x12b8 [ 35B8FC714C2E7F07F7DC7C64452153F8, 6D45EB01B5F972ED0E5520E771F007FFEE892054FABDB3DD00D3E9915D3A0A31 ] smphost C:\WINDOWS\System32\smphost.dll
15:47:38.0120 0x12b8 smphost - ok
15:47:38.0152 0x12b8 [ DE3A5C27EC842A113F68A2705FF63B00, B134EF63708A892B673B539F544F7980FF72838D822E8E4CCDDB359B22CB8805 ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
15:47:38.0167 0x12b8 SmsRouter - ok
15:47:38.0198 0x12b8 [ CD1056818A6FCEF4D32BD1D6E34070D5, F5BFB61ACB220A73B0DC4487B049F52E9F9FA2D4188C001E7A5838D47CEA6343 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
15:47:38.0198 0x12b8 SNMPTRAP - ok
15:47:38.0230 0x12b8 [ 187B4AD4446C59F8FCC4A10F473EE3D1, 0AAD961B3D7B3484DC89CB86F3EC96CEBFABB7224A5BFB48083DE8F1805EA7B4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
15:47:38.0230 0x12b8 spaceport - ok
15:47:38.0245 0x12b8 [ 2799FCA215919FDC9A87C5FCAB530828, BDE968BF26693AA4D70AB669896BCA49C6F533EA226386B35B0EA589A55227B5 ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
15:47:38.0245 0x12b8 SpbCx - ok
15:47:38.0277 0x12b8 [ 58C17D92AD61EC7A98B05F4FAD0D205A, B881134A1BD9194145A9D18BDB34D57E2C167F06C2A9368459D0C33E6E0D6501 ] Spooler C:\WINDOWS\System32\spoolsv.exe
15:47:38.0292 0x12b8 Spooler - ok
15:47:38.0448 0x12b8 [ 5C31E109943E67CFC801810C00AB63EE, 9A80D7CDA1135EBCE10E753986A59CFA3D8D49F9B0BE38FDF99880B1DD88C41D ] sppsvc C:\WINDOWS\system32\sppsvc.exe
15:47:38.0558 0x12b8 sppsvc - ok
15:47:38.0589 0x12b8 [ AA1F23501511EFE9CF9771F6B20E8D45, E786852D9877CCFD35444F8FC694467132F868D87A8C344FD1016FFDE74695A5 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:47:38.0589 0x12b8 srv - ok
15:47:38.0620 0x12b8 [ F5B169EDF9D5E3C7200D89D30E065D13, 12BAF3A3CB76F0900FA53681C9AD16F40308F493BA22C0F60E1E268D0D6AF825 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
15:47:38.0636 0x12b8 srv2 - ok
15:47:38.0652 0x12b8 [ 2E142E027F0AA698BA4DCE49CBDB43CD, A21027BBBC75A55A8B302D028113A0683016E4C72790A8C561DDB1AE7FDB4289 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
15:47:38.0667 0x12b8 srvnet - ok
15:47:38.0683 0x12b8 [ BF71B3FB5B7557CB740CDB09C5FB50D9, D6F9E65FDC9C4ADAFE82D94F71A1F5960DB3BEEBF4FE5B2D087515C4FAA5F287 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:47:38.0698 0x12b8 SSDPSRV - ok
15:47:38.0714 0x12b8 [ EF1BC04215C201ADA3F7F5A2F034EA21, E1A7A0FA2032B9E7D3951100E74C04D93CD848C88D23D57FBA0BFA2816B29C61 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
15:47:38.0714 0x12b8 SstpSvc - ok
15:47:38.0745 0x12b8 [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
15:47:38.0761 0x12b8 ssudmdm - ok
15:47:38.0855 0x12b8 [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
15:47:38.0870 0x12b8 ss_conn_service - ok
15:47:38.0948 0x12b8 [ 78760751FBCB900F6F68CA1700DAE2DC, 356914797056B11745E18ECD033B8DC801C3C3DD6C5127FCD430A02C4FDD34A9 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
15:47:38.0995 0x12b8 StateRepository - ok
15:47:39.0011 0x12b8 [ DDE064A4298FD1FBF804D3ED691E7EDB, B0D117B1FC0DA2CB76F5F63699E2F108930B6C6721AC443111D48215ED624278 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
15:47:39.0011 0x12b8 stexstor - ok
15:47:39.0042 0x12b8 [ 60F04DF1AB55D6D4BDA02052DD20537E, 52996EDF2C06968DADC9BDF24E4039929B81643493C7193B8CC4A6BD1A3AE761 ] stisvc C:\WINDOWS\System32\wiaservc.dll
15:47:39.0058 0x12b8 stisvc - ok
15:47:39.0073 0x12b8 [ 32C95F44108C3E7DB58F773346E3C9D0, F852D8ECA06080EA6DE1A90509071965A750D9CFC9627F0D4DB8ECC57133B0B5 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
15:47:39.0073 0x12b8 storahci - ok
15:47:39.0089 0x12b8 [ 8883C8CE4942A99B84E1CC6EFA19738E, 60C1CDA4382F8EE70D810DBB1BCAF5F389433563FF23EEB84859612F396D8CE6 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
15:47:39.0089 0x12b8 storflt - ok
15:47:39.0120 0x12b8 [ AE7B7E1E95BFB9340B1956C98CA52C81, 3E0214A0C486C1CD05D9BC57E58A998A3CEADDC1D24AE2A75098F56B37069160 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
15:47:39.0120 0x12b8 stornvme - ok
15:47:39.0136 0x12b8 [ 63513EF3121689B3A59BD217618A2E42, DE9B89732801DEC60BD116D58CFB427F7E37F093BE8A9F6E0CAC729B5346B314 ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
15:47:39.0136 0x12b8 storqosflt - ok
15:47:39.0167 0x12b8 [ CC96FF061C772340F2ED89ABBA567ADC, 028CD44405B7FAFC7BF331DD729E44E0594A63386F48CF39D7725A58B3DE22D6 ] StorSvc C:\WINDOWS\system32\storsvc.dll
15:47:39.0167 0x12b8 StorSvc - ok
15:47:39.0183 0x12b8 [ 000F5CFCEF0F06DC8FD1D2F568E48AE4, C1FE485E57A1B912CE79556E0EFF03CC11362E7966D250E3AA4962DCCB8F8EE6 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
15:47:39.0183 0x12b8 storufs - ok
15:47:39.0214 0x12b8 [ 7415087F9006D6818F85F3CBD79B1A50, C768EBB2263375D285D689FEEF546147D42D7376977424A4D6FD655CC78EA7CD ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
15:47:39.0214 0x12b8 storvsc - ok
15:47:39.0214 0x12b8 [ E49858EA5865A015EB78B7F7C1C07DE2, 1ADBBAC2D2E2E3C40AB0BDDE068001E76A8DAB79C54F06479F7A4567DAD7A7A8 ] svsvc C:\WINDOWS\system32\svsvc.dll
15:47:39.0230 0x12b8 svsvc - ok
15:47:39.0277 0x12b8 [ 802278EE4ACCE9EA1F1481DF20EB1667, E78F0DA2CA0B2C2DF3B7E3B2A22C03380FE649813EE6EB31067C5FB6727DB7BD ] swenum C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
15:47:39.0277 0x12b8 swenum - ok
