| |
| |||||||
Log-Analyse und Auswertung: Firefox u. Thunderbird starten nicht + Meldung, dass Word für aktuellen Benutzer nicht installiert wurde + div. andere ProblemeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.12.2015, 15:44
| #1 |
 |  Firefox u. Thunderbird starten nicht + Meldung, dass Word für aktuellen Benutzer nicht installiert wurde + div. andere Probleme Der Laptop meiner Frau hat diverse Probleme: 1. Nachdem man Word gestartet hat, erscheint die Meldung "Microsoft Office wurde für den aktuellen Benutzer nicht installiert. Bitte starten Sie Setup, um diese Anwendung zu installieren" * Ich habe über "Programme und Funktionen" versucht, Office zu reparieren, das wird aber mit einer Fehlermeldung abgewiesen. 2. Exe-Dateien konnte man nicht ausführen (Fehler "ungültiger Bild"). * Nach SFC /SCANNOW im abgesicherten Modus klappt das wieder. 3. Lt. WLAN-Anzeige ist der PC verbunden, hat jedoch keinen Internetzugriff 4. Wenn man im IE fritz.box eintippt erscheint die Meldung: Die Suchseite nicht gefunden werden. 5. Die Symbole von Firefox und Thunderbird sind weiß und reagieren nicht. Wenn ich die firefox.exe im Programmverzeichnis starte, erscheint der Fehler im Dateianhang. 6. Vermutlich nach Punkt 2 meint Windows, dass die installierte Version noch nicht aktiviert sei. Gemacht habe ich bisher folgendes: a) Kaspersky RescueDisk b) SFC /SCANNOW c) Microsoft Fix it 50850 d) AdwCleaner e) MalwareBytes f) FRST Danke für Eure Hilfe! Gruß Michael Log-Dateien zu a+d kann ich nachliefern, habe sie aber zunächst weggelassen wegen der Datenmenge: zu f) Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
durchgeführt von Rehberg********** (Administrator) auf RS-PC (22-12-2015 14:41:17)
Gestartet von F:\
Geladene Profile: Rehberg********** (Verfügbare Profile: Rehberg**********)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Crawler Group) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-12] (Bitdefender)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\Run: [Bitdefender-Geldb?rse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\RunOnce: [Uninstall C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\RunOnce: [Uninstall C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\RunOnce: [Uninstall C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\RunOnce: [Uninstall C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\RunOnce: [Uninstall C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\RunOnce: [Uninstall C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\RunOnce: [Uninstall C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rehberg\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\MountPoints2: F - F:\ting.exe
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\MountPoints2: {08475be2-c024-11e0-8116-00262dc34821} - F:\EasySuite.exe
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\MountPoints2: {b18e9e76-f3de-11e4-94e9-00262dc34821} - F:\ting.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rehberg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rehberg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rehberg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rehberg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rehberg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rehberg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rehberg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\rehberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{0B6CB05B-A71E-4C68-A4DE-1DCFE89304D5}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A58F1BE4-2027-4CFF-B157-6343B05A3205}: [DhcpNameServer] 61.177.7.1 218.104.32.106 168.95.1.1
Tcpip\..\Interfaces\{B8106F6C-9E37-4D23-854A-30BD648D9ED5}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2015-07-27] (Crawler Group, LLC)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2015-07-27] (Crawler Group, LLC)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\rehberg\AppData\Roaming\Mozilla\Firefox\Profiles\23wvpkzv.default-1445984042115
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-11] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2012-11-08] (Sony Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2060828157-3897711240-3754088973-1000: @citrixonline.com/appdetectorplugin -> C:\Users\rehberg\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2060828157-3897711240-3754088973-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\rehberg\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-05] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-08-26] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-01-23] [ist nicht signiert]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-08-23] <==== ACHTUNG
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [0 2014-04-11] () <==== ACHTUNG (Null Byte Datei/Ordner)
S2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [72640 2012-06-07] () [Datei ist nicht signiert]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-03-26] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [329544 2012-03-26] ()
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 OKI OPHF DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHFLDCS.EXE [19968 2007-04-06] (Oki Data Corporation) [Datei ist nicht signiert]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [Datei ist nicht signiert]
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-10-23] (Sony Corporation) [Datei ist nicht signiert]
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3037520 2015-07-27] (Crawler Group)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-12] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-12] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-23] (REALiX(tm))
R3 Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [158976 2010-02-27] (Intel Corporation) [Datei ist nicht signiert]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH) [Datei ist nicht signiert]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-22 14:41 - 2015-12-22 14:41 - 00000000 ____D C:\FRST
2015-12-22 14:03 - 2015-12-22 14:03 - 00001130 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-22 13:54 - 2015-12-22 13:54 - 00262144 _____ C:\Windows\Minidump\122215-21543-01.dmp
2015-12-22 13:34 - 2015-12-22 13:54 - 3464663369 _____ C:\Windows\MEMORY.DMP
2015-12-22 13:34 - 2015-12-22 13:34 - 00262144 _____ C:\Windows\Minidump\122215-25849-01.dmp
2015-12-22 13:11 - 2015-12-22 13:11 - 00205708 _____ C:\Windows\ntbtlog.txt
2015-12-22 12:23 - 2015-12-22 12:20 - 00986624 _____ C:\Users\rehberg\Desktop\MicrosoftFixit50850.msi
2015-12-22 12:17 - 2015-12-22 11:39 - 22908888 _____ (Malwarebytes ) C:\Users\rehberg\Desktop\mbam-setup-2.2.0.1024.exe
2015-12-22 12:17 - 2015-12-22 11:39 - 01743360 _____ C:\Users\rehberg\Desktop\adwcleaner_5.026.exe
2015-12-19 10:15 - 2015-12-22 09:04 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-12-17 15:07 - 2015-12-17 15:07 - 00000005 _____ C:\Windows\system32\wslib2.response.000000000929C988000000000958F850
2015-12-17 02:10 - 2015-12-17 02:10 - 00000000 __SHD C:\found.001
2015-12-14 12:47 - 2015-12-14 12:47 - 00000000 ___HD C:\OneDriveTemp
2015-12-11 09:38 - 2015-12-11 09:38 - 00000000 ____D C:\Users\rehberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 09:28 - 2015-12-11 09:28 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-11-28 10:35 - 2015-11-28 10:35 - 02400491 _____ C:\Users\rehberg\Downloads\flyer.pdf
2015-11-26 10:52 - 2015-11-28 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-22 14:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-22 14:32 - 2011-08-06 14:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-22 14:26 - 2012-06-30 09:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-22 14:23 - 2015-09-07 10:10 - 00000622 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2060828157-3897711240-3754088973-1000.job
2015-12-22 14:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-22 14:22 - 2011-08-06 15:08 - 00151089 _____ C:\bdlog.txt
2015-12-22 14:22 - 2009-07-14 05:45 - 00018704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-22 14:22 - 2009-07-14 05:45 - 00018704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-22 14:21 - 2012-08-13 07:37 - 00000000 ____D C:\Program Files (x86)\Hotspot_Shield
2015-12-22 14:03 - 2015-10-28 20:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-22 14:03 - 2015-10-28 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-12-22 14:03 - 2015-10-28 20:14 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-12-22 13:54 - 2012-05-24 20:32 - 00000000 ____D C:\Windows\Minidump
2015-12-22 13:42 - 2015-10-14 11:24 - 00000000 ____D C:\AdwCleaner
2015-12-22 13:29 - 2015-09-07 10:10 - 00000718 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2060828157-3897711240-3754088973-1000.job
2015-12-22 13:25 - 2015-09-09 09:19 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-12-22 13:25 - 2015-09-09 09:15 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-12-22 13:25 - 2015-09-09 09:15 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-12-22 13:25 - 2015-03-11 10:44 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-12-22 13:02 - 2010-05-12 09:18 - 00699682 _____ C:\Windows\system32\perfh007.dat
2015-12-22 13:02 - 2010-05-12 09:18 - 00149790 _____ C:\Windows\system32\perfc007.dat
2015-12-22 13:02 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-22 13:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-22 12:44 - 2015-06-12 10:53 - 00001264 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2060828157-3897711240-3754088973-1000UA.job