15:47:39.0308 0x12b8 [ 313D2C0DBA0B23A8302254FD317D2EC8, 20B98D6F33FEC7ACBCEED9757A3FEAD837FA7BA378BA25575A33EA45E076FC6B ] swprv C:\WINDOWS\System32\swprv.dll
15:47:39.0308 0x12b8 swprv - ok
15:47:39.0339 0x12b8 [ 12D0CB1DCAE6725B6CA54CC2038C4C8C, 7D224298E440B8C5FDD99A52485A6245DE5109C9A02E65AD38F1EC6DBF4AEEF2 ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
15:47:39.0339 0x12b8 Synth3dVsc - ok
15:47:39.0386 0x12b8 [ D5B31B2F14848015C211F1D674A82F3A, 58C18254C817693DB727090D1CC518032B3A67C5B3FC7F2F8CE4613A33790CFA ] SysMain C:\WINDOWS\system32\sysmain.dll
15:47:39.0402 0x12b8 SysMain - ok
15:47:39.0433 0x12b8 [ D5AAA188C70146977CFEE8D128599F3F, 9ABC30982E552EAF41FE84397EEEE5A3187444062C662D7CF35A03E3B274AFB8 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
15:47:39.0433 0x12b8 SystemEventsBroker - ok
15:47:39.0448 0x12b8 [ 95875059929EF91B55EA612D7967DD3D, 5F734209C8C9725376F7C146ED84999CC6D019C4C10B1795F53E72BE8853E2DD ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
15:47:39.0464 0x12b8 TabletInputService - ok
15:47:39.0480 0x12b8 [ FE33F417DFD9847CB571D3C7EE5FA7E3, B3C7BE7998B9B093DD969A2588EE8CEBD9771331A63D4B1D86A188317B5EE71C ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:47:39.0495 0x12b8 TapiSrv - ok
15:47:39.0573 0x12b8 [ 7EBD20284AC9BF9F0A020B86769BB074, 26D8CC9C1EE069BB617973BA7CBCFC36BAF1EABF975F395077547F930197A56A ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
15:47:39.0620 0x12b8 Tcpip - ok
15:47:39.0667 0x12b8 [ 7EBD20284AC9BF9F0A020B86769BB074, 26D8CC9C1EE069BB617973BA7CBCFC36BAF1EABF975F395077547F930197A56A ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
15:47:39.0698 0x12b8 Tcpip6 - ok
15:47:39.0714 0x12b8 [ D378A1AF58AFA84BB6AC753F2C1BE9F4, 8BBA623193D51E6A8DD0627FA08C93B918EF1BA2EEBA46CDBB86FE6A1007FDEE ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
15:47:39.0714 0x12b8 tcpipreg - ok
15:47:39.0730 0x12b8 [ D42AC03ACF9CA67693D1D9BB4D2A0BC8, D39D5180F3CDB23B4551A8C98F3C92A960B4CC9FA48E0FE11A6D89B0C247783F ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
15:47:39.0730 0x12b8 tdx - ok
15:47:39.0745 0x12b8 [ CCDBD2817C10A4F631280CBB3AE44FFB, A022DEF4D3CF75F41FA26275347F4BA38A513AD32FF18385C2E756DECB61D404 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
15:47:39.0745 0x12b8 terminpt - ok
15:47:39.0777 0x12b8 [ A0608264209A836821D6AB8C67B108AB, 7912C75F72BCAB7426A2E00C597C8D94C185B5DD31BD6C4BE5D56FECD5B0D9EA ] TermService C:\WINDOWS\System32\termsrv.dll
15:47:39.0808 0x12b8 TermService - ok
15:47:39.0824 0x12b8 [ 261830B1E3650E4471E1F98850B929B7, D281B8A93315E64C7AF5002E5BFBE6AFF8B35FD6AA747AE07D7AA96F4AFAA613 ] Themes C:\WINDOWS\system32\themeservice.dll
15:47:39.0824 0x12b8 Themes - ok
15:47:39.0839 0x12b8 [ 8D23F0819A00C547814409B734DD3747, 0E1B25A53C84486F8A57F309F3C016114F90F5AF5E576889BD230931F38594A5 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
15:47:39.0855 0x12b8 tiledatamodelsvc - ok
15:47:39.0870 0x12b8 [ 354DAA630928CD4DA2BC84A0DA4ADA9D, AFAE4948EA4F899267DC52DF9A06450FC3E77083B563E541581DA90685C7E98C ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
15:47:39.0886 0x12b8 TimeBroker - ok
15:47:39.0902 0x12b8 [ F4AEDABC8F3A9D632F8206D0C7F8CA09, 6E76749CD4B857B4D930267E3CF448AF4D14FAC851873C5E71572E62CAD2FA36 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
15:47:39.0902 0x12b8 TPM - ok
15:47:39.0933 0x12b8 [ 2D0338A3009075FCCB119CB7F3280F82, F42F3B8DA0F8B2C99892E66CDEF471A1CD30A30CF437ADFF464A2C786A6B87A6 ] TrkWks C:\WINDOWS\System32\trkwks.dll
15:47:39.0933 0x12b8 TrkWks - ok
15:47:39.0964 0x12b8 [ 62D6A900C5DFF2ECF131384E5A5C85AB, 1AF1FB868C59DFF452E3351EE5070B2C746DE606B9E2F1834CE2256F41ABE7A9 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
15:47:39.0980 0x12b8 TrustedInstaller - ok
15:47:39.0980 0x12b8 [ 676C801CAA61AADD0C918CC536A74B78, DB5DEC9445272E46D32DC2A9A99A9AE45729E424E61C679ECFD973AA88457BE6 ] TsUsbFlt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
15:47:39.0980 0x12b8 TsUsbFlt - ok
15:47:39.0995 0x12b8 [ 2BB6CC0DD1CEE86330743B56FA9FE91F, EE71E3DEECA7599947AB09E8967FE8066348D82B4C17D8CBE800FCDE9CF4989D ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
15:47:39.0995 0x12b8 TsUsbGD - ok
15:47:40.0011 0x12b8 [ 14B46248612DF1B1A695040FFFBCFAFC, 8C373A3C416FC9AB3872A187E64AC7A6E69FF605BD8784E8F2B1C28C293A0495 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
15:47:40.0011 0x12b8 tunnel - ok
15:47:40.0027 0x12b8 [ D0BE5EA1652D55029C9A898FB8ACFCE0, 80C4BC30B967C79B3457F43EB9B530CA2571C6158958879AC55E5A81F71CFF15 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
15:47:40.0027 0x12b8 uagp35 - ok
15:47:40.0027 0x12b8 [ 13C15E4B238895FE4731DB1D612EEB5F, 211E4B05AA09F7FBE2487C3241A98D1F970FEE5B9B1BAED2788B57233BFC4104 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
15:47:40.0042 0x12b8 UASPStor - ok
15:47:40.0042 0x12b8 [ BEBB8B55C5F99B69EEE39A9D7BADB21E, 08A094EA38AB58CC70108A3BDFDD3251897DC4B13FDDAD54C1B063137836EF34 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
15:47:40.0058 0x12b8 UcmCx0101 - ok
15:47:40.0074 0x12b8 [ DE3EDAF609D00EA2E54986E6459796A6, 61A9AB51869F38300CC5CC5D302B962FB966F54CBB2E393954F36372B3A479FE ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
15:47:40.0074 0x12b8 UcmUcsi - ok
15:47:40.0089 0x12b8 [ FB1C1D8B96A482F3581338D6752E1D6C, 0FFAEE3E088614B3483C459513BB9D78EB76B574696FD877A3CDF6A11378F46C ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
15:47:40.0105 0x12b8 Ucx01000 - ok
15:47:40.0120 0x12b8 [ 4E1543ACE2F6E2846713E5123D9D4159, 1A6AFC525A80D1F19B14CDAD38790DF7293911C4D0E8301161D92201B934C3D4 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
15:47:40.0120 0x12b8 UdeCx - ok
15:47:40.0136 0x12b8 [ CDCA9CC1D8293E75218D8FF85F2337A4, 173086C08DDC7625E026E425F1E2B5D6C795771BEAE9BFF6093E3592FBEBD323 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
15:47:40.0136 0x12b8 udfs - ok
15:47:40.0152 0x12b8 [ BC683E19307C533C7161DB7A58051347, 5553BE3421986FDD9992EBFD883CDA151F7166C01BBFA3E9183A3C93E41D79B6 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
15:47:40.0152 0x12b8 UEFI - ok
15:47:40.0167 0x12b8 [ D14B42C26DE402F316D49667D15446F0, 61CC9FF03EF78631C800EFD8D587975CB94D53DB80E6F60BD13BA52EC5690D3D ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
15:47:40.0183 0x12b8 Ufx01000 - ok
15:47:40.0183 0x12b8 [ 192470BE4321791FBB25F379D0141D6F, AD120F8F98BD99014471CE60630B5FEE7555AB261C98B7D9819FE23C386655F7 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
15:47:40.0183 0x12b8 UfxChipidea - ok
15:47:40.0199 0x12b8 [ F7BD838E84E6B286DBCE068EFB8C0800, A55188C8F8BDC739A7ED7D29CDCB2A17468BBB158E13D804963B31ED73449520 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
15:47:40.0199 0x12b8 ufxsynopsys - ok
15:47:40.0230 0x12b8 [ C844E39B900FFA46CA8DD2BBA670A077, 0CB6232BCE47C59821DF25D6ED33E85C3E32DDAB101AA8A2C22B5401E73F5D5B ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
15:47:40.0230 0x12b8 UI0Detect - ok
15:47:40.0245 0x12b8 [ A25842AC180F0E8B02380ECB8ADA1AF5, AF22E7559C5EF8DC22A2B9E27FFFFF075B1D1B68A8307266BD9473E0FAF36BEF ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
15:47:40.0245 0x12b8 uliagpkx - ok
15:47:40.0261 0x12b8 [ 21088F43172525C7E02D335A3327F46C, B04AD471A7DFE83AB557DB4540616B7DF4A1904F8BDDCB920D449FCEE6F36FD5 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
15:47:40.0261 0x12b8 umbus - ok
15:47:40.0277 0x12b8 [ 294A291B5D48FE8F38DD94B7272442C5, 66C9139636760C92C1E04FCF440C432FF6C5A94E1577CAFE1D61FCF2D30472ED ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
15:47:40.0277 0x12b8 UmPass - ok
15:47:40.0308 0x12b8 [ 3427889AECC3B6912A0A01D095E32B98, 322AE14B74295ACFC124719BBEF8809201150A184E262EC55E26D2B45787BF9D ] UmRdpService C:\WINDOWS\System32\umrdp.dll
15:47:40.0324 0x12b8 UmRdpService - ok
15:47:40.0355 0x12b8 [ 0D5C9E27E93AAEA3E30A1E59A7AC3DFF, 31A203DA03877E6B887930990C5BB53402F0DFFB22A6F8FC5A34EF0B99CD8A7E ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
15:47:40.0386 0x12b8 UnistoreSvc - ok
15:47:40.0464 0x12b8 [ E1A119AD21F5AFE22EB516C549306D3D, 48769D5E7A78B7A2C00F1F6798AC133CF3E0B2C76F71D3719BD741DDD8F2D229 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:47:40.0464 0x12b8 UNS - ok
15:47:40.0496 0x12b8 [ BD693208673F40BA21AA70B69F1D439C, E324947C2DD34386A83B09E73668F1CCED127AC91194B8BF7EC4C8E36CF8203E ] upnphost C:\WINDOWS\System32\upnphost.dll
15:47:40.0511 0x12b8 upnphost - ok
15:47:40.0527 0x12b8 [ A7A52EDDC3FAF183D6AC4774690ADF13, 630A0331F2EFA2DC7EFDACD08D8DF5C85BFDA30FF1525050FF54E069AFA45F6C ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
15:47:40.0527 0x12b8 UrsChipidea - ok
15:47:40.0542 0x12b8 [ 2EEA0897DD9E30E958B508D557F0B5E4, BE051A3AA5DFF56310FAB67AD19AC0443A3580542886EF3554EBE18F1323596F ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
15:47:40.0542 0x12b8 UrsCx01000 - ok
15:47:40.0558 0x12b8 [ DC54D775A3A61E4CDE871B4E38A1459A, CC996A9D293201BBD285E7B629B12EE88574702B8AC7BB4149439D6A25A07F7E ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
15:47:40.0558 0x12b8 UrsSynopsys - ok
15:47:40.0574 0x12b8 [ 18B63A0980F4AA1E6D7879B253980E37, 05F96DBE0A3DE2A685DEEBA8B6838A47AEB7CE2EBE8EB6BAD67B36DCF7E73589 ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
15:47:40.0589 0x12b8 usbccgp - ok
15:47:40.0605 0x12b8 [ 1C60A1A3C8E1E819E16F12BAEB1C83F8, E255BD173DBF091C5EA07381862E23C1FD761489EC396E312974FBC124E1F33A ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
15:47:40.0605 0x12b8 usbcir - ok
15:47:40.0621 0x12b8 [ 9A3E39F85DC6E3B9F792F1095ACFF788, 66B8E137A5232E9F717907CFD49FE624AE101F4DE14E2960849DABF7A877E87A ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
15:47:40.0621 0x12b8 usbehci - ok
15:47:40.0652 0x12b8 [ 0A368247A900656CC0678117DFC3A87C, 9BEAD14DA067439D913F609955E95CFA0B88ED4F1BC60B473E00F9D9CBC01B9C ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
15:47:40.0652 0x12b8 usbhub - ok
15:47:40.0683 0x12b8 [ C08449092043601887A1743350888635, 5CD916649D2CD8823B89C9E7459AD76AA8E54D70B6D9F40AD4A41144E22ACBE0 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
15:47:40.0699 0x12b8 USBHUB3 - ok
15:47:40.0714 0x12b8 [ 72EA850B59F40C25A4FEDDA5FE84EFEB, FB4801AA1FB72FC1C41024916368823E88D53E338640E3BEA865B0F0E7B8EE91 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
15:47:40.0714 0x12b8 usbohci - ok
15:47:40.0714 0x12b8 [ 47B2B2DE152E25546944049CA1170BB1, DDA0A806D3108B2475AB13F584EA8CE6F0932C5E394C2C3FA691DFAB8A2BCAC0 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