2015-12-22 12:32 - 2011-08-06 13:09 - 00120312 _____ C:\Users\rehberg\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-22 09:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-22 08:27 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-12-22 08:26 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-22 08:16 - 2011-12-29 16:29 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2015-12-17 15:44 - 2015-06-12 10:53 - 00001212 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2060828157-3897711240-3754088973-1000Core.job
2015-12-17 02:38 - 2015-08-13 14:53 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-12-15 12:40 - 2015-09-07 10:10 - 00003758 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2060828157-3897711240-3754088973-1000
2015-12-15 12:40 - 2015-09-07 10:10 - 00003662 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2060828157-3897711240-3754088973-1000
2015-12-15 12:06 - 2011-08-06 19:07 - 00000000 ____D C:\Users\rehberg\Documents\Kerstin
2015-12-14 12:47 - 2014-12-14 20:37 - 00002215 _____ C:\Users\rehberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-12-14 12:47 - 2014-12-14 20:37 - 00000000 ___RD C:\Users\rehberg\OneDrive
2015-12-14 10:25 - 2011-08-06 13:54 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2015-12-14 10:22 - 2015-10-27 22:03 - 00000000 ____D C:\ProgramData\Spyware Terminator
2015-12-14 09:51 - 2011-11-11 20:24 - 00000000 ____D C:\Users\rehberg\Documents\Pohlheim
2015-12-12 11:33 - 2013-07-02 10:21 - 00000000 ____D C:\Users\rehberg\AppData\Roaming\Dropbox
2015-12-12 11:33 - 2011-08-06 19:07 - 00000000 ___RD C:\Users\rehberg\Documents\My Dropbox
2015-12-11 12:14 - 2011-08-06 19:08 - 00000000 ____D C:\Users\rehberg\Documents\Spurensuche
2015-12-11 09:28 - 2012-06-30 09:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-11 09:28 - 2012-05-11 16:18 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-11 09:28 - 2011-12-20 11:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-07 21:34 - 2011-08-09 20:39 - 00000000 ____D C:\Users\rehberg\AppData\Local\Ashampoo Photo Optimizer Medion
2015-12-02 22:15 - 2015-11-02 15:01 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-02 21:54 - 2015-11-07 18:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-02 21:54 - 2012-05-24 21:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-02 21:07 - 2013-11-14 12:32 - 00000000 ____D C:\Users\rehberg\Documents\Habil
2015-12-02 17:48 - 2013-05-15 22:08 - 00000000 ____D C:\Users\rehberg\Documents\RUProjekt
2015-12-01 19:01 - 2015-10-27 21:43 - 00000000 ____D C:\Users\rehberg\.oracle_jre_usage
2015-11-24 12:56 - 2015-10-27 21:40 - 00000000 ____D C:\ProgramData\Oracle
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-07-28 07:25 - 2003-03-21 11:45 - 0250544 _____ (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2015-10-30 08:18 - 2015-10-30 08:18 - 0000000 ____R () C:\Users\rehberg\AppData\Roaming\privacy.metrics
2013-09-29 16:59 - 2013-09-29 16:59 - 0003584 _____ () C:\Users\rehberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-25 11:42 - 2013-07-25 11:49 - 0007605 _____ () C:\Users\rehberg\AppData\Local\Resmon.ResmonCfg
2014-10-03 08:48 - 2014-10-03 08:48 - 0651770 _____ () C:\ProgramData\1412321632.bdinstall.bin
2013-01-02 10:13 - 2013-01-02 10:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-08-06 13:54 - 2015-12-14 10:25 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
Einige Dateien in TEMP:
====================
C:\Users\rehberg\AppData\Local\Temp\sqlite3.dll
Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\InkEd.dll
C:\Windows\SysWOW64\tdh.dll
C:\Windows\SysWOW64\tquery.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-12-22 08:52
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:20-12-2015
durchgeführt von Rehberg********** (2015-12-22 14:42:11)
Gestartet von F:\
Windows 7 Home Premium Service Pack 1 (X64) (2011-08-06 12:06:47)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2060828157-3897711240-3754088973-500 - Administrator - Disabled)
Gast (S-1-5-21-2060828157-3897711240-3754088973-501 - Limited - Disabled)
Rehberg-********** (S-1-5-21-2060828157-3897711240-3754088973-1000 - Administrator - Enabled) => C:\Users\Rehberg-**********
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Bitdefender Antivirus (Disabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Disabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
1&1 Upload-Manager (HKLM-x32\...\1&1 Upload-Manager) (Version: 2.0.676 - 1&1 Internet AG)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 8.3.2 - ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 3.12.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 3.4.1 - ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 18.14.0.1088 - Bitdefender)
BlackBerry Device Manager 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research in Motion Ltd.)