15:47:40.0714 0x12b8 usbprint - ok
15:47:40.0746 0x12b8 [ 923CA145CD0A9DFBA4CBBA60AB684C2C, EFAA1E730802490E9A53718D70484832A38345FE0A670937FC546FD245DF2CC9 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:47:40.0746 0x12b8 usbscan - ok
15:47:40.0761 0x12b8 [ 1F72E1A7E1858B7B3FF81522FCEBDE95, 4FAD243DA73C45CD5CA5E50F824F30EF0DC777D83957FD21FF43D8C89EC15AAC ] usbser C:\WINDOWS\System32\drivers\usbser.sys
15:47:40.0761 0x12b8 usbser - ok
15:47:40.0777 0x12b8 [ CD35467670DF1E6FBF36DA308F0C872B, E1F4F9B1EBD476394CBD0C934842AEE2502B030D97351B0A1E751FF23B011B57 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
15:47:40.0777 0x12b8 USBSTOR - ok
15:47:40.0792 0x12b8 [ DFA92EA105DD1073B43FB210EEB03DD4, D940432458F0A04F5013B48197CEA0412C8A909C50605AA21DD08271C90E2FE3 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
15:47:40.0792 0x12b8 usbuhci - ok
15:47:40.0824 0x12b8 [ C67A03F54A1EA683F4880A481EE5FF6C, 346185B378577FF14EFAD01ECB7DFC9AFC0D50F16DF081C3BA99AEFF710A0EE9 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
15:47:40.0824 0x12b8 USBXHCI - ok
15:47:40.0871 0x12b8 [ 32212C0FE0556915E763C29DEB6D267E, C5BC9DA3AB0C41604E8F3D01AFC2C25351FF5D3967E766DD0CDB4C0239ED6312 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
15:47:40.0902 0x12b8 UserDataSvc - ok
15:47:40.0949 0x12b8 [ 19DB66E644058AA880AE20144FA40839, 3622EBD3E203C436000947666E7CDF9B075951CC1929241CCCDB123F55F93E46 ] UserManager C:\WINDOWS\System32\usermgr.dll
15:47:40.0964 0x12b8 UserManager - ok
15:47:40.0980 0x12b8 [ 0CFEA30C0217EE74FF853B2B0CC0BE6D, 1F0856D2D94F46D7B24B7EE18ED868C9EFAE972039D35D1FAA9058A12CF40493 ] UsoSvc C:\WINDOWS\system32\usocore.dll
15:47:40.0996 0x12b8 UsoSvc - ok
15:47:40.0996 0x12b8 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] VaultSvc C:\WINDOWS\system32\lsass.exe
15:47:40.0996 0x12b8 VaultSvc - ok
15:47:41.0027 0x12b8 [ 26223003DDFB347B5CF3EC0B56DB066B, 78848BE1334C05F28FA431B08225EAE8345B2C66E7D677F9936892FC941EA961 ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
15:47:41.0027 0x12b8 vdrvroot - ok
15:47:41.0074 0x12b8 [ 0C3F4E7684C1D72E85A98689E65A98A1, F7928D3EFC1A83125887ADA5F8E008022B58F0DBA8A711B4D60975D8CE82B595 ] vds C:\WINDOWS\System32\vds.exe
15:47:41.0089 0x12b8 vds - ok
15:47:41.0105 0x12b8 [ A417284BC6B5C2EEF63F2C5154473530, 55146660CDDD829630C216038E6500CFAC906E67C82881047B665BFEEB286D10 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
15:47:41.0105 0x12b8 VerifierExt - ok
15:47:41.0136 0x12b8 [ 4C39C05A72EB14C0567501C7E087E564, D3DC122B7E4A5BD345517FE3A9E9E58CD3C78887F9F327AB782BADCAD0F8F2EB ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
15:47:41.0136 0x12b8 vhdmp - ok
15:47:41.0152 0x12b8 [ C42206A15078596FDE8E89BB629DE342, B95F9EC2413ADE658A7CE4A9BB57A0E125C29205C24BBB120153DACAF4CF9482 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
15:47:41.0152 0x12b8 vhf - ok
15:47:41.0167 0x12b8 [ 248D9F911A5C94CF8477125DD0C3A291, 418C7285184BCC9DE4E56175960585867A5DB21FEF761C49FF6F1AF1C07D8088 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
15:47:41.0167 0x12b8 vmbus - ok
15:47:41.0183 0x12b8 [ 3E98DD4E0CBD6B4F9CBD0E9E0EDF541E, 2B5CF364F4D1D3359FBEA8BB2E72A1FCE1277E8D893977B751D9AC10A27DF018 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
15:47:41.0199 0x12b8 VMBusHID - ok
15:47:41.0214 0x12b8 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
15:47:41.0230 0x12b8 vmicguestinterface - ok
15:47:41.0246 0x12b8 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
15:47:41.0246 0x12b8 vmicheartbeat - ok
15:47:41.0261 0x12b8 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
15:47:41.0261 0x12b8 vmickvpexchange - ok
15:47:41.0277 0x12b8 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
15:47:41.0277 0x12b8 vmicrdv - ok
15:47:41.0293 0x12b8 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
15:47:41.0293 0x12b8 vmicshutdown - ok
15:47:41.0308 0x12b8 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
15:47:41.0308 0x12b8 vmictimesync - ok
15:47:41.0324 0x12b8 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvmsession C:\WINDOWS\System32\ICSvc.dll
15:47:41.0324 0x12b8 vmicvmsession - ok
15:47:41.0339 0x12b8 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
15:47:41.0355 0x12b8 vmicvss - ok
15:47:41.0371 0x12b8 [ 91F165C5D71D9DCB18D4661CF10D1084, 1D55C1FF0F5D860E6DB60EEFE303C0797C98BB0B053ECC255F9B316872288818 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
15:47:41.0371 0x12b8 volmgr - ok
15:47:41.0386 0x12b8 [ 17042748AC05862A0283D32575220080, A85B480CB969CB7678545D2A9EE99CBD2ADFF210FA016A43E092D0711FBB633D ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
15:47:41.0386 0x12b8 volmgrx - ok
15:47:41.0418 0x12b8 [ 823A237D871CD652C6BFD47BECB6810A, 99310521451CB54C29A5DEA54C3A666F95E2A1FF0979D5F9792885A161E90C65 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
15:47:41.0418 0x12b8 volsnap - ok
15:47:41.0449 0x12b8 [ 78727FA284C2095EED660D71CD3C9AEF, 323F0BD5A624DF77973F28C7CF31EC6B3A525496EBF063666623A62B1DB0EA65 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
15:47:41.0449 0x12b8 vpci - ok
15:47:41.0480 0x12b8 [ 2415961D561E02F5E46B7C1C687A6788, 68A54B9595A0D15D410D5F1656B6EBE3B913A4BA5F71C658C9B99420E6ED327A ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
15:47:41.0480 0x12b8 vsmraid - ok
15:47:41.0527 0x12b8 [ 16419CBDB04DB9FF298169AA93413822, 743AD26F08AF5EFF5DD353E75C3D659B10C3FEC2FEDABB76387B87721B5B98F8 ] VSS C:\WINDOWS\system32\vssvc.exe
15:47:41.0543 0x12b8 VSS - ok
15:47:41.0558 0x12b8 [ 6AE9A843AE979F2DCCA5A25C07C7A5F8, 3CEC26DE2EEC97929A0FBBD87FF75F8DC387C0988B2047074C8F069ACBEF2587 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
15:47:41.0574 0x12b8 VSTXRAID - ok
15:47:41.0589 0x12b8 [ BD232C761C59FA8D8EF626CA630E2D2E, E494EFDCE8F6343F49F33F1F03DCD5DEC9CB6F349B1AD302B4D3333B5F6BD8E5 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
15:47:41.0589 0x12b8 vwifibus - ok
15:47:41.0605 0x12b8 [ 3039687AB65CEE26CF478C1F42FFCD7D, 40E140C6F94B6203767A1493DF8CAE6BA1FB67FBD0C13789444F72410D0E6FF1 ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
15:47:41.0605 0x12b8 vwififlt - ok
15:47:41.0636 0x12b8 [ EC9B6544C569E8D7FAB91772BD7D23F2, 06CC5F21E9A9DD35099CB3E44C3E2BF2F944CE5B71284E6A85E1B681F12BD31B ] W32Time C:\WINDOWS\system32\w32time.dll
15:47:41.0652 0x12b8 W32Time - ok
15:47:41.0699 0x12b8 [ 9776E4816D92B766F461957FBDA84360, 048F6ADC97767AFAB50582D0AE1E67A15B038A1C02F7982A6AD30B61AC5C7369 ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
15:47:41.0699 0x12b8 w3logsvc - ok
15:47:41.0730 0x12b8 [ F61FA0EDBE913DFCA0CF012FDD9E99EE, DE8685230D49F940640F400D2EC4F10E677AF6D57B3FAB0342AA98BEA779D6AD ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll
15:47:41.0761 0x12b8 W3SVC - ok
15:47:41.0777 0x12b8 [ FC40A7527D39F06D032A6553D22E4BF6, F572FCB5EB3DE16FD6222A5B6A43C81E3A1F838890667D9F0453F82FFCA772FF ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
15:47:41.0777 0x12b8 WacomPen - ok
15:47:41.0808 0x12b8 [ 2CFE8CBE358CC4D5715E010E3B13559F, 54E9BFCE202FA123EB261C226094054950429AAFA304AA714F461B003E070BD9 ] WalletService C:\WINDOWS\system32\WalletService.dll
15:47:41.0824 0x12b8 WalletService - ok
15:47:41.0855 0x12b8 [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:47:41.0855 0x12b8 wanarp - ok
15:47:41.0855 0x12b8 [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:47:41.0855 0x12b8 wanarpv6 - ok
15:47:41.0886 0x12b8 [ F61FA0EDBE913DFCA0CF012FDD9E99EE, DE8685230D49F940640F400D2EC4F10E677AF6D57B3FAB0342AA98BEA779D6AD ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
15:47:41.0886 0x12b8 WAS - ok
15:47:41.0933 0x12b8 [ CF9EF65FA66B0F4982FD1FACAB3009B6, 681C1CD5DCAF87EF436B907534E98B0AB4F66BD62E46B8977A7880B854766A27 ] wbengine C:\WINDOWS\system32\wbengine.exe
15:47:41.0965 0x12b8 wbengine - ok
15:47:41.0980 0x12b8 [ 8F2B0ED6FCA72B34BEEA37E32D0EE106, A86C641A13FDF056B7BA13641551582199DDB08E9490003C74D999518B097C00 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
15:47:41.0996 0x12b8 WbioSrvc - ok
15:47:42.0027 0x16d8 Object required for P2P: [ F34655869378762CEEF159E82BE95C3E ] Origin Client Service
15:47:42.0043 0x12b8 [ A40484AC27EE08DBE7F8DA5E1F6651ED, E3259694450C4F1DEC5E0EA5E23BF3A51F1819374DF47FECF70282AFD46114A1 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
15:47:42.0043 0x12b8 Wcmsvc - ok
15:47:42.0058 0x12b8 [ 8E7FD07D2C82ACBCA52C4100C20F6542, FB2CD88557ABB5EBE6555CD4E41BF4BDC6FE6BCF26288338F2FB034B966FCBD3 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
15:47:42.0074 0x12b8 wcncsvc - ok
15:47:42.0105 0x12b8 [ 9C776ED423CD03F8ABD54C2557E34416, 282C1208977070EC0280D5ABA0E03A847AEAEE31F35CDAA3C7A02D8477614EB1 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
15:47:42.0105 0x12b8 WcsPlugInService - ok
15:47:42.0105 0x12b8 [ C8BA574B3BA6AE88741AC86B1FE3C1DC, B2422CDE3A6A27B52D270D24298FF69D91D389C68456EC1805BA30AA59BAB839 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
15:47:42.0121 0x12b8 WdBoot - ok
15:47:42.0136 0x12b8 [ 927AD29D7F91B9A0C5294932374DA15E, ABB2722EF4153771D15683B5CE603D2B7D8A585357F64A3DC26114F37BE2906E ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
15:47:42.0168 0x12b8 Wdf01000 - ok
15:47:42.0183 0x12b8 [ C5BB7C612B4C852836BEA39593BA5F46, 1E2B123F34500C2A8E983AAAF7F14E409B88DC396A655F19F3E7F15D0C51A762 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
15:47:42.0199 0x12b8 WdFilter - ok
15:47:42.0215 0x12b8 [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
15:47:42.0215 0x12b8 WdiServiceHost - ok
15:47:42.0215 0x12b8 [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
15:47:42.0215 0x12b8 WdiSystemHost - ok
15:47:42.0261 0x12b8 [ 9B2039C5673EEBF1D4E34ABC0AFB88C7, BBC85546BD86B9027426DAF148194CFE992B80FF89311B28BE0BD82C88630E8C ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
15:47:42.0277 0x12b8 wdiwifi - ok
15:47:42.0293 0x12b8 [ BD193A7BD34B2E829FAF56306FEE3B09, ADD746D198E21242CEFA01840952B792074EFC473113CD3E7F1ABBA6A4E26AF6 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
15:47:42.0293 0x12b8 WdNisDrv - ok
15:47:42.0324 0x12b8 WdNisSvc - ok
15:47:42.0340 0x12b8 [ 6A3B5013D5C7840E8CABD63DD021C112, 371CCEEAC7816CFE79ACA8A218CDA16469D9567CB63CC9D18C55FF047011EF25 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:47:42.0340 0x12b8 WebClient - ok