BlackBerry Device Manager 7.0 (x32 Version: 7.0.0.40 - Research in Motion Ltd.) Hidden
calibre (HKLM-x32\...\{AB259D81-DE6B-4554-B4A8-DB13D321FBF2}) (Version: 0.9.18 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.5.0.11 - Swiss Academic Software)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Content (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (x32 Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM-x32\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM-x32\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow Espresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021a - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3224a - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2225 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2429 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3428 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digitale Bibliothek 4 (HKLM-x32\...\Digitale Bibliothek 4) (Version: - )
Dropbox (HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
fotokasten comfort 5.0 (HKLM-x32\...\fotokasten comfort_is1) (Version: - )
Free Sound Recorder v9.6.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2013 FreeSoundRecorder Technologies, Inc.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii uslugi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.2.183.29 - Google Inc.) Hidden
GoToMeeting 7.7.1.4099 (HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\GoToMeeting) (Version: 7.7.1.4099 - CitrixOnline)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HDD Health v4.2 (HKLM-x32\...\HDD Health_is1) (Version: - )
HotPotatoes v 6.3.0.5 (HKLM-x32\...\hotpot_is1) (Version: - HalfBaked)
Hotspot Shield 2.52 (HKLM-x32\...\HotspotShield) (Version: 2.52 - AnchorFree)
Hotspot Shield Toolbar (HKLM-x32\...\Hotspot_Shield Toolbar) (Version: 6.9.0.16 - Hotspot Shield) <==== ACHTUNG
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.2 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2213 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2213 - CyberLink Corp.) Hidden
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Publisher 2000 (HKLM-x32\...\{00140407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837B34E3-7C30-493C-8F6A-2B0F04E2912C}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.4.0 (x86 de)) (Version: 38.4.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta uslugi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
quintexA 1.1.2 (HKLM-x32\...\{E7AF1817-4738-40A0-9A35-2A54C73BD49E}) (Version: - Markus Weber)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Reader for PC (HKLM-x32\...\{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}) (Version: 2.0.01.11080 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6237 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.9 - Saal Digital Fotoservice GmbH)
Saal Design Software (x32 Version: 3.9 - Saal Digital Fotoservice GmbH) Hidden
Scribus 1.4.5 (HKLM-x32\...\Scribus 1.4.5) (Version: 1.4.5 - The Scribus Team)
Spyware Terminator 2015 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.102 - Crawler Group)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TEXTPACK Demo (HKLM-x32\...\{E8BB8368-449D-4B6F-8C35-98FD884E6375}) (Version: 1.00.0000 - Your Company Name)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
X10 Hardware(TM) (HKLM-x32\...\X10Hardware) (Version: - )
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
S?????? f?t???af??? t?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rehberg-**********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Rehberg-**********\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Local\Citrix\GoToMeeting\3019\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2060828157-3897711240-3754088973-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Rehberg-**********\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
03-12-2015 09:28:08 Geplanter Prüfpunkt
12-12-2015 12:11:21 Geplanter Prüfpunkt
22-12-2015 09:00:20 Geplanter Prüfpunkt
22-12-2015 12:22:19 Installed Microsoft Fix it 50850
22-12-2015 12:23:21 Installed Microsoft Fix it 50850
22-12-2015 13:46:30 Installed Microsoft Fix it 50850
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {298574D9-9368-4A0A-A090-701F9D6F07DE} - System32\Tasks\G2MUploadTask-S-1-5-21-2060828157-3897711240-3754088973-1000
Task: {3F2F95D6-1756-449E-AD10-82CA0C94F747} - System32\Tasks\G2MUpdateTask-S-1-5-21-2060828157-3897711240-3754088973-1000
Task: {64EB8A2C-214E-4E80-8CC7-DEF53B0A9BFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {6AC46B60-CE95-4D27-BA97-23FC92A12251} - System32\Tasks\Driver Booster SkipUAC (Rehberg-**********) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {6B4714CE-A361-4E55-B19C-4C1DC4CF3AFA} - System32\Tasks\{BF10C650-05D1-40F9-B6B9-41FE4F165717} => pcalua.exe -a C:\Users\Rehberg-**********\Documents\Konten\WindowsPhone.exe -d C:\Users\Rehberg-**********\Documents\Konten
Task: {73713428-DF90-46ED-AED0-6B8C856D2DF7} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {7C516257-27C9-41D7-93D2-1A1EECFE8F7F} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe [2015-10-13] (Bitdefender)
Task: {9D9D75E5-24A7-404F-8AD2-261869FD2477} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {ABA5FD2A-CBDC-423C-B891-1EC9F6711568} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2060828157-3897711240-3754088973-1000Core => C:\Users\Rehberg-**********\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.)
Task: {AE674A65-5312-4984-9905-7E7C98FD15DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-11] (Adobe Systems Incorporated)
Task: {B8BBC847-7A2F-4B3F-8ED0-C3191F3C1386} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2060828157-3897711240-3754088973-1000UA => C:\Users\Rehberg-**********\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2060828157-3897711240-3754088973-1000Core.job => C:\Users\Rehberg-**********\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2060828157-3897711240-3754088973-1000UA.job => C:\Users\Rehberg-**********\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2060828157-3897711240-3754088973-1000.job => C:\Users\Rehberg-**********\AppData\Local\Citrix\GoToMeeting\4099\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2060828157-3897711240-3754088973-1000.job => C:\Users\Rehberg-**********\AppData\Local\Citrix\GoToMeeting\4099\g2mupload.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-10-03 09:19 - 2014-10-03 09:19 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-10-03 08:43 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-10-03 08:44 - 2014-08-26 15:14 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-12-16 17:50 - 2015-12-16 17:50 - 00876888 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01250_009\ashttpbr.mdl
2015-12-16 17:50 - 2015-12-16 17:50 - 00742976 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01250_009\ashttpdsp.mdl
2015-12-16 17:50 - 2015-12-16 17:50 - 02803536 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01250_009\ashttpph.mdl
2015-12-16 17:50 - 2015-12-16 17:50 - 01415584 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01250_009\ashttprbl.mdl
2012-03-26 22:45 - 2012-03-26 22:45 - 00329544 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2010-11-06 16:39 - 2010-02-10 12:34 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-03-30 03:34 - 2009-03-30 03:34 - 00280143 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libidn-11.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 01554920 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libeay32.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 00332254 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libssl32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Thumbs.db:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\AmazonMP3DownloaderInstall._V383688031_.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\audacity-win-2.0.3.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\Aufruf 10.9..pdf:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\Dropbox 2.2.8.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\fotokasten_comfort_[2116]_5-0-7.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\install_flashplayer17x32au_mssd_aaa_aih.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\jdk-7u25-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\nsmail-1.tmp:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\nsmail.tmp:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\PDFCreator-1_7_0_setup.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\PDFCreator-1_7_1_setup.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Desktop\ReaderInstaller1_1_04.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\53906453987404229937.pdf:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\adwcleaner_5.013.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\asc-setup_7.3.0.454.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\avira-eu-cleaner_de.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\bitdefender_antivirus.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\C5510MFPx64GDIGB_tcm3-35888.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\ccsetup510_slim.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\DNSBench-1.2.3925.0.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\driver_booster_setup.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\FreeSoundRecorder_9.6.1.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\hddh42.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\jxpiinstall.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\mbam-setup-2.2.0.1024.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\OkiC5510MFPGDIx64GE_tcm3-35967.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\PDFCreator-1_2_2_setup.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\SpywareTerminatorSetup2015_300102.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\Twain_tcm3-36006.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\TWAIN_tcm3-67577.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Downloads\WordAddinTabs_Setup.exe:BDU
AlternateDataStreams: C:\Users\Rehberg-**********\Documents\Thumbs.db:BDU
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\Software\Classes\.exe: exefile => "%1" %* <===== ACHTUNG
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\Software\Classes\exefile: "%1" %* <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2060828157-3897711240-3754088973-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Dienst läuft nicht.
MpsSvc => Firewall Dienst läuft nicht.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDDHealth.lnk => C:\Windows\pss\HDDHealth.lnk.CommonStartup
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Rehberg-**********\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN29LBWGK705KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{7C22EBDB-02C9-4762-BD52-F6CC2771544C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3B619D04-5C1F-4DB4-9302-0216D4945162}] => (Allow) LPort=2869
FirewallRules: [{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}] => (Allow) LPort=1900
FirewallRules: [{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{13149270-227A-4615-A9BC-2EBDBF0A4D43}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{BFB92C75-8301-4DF2-BCEA-EBAE46CCE371}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{3E8CFA13-042D-499B-AE59-0128C038DD36}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{34B3F213-ABD6-47E8-89CC-9600395FE292}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{D6FA85DF-376D-4D8D-AE71-9BC3D579BF4B}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{351A2443-61E1-4F1A-85D8-9FB50C61108E}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{866F4D45-ECDD-4205-82C5-5F802FA14F23}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{76490CB1-DBBA-4755-913C-634544A7AC84}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{111A9555-291A-4D7D-A6CA-D92D26D4EFC8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Konnte Geräte nicht auflisten. Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/22/2015 02:25:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 9.6.0.1014, Zeitstempel: 0x4b8f244b
Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.5485, Zeitstempel: 0x53a121fa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0010d595
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Error: (12/22/2015 02:25:45 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Schwerwiegender Fehler im Ausführungsmodul (70B8FB1E) (80131506).