15:47:42.0355 0x12b8 [ EED4043BC3C2D00067411730EE118354, 5E268DA4DB78C06D8F181E9408B4769F8A12C38DA52C1E986EE0CEE1101E9485 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
15:47:42.0355 0x12b8 Wecsvc - ok
15:47:42.0371 0x12b8 [ 6ECD7A49AFC6533821BEEA1876CEB21D, 2E972245F56F589EF1AB9DABB9214B9DE6E290878735476323A3357D8CDFC71F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
15:47:42.0371 0x12b8 WEPHOSTSVC - ok
15:47:42.0386 0x12b8 [ 09B434867028AF4895A87959EA668686, 26A7DB82E42DCBF3A77092D58AC6392754FD7C538B9EAAEFA88E9AF81DFE8E96 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
15:47:42.0386 0x12b8 wercplsupport - ok
15:47:42.0402 0x12b8 [ DE4E417B867841EE55114E588098B8D5, 878708C93FC1D919E2B9E1C5F94A0EAFC5F28BDAA58D3F29DEEDC8EC3F72D9ED ] WerSvc C:\WINDOWS\System32\WerSvc.dll
15:47:42.0402 0x12b8 WerSvc - ok
15:47:42.0418 0x12b8 wfpcapture - ok
15:47:42.0438 0x12b8 [ DBF5255B759212E5217A2748567A0B5C, 5E81A9289EC39702179038B686A35FADF9974651E74222F3354B4CBE919887B0 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
15:47:42.0441 0x12b8 WFPLWFS - ok
15:47:42.0464 0x12b8 [ 4CD8826BB8320741842A9E53E48AF2BC, 97B22D9DCD0FD31D3A801946173369B0E70B1850576682C8A8180874A61CAD1A ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
15:47:42.0467 0x12b8 WiaRpc - ok
15:47:42.0478 0x12b8 [ 4375BCBA419D19695CF566082CEF27D3, 6F86FA14B41A03F2BA51B8702F3D59B85FD488405601FA177495E4B7C576850D ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
15:47:42.0479 0x12b8 WIMMount - ok
15:47:42.0481 0x12b8 WinDefend - ok
15:47:42.0498 0x12b8 [ 037BC6DE5F58D4A74A5BB0C12DCECDCA, 92921A2615A41C434BADEB33594DABC166FC9418FBD311A3B2022410B14BFDAC ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
15:47:42.0501 0x12b8 WindowsTrustedRT - ok
15:47:42.0511 0x12b8 [ 70BCD70BD53F2FE660ED94B025A043EB, B23B96DCAB30C62CB1651B3A2292155AEE8217CE3120574F5158D5E7DA09DE56 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
15:47:42.0513 0x12b8 WindowsTrustedRTProxy - ok
15:47:42.0562 0x12b8 [ 8921ECEC2C7D1B1333D77325C60D3AEA, 67C6B6A92B34D99165B5591D0730322C31E967E599BA44924249BF5AD505C132 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
15:47:42.0576 0x12b8 WinHttpAutoProxySvc - ok
15:47:42.0593 0x12b8 [ 7792AE5403BF8975B6460DFC3428D129, D88F77E973D58C2CA629CC9249877A34ABF31CA1DC2A570666921A8A0DC8DEC7 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
15:47:42.0595 0x12b8 WinMad - ok
15:47:42.0637 0x12b8 [ 73B5230F03DC7002A70F11EA1B0BAA37, DFE8BBE52B58589686E402ACED51021E298A491F907EBA5689DF9DAFC3002BA5 ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:47:42.0637 0x12b8 Winmgmt - ok
15:47:42.0700 0x12b8 [ 2FE85D6AFF90F56A78743CC93B9CA684, B515765C4EE64E7EC16BD6AF037C084CCA6E81180AEF59E18F260406ABE6DF58 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
15:47:42.0746 0x12b8 WinRM - ok
15:47:42.0762 0x12b8 [ 811F30EB6EE8318C4171CB95AE30B9BD, 765F6BEA3D35D523B5D7ED7356EC0C97A48066A5C4D77C1E6EDAC6F220153385 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
15:47:42.0762 0x12b8 WINUSB - ok
15:47:42.0778 0x12b8 [ DF00381AB8665D48DE3FF794BC6760AB, 749AC7048601061A34BFF507B574AF028FC662C0A98692E7331E667D105EC09D ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
15:47:42.0778 0x12b8 WinVerbs - ok
15:47:42.0840 0x12b8 [ 3C096082A9232B7CEE4653B9C9031769, CFD4C7D0874097ED70735FD99206F21C12749B7956C4B5D4287F160EC6A21DCC ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
15:47:42.0887 0x12b8 WlanSvc - ok
15:47:42.0950 0x12b8 [ 0968D575D9108497A6DC37749D4A6C4F, 8BFEDBE642DA0FD8AC1E60180C192527F3D36E43089090A7BB6D8B27AB6E4F7F ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
15:47:42.0981 0x12b8 wlidsvc - ok
15:47:43.0012 0x12b8 [ 623ED8E10DFEEAB7AE2CD11A0451DB79, 7DDE15F22FD24556D4765F6CFD0F8E2F27370A89A962919646DE2613B33D43D6 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
15:47:43.0012 0x12b8 WmiAcpi - ok
15:47:43.0043 0x12b8 [ B2BB87531C4127ED4120E9BF5566827F, 1DDC0F00F215D77D3698F81B56D4488F384E9D017267840EDFA4846742B99B6A ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
15:47:43.0043 0x12b8 wmiApSrv - ok
15:47:43.0043 0x12b8 WMPNetworkSvc - ok
15:47:43.0075 0x12b8 [ 78CA1FF6FE37EEFAFF99DD1C956AF60A, 883C7890C83BAB3B846A0C969D7B67031BD2EF65FA58A0620DD0CD1655C5B2C5 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
15:47:43.0075 0x12b8 Wof - ok
15:47:43.0137 0x12b8 [ C7503A49364DB2AF7A7DE177B233081F, 85DC6D8B5631E51FCF395A884F58571A96C8C55C38CA9ABEBD9C75BABAD21E38 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
15:47:43.0168 0x12b8 workfolderssvc - ok
15:47:43.0184 0x12b8 [ 388F2A3C771B8BEE76FD1AAF9614D08E, C064EC6136CC20C4EE19C86E91CA071974933BB52C9EF8521DF4AFD060FED4A2 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
15:47:43.0200 0x12b8 wpcfltr - ok
15:47:43.0215 0x12b8 [ A6FCFE1F691B4A4D266F5D487FADB9FE, 2135D0C13C1295A2F76885E380CD72CB71CEB8E0D9F1C183A35935B27737D423 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
15:47:43.0215 0x12b8 WPDBusEnum - ok
15:47:43.0231 0x12b8 [ 37DCE976B3935380F2F6E39ABB6BF40D, B14E875F6D6503DF0DB6D9D2363316073AEEF394D830EA2270A0DCDA56E1CEC4 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
15:47:43.0231 0x12b8 WpdUpFltr - ok
15:47:43.0247 0x12b8 [ 80F0154FD4293E562D54E97811E03499, EDE920F7F95EFBE542FE3CE066B6F7CDE3B9A37DDF3411DC86EACE9EEF294C1D ] WpnService C:\WINDOWS\system32\WpnService.dll
15:47:43.0247 0x12b8 WpnService - ok
15:47:43.0278 0x12b8 [ 3CD22DD5A790CF7C24D65455E565EA83, 49DB06DF6F38940E7F8691C16586A78BB20E702FD48A34E50987C06B08BDF4DB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
15:47:43.0278 0x12b8 ws2ifsl - ok
15:47:43.0293 0x12b8 [ EBA916109A176714E6A7BD152387F13C, 7B38B1708B83271ADA8D1CEC7F5F0A75C7F2572185C0961EFC749D5DF16A03F0 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
15:47:43.0293 0x12b8 wscsvc - ok
15:47:43.0293 0x12b8 WSearch - ok
15:47:43.0387 0x12b8 [ 9EB85802AB625970E05879D15DE56335, B7DCE5E1924A5CEE76CC07FF3B8CEDBBD0DDBB4C4ED0A3BFB8D1ABCAD7C0AA23 ] WSService C:\WINDOWS\System32\WSService.dll
15:47:43.0434 0x12b8 WSService - ok
15:47:43.0497 0x12b8 [ B70FF53144AC4B3C7D98BFB7D7C239BD, 996F6253F24C6D734B777988CDE03CD3A32FFBAD6D7A198F1C590B762CD8DC0E ] wuauserv C:\WINDOWS\system32\wuaueng.dll
15:47:43.0528 0x12b8 wuauserv - ok
15:47:43.0543 0x12b8 [ 835F60262E7E310080EA05F6752BF248, 3010B731DF3D52B56EA16FD29B66F5D3AB9412E49CA4C547BAAECA3225C5DC40 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
15:47:43.0543 0x12b8 WudfPf - ok
15:47:43.0575 0x12b8 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
15:47:43.0575 0x12b8 WUDFRd - ok
15:47:43.0590 0x12b8 [ 44CF3130AEC8914705487C4AEF756A19, 30B09E32DEC02141F9B99ED012E441056C1663A72E4130EF4221ECC0ED87BF4B ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
15:47:43.0590 0x12b8 wudfsvc - ok
15:47:43.0590 0x12b8 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
15:47:43.0590 0x12b8 WUDFWpdFs - ok
15:47:43.0606 0x12b8 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
15:47:43.0606 0x12b8 WUDFWpdMtp - ok
15:47:43.0637 0x12b8 [ D23F211E1AA0787EFEC373D172D4A1C2, 6CCAB272D121C9946B2CF6B19F50E09946F0187713D54BFBD371B5C017367204 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
15:47:43.0668 0x12b8 WwanSvc - ok
15:47:43.0700 0x12b8 [ 9BDC2AFCEF4CF1C630D728DE1DBD495A, 5CE19974380CCEC46C181315B349E9A7CE757E19118EC5978A2293D63268BA66 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
15:47:43.0715 0x12b8 XblAuthManager - ok
15:47:43.0747 0x12b8 [ 3EDB6162310EA223890C2DF44C68358B, 12053291809CA9C38A30EA4B2DE7115F535531F0925220C63B0312979F9CC707 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
15:47:43.0762 0x12b8 XblGameSave - ok
15:47:43.0778 0x12b8 [ 30021D1E0407B71E8D5D4F8DAE4E656A, EE2E366A1CC033C068176C7E9F876FFA0EF86A15A482B6964E170DE863CFF542 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
15:47:43.0793 0x12b8 xboxgip - ok
15:47:43.0825 0x12b8 [ 729B70C81F207541BC6A4ABAE3A8D594, 31F9BC41169D28B397C0D988C367C32FA9A95289E68AB8F38061DA478752A765 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
15:47:43.0840 0x12b8 XboxNetApiSvc - ok
15:47:43.0856 0x12b8 [ 6851673B90D8CB332439E0339F81A6B6, 4E95F1A63E6DD58BB5BD6FC1D9784837D5E6F5BCF870C7ECC92DCA1AF20B6A4C ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
15:47:43.0856 0x12b8 xinputhid - ok
15:47:43.0872 0x12b8 ================ Scan global ===============================
15:47:43.0903 0x12b8 [ C6BC6E49A7F76AA2BBA58CD08196755F, D02B6B285899E966D19323566A4780D51303D00E66674D7FF4B61991430A69A6 ] C:\WINDOWS\system32\basesrv.dll
15:47:43.0918 0x12b8 [ 70EC9717DC3A1CDF79C703A145E0E5B7, D5ABF42063DFF799FD4099D8A347256CC79B89582B987B3DEE240AFA5BA421BE ] C:\WINDOWS\system32\winsrv.dll
15:47:43.0950 0x12b8 [ F435AFA375ACBAEE44324DD464EDCC11, 815DE470439AE5D96348BEBF971A14FBDCA1D36F31CA0D25F69E5F41817D43D5 ] C:\WINDOWS\system32\sxssrv.dll
15:47:43.0965 0x12b8 [ BB3D8E1C108F7244613FF3993291A922, 1642AF23F200D46F54239C3BA743F1D5ADDC6A32D5F6481264D0C1D7F3E9D533 ] C:\WINDOWS\system32\services.exe
15:47:43.0981 0x12b8 [ Global ] - ok
15:47:43.0981 0x12b8 ================ Scan MBR ==================================
15:47:43.0997 0x12b8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:47:44.0184 0x12b8 \Device\Harddisk0\DR0 - ok
15:47:44.0184 0x12b8 ================ Scan VBR ==================================
15:47:44.0184 0x12b8 [ 156A5307A0294B4D9FD4DE190944CEFE ] \Device\Harddisk0\DR0\Partition1
15:47:44.0247 0x12b8 \Device\Harddisk0\DR0\Partition1 - ok
15:47:44.0262 0x12b8 [ C42FFA1E0E15944C77B1B8B0831ACCD2 ] \Device\Harddisk0\DR0\Partition2
15:47:44.0293 0x12b8 \Device\Harddisk0\DR0\Partition2 - ok
15:47:44.0293 0x12b8 [ 7CCFFAE809AA529ECAA72FA5C3CCF408 ] \Device\Harddisk0\DR0\Partition3
15:47:44.0293 0x12b8 \Device\Harddisk0\DR0\Partition3 - ok
15:47:44.0309 0x12b8 [ A6B34B1831A2C38D366FD322B5B81066 ] \Device\Harddisk0\DR0\Partition4
15:47:44.0309 0x12b8 \Device\Harddisk0\DR0\Partition4 - ok
15:47:44.0309 0x12b8 ================ Scan generic autorun ======================
15:47:44.0450 0x16d8 Object send P2P result: true
15:47:44.0622 0x12b8 [ 834A309C2FDF52FC09353F348CFE1235, FF8D5B0C4D8DEF3B313E11B01D6A2A29758E8721EF2EC0AAC2DB3C9AAF399276 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:47:44.0765 0x12b8 RtHDVCpl - ok
15:47:44.0832 0x12b8 [ A005676B30AEB3C7703C317D992B193A, 446155F3AB94BF33DB91E7C2C1EED57ED449D82710BFC96DFA07DBA1D346399E ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
15:47:44.0832 0x12b8 USB3MON - ok
15:47:44.0895 0x12b8 [ 07A37CB5C5A01E73FB69F138FAE2DB0E, 9E8B5D78D7EAB8FA35133763EDA91AFE5CDEE275D604F02CDB56FB00A0D5AA0F ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
15:47:44.0926 0x12b8 Adobe ARM - ok
15:47:44.0926 0x12b8 hpqSRMon - ok
15:47:44.0926 0x12b8 HP Software Update - ok
15:47:45.0160 0x12b8 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
15:47:45.0285 0x12b8 OneDriveSetup - ok
15:47:45.0426 0x12b8 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
15:47:45.0520 0x12b8 OneDriveSetup - ok
15:47:45.0567 0x12b8 [ 86F0D0B3A07C142C81DAB47E8495A822, DA214C967FFE0B3E2BBCE99E7330DBB74EB0BB7F21833FE689277109B0FF92B5 ] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
15:47:45.0567 0x12b8 BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
15:47:45.0692 0x12b8 [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
15:47:45.0754 0x12b8 DAEMON Tools Lite - ok
15:47:45.0942 0x12b8 [ F679E30A5F7CE39F7FA134E61BD2D6D3, 84BD25FFF9C47AC5A00E225DCF03D82A79FE036E3B553D2D81254F2F1FC120A1 ] C:\Program Files\CCleaner\CCleaner64.exe
15:47:46.0051 0x12b8 CCleaner Monitoring - ok
15:47:46.0160 0x12b8 [ 9F2ECA252720B25E8FEC1CAB2984B98D, 476EE2929901CD43F15869B763376393AA0942A3B934532055E037C6DCE3CD2D ] C:\Users\Marco\AppData\Local\Microsoft\OneDrive\OneDrive.exe
15:47:46.0160 0x12b8 OneDrive - ok
15:47:46.0192 0x12b8 Skype - ok
15:47:46.0379 0x12b8 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
15:47:46.0457 0x12b8 OneDriveSetup - ok
15:47:46.0473 0x12b8 Waiting for KSN requests completion. In queue: 147
15:47:47.0489 0x12b8 Waiting for KSN requests completion. In queue: 147
15:47:48.0489 0x12b8 Waiting for KSN requests completion. In queue: 147
15:47:48.0817 0x1dec Object required for P2P: [ 7EBD20284AC9BF9F0A020B86769BB074 ] Tcpip
15:47:49.0504 0x12b8 Waiting for KSN requests completion. In queue: 147
15:47:50.0520 0x12b8 Waiting for KSN requests completion. In queue: 147
15:47:51.0239 0x1dec Object send P2P result: true
15:47:51.0239 0x1dec Object required for P2P: [ 7EBD20284AC9BF9F0A020B86769BB074 ] Tcpip6
15:47:51.0536 0x12b8 Waiting for KSN requests completion. In queue: 146
15:47:52.0552 0x12b8 Waiting for KSN requests completion. In queue: 146
15:47:53.0567 0x12b8 Waiting for KSN requests completion. In queue: 146
15:47:53.0692 0x1dec Object send P2P result: true
15:47:53.0708 0x1dec Object required for P2P: [ 0968D575D9108497A6DC37749D4A6C4F ] wlidsvc
15:47:54.0583 0x12b8 Waiting for KSN requests completion. In queue: 34
15:47:55.0599 0x12b8 Waiting for KSN requests completion. In queue: 34
15:47:56.0146 0x1dec Object send P2P result: true
15:47:56.0677 0x12b8 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
15:47:56.0708 0x12b8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x62100 ( disabled : updated )
15:47:56.0708 0x12b8 Win FW state via NFP2: enabled ( trusted )
15:47:59.0083 0x12b8 ============================================================
15:47:59.0083 0x12b8 Scan finished
15:47:59.0083 0x12b8 ============================================================
15:47:59.0083 0x25dc Detected object count: 0
15:47:59.0083 0x25dc Actual detected object count: 0
15:53:21.0702 0x0ea0 Deinitialize success
|
|
01.12.2015, 21:08
| #11 |
| /// the machine /// TB-Ausbilder | Viele Mail Delivery System Mails, auch aus meinem Adressbuch Emailaccount von allen Geräten Löschen, PW ändern. Kommen noch Mails?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.12.2015, 18:32
| #12 |
| | Viele Mail Delivery System Mails, auch aus meinem Adressbuch Hallo, habe alle Emailaccounts von allen PC und Laptop gelöscht, Passwort geändert und dann alles neu eingerichtet. Seit gestern kommen jedoch schon wieder zahlreiche Mail Delivery System Mails  Was soll ich tun? |
|
10.12.2015, 12:22
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viele Mail Delivery System Mails, auch aus meinem Adressbuch Das ist Addressfälschung. Dagegen kann man nix machen!! Du kannst ja auch nicht verhindern, dass jmd einen Brief aufsetzt und als Absender deinen Namen und deine Adresse verwendet. Vgl. http://www.trojaner-board.de/172428-...ml#post1538438
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.12.2015, 12:54
| #14 |
| | Viele Mail Delivery System Mails, auch aus meinem Adressbuch Aber wieso werden auch Adressen aus meinem Adressbuch gesendet bzw kommen zurück? Wie kommen die an mein Adressbuch? Und auch von ganz vielen anderen Adressen von denen ich zb. Newsletter und andere Infos bekomme wie zB. Ebay und Amazon werden mir diese Mail Delevery System Mails zurückgeschickt? |
|
10.12.2015, 13:34
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viele Mail Delivery System Mails, auch aus meinem Adressbuch Lies bitte den verlinkten Thread. Da wurde iniges erläutert. 100% richtige Angaben zur Ursache sind nicht möglich.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Viele Mail Delivery System Mails, auch aus meinem Adressbuch |
| adressbuch, antivir, delivery, fängt, gefunde, gehackt, geändert, größte, mail, mail delivery, mail delivery sytem, mailkonto, mails, meinem, nichts, passwort, passwort geändert, problem, schnell, sorge, sorgen, system, woche, wochen |
Linear-Darstellung