Error: (12/22/2015 02:23:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lpksetup.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1f7
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000002a84e
ID des fehlerhaften Prozesses: 0xac0
Startzeit der fehlerhaften Anwendung: 0xlpksetup.exe0
Pfad der fehlerhaften Anwendung: lpksetup.exe1
Pfad des fehlerhaften Moduls: lpksetup.exe2
Berichtskennung: lpksetup.exe3
Error: (12/22/2015 01:58:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 9.6.0.1014, Zeitstempel: 0x4b8f244b
Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.5485, Zeitstempel: 0x53a121fa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0010d595
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Error: (12/22/2015 01:58:26 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Schwerwiegender Fehler im Ausführungsmodul (70D2FB1E) (80131506).
Error: (12/22/2015 01:56:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lpksetup.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1f7
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000002a84e
ID des fehlerhaften Prozesses: 0xb5c
Startzeit der fehlerhaften Anwendung: 0xlpksetup.exe0
Pfad der fehlerhaften Anwendung: lpksetup.exe1
Pfad des fehlerhaften Moduls: lpksetup.exe2
Berichtskennung: lpksetup.exe3
Error: (12/22/2015 01:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lpksetup.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1f7
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000002a84e
ID des fehlerhaften Prozesses: 0xf14
Startzeit der fehlerhaften Anwendung: 0xlpksetup.exe0
Pfad der fehlerhaften Anwendung: lpksetup.exe1
Pfad des fehlerhaften Moduls: lpksetup.exe2
Berichtskennung: lpksetup.exe3
Error: (12/22/2015 01:46:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 9.6.0.1014, Zeitstempel: 0x4b8f244b
Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.5485, Zeitstempel: 0x53a121fa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0010d595
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Error: (12/22/2015 01:46:50 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Schwerwiegender Fehler im Ausführungsmodul (6F7AFB1E) (80131506).
Error: (12/22/2015 01:44:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lpksetup.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1f7
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000002a84e
ID des fehlerhaften Prozesses: 0xa90
Startzeit der fehlerhaften Anwendung: 0xlpksetup.exe0
Pfad der fehlerhaften Anwendung: lpksetup.exe1
Pfad des fehlerhaften Moduls: lpksetup.exe2
Berichtskennung: lpksetup.exe3
Systemfehler:
=============
Error: (12/22/2015 02:42:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Error: (12/22/2015 02:42:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Error: (12/22/2015 02:41:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Error: (12/22/2015 02:41:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Error: (12/22/2015 02:40:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Error: (12/22/2015 02:40:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Error: (12/22/2015 02:39:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Error: (12/22/2015 02:39:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Error: (12/22/2015 02:38:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Error: (12/22/2015 02:38:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
CodeIntegrity:
===================================
Date: 2013-11-26 19:56:00.743
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00216_047\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-26 18:08:22.258
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00216_047\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-26 17:58:17.475
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00216_047\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-26 16:55:55.557
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00216_047\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-26 14:51:19.318
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00216_047\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-26 14:37:03.912
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00216_047\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-26 14:26:40.008
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00216_047\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-26 14:19:36.112
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00216_047\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-26 12:39:10.480
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00216_047\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-26 12:28:10.641
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00216_047\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Prozentuale Nutzung des RAM: 39%
Installierter physikalischer RAM: 3893.49 MB
Verfügbarer physikalischer RAM: 2353.2 MB
Summe virtueller Speicher: 7785.18 MB
Verfügbarer virtueller Speicher: 6129.52 MB
==================== Laufwerke ================================
Drive c: (Computer) (Fixed) (Total:546.25 GB) (Free:110.63 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48.83 GB) (Free:6.78 GB) NTFS
Drive f: (CLONEZILLA) (Removable) (Total:0.94 GB) (Free:0.79 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=546.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1023 MB) - (Type=12)
========================================================
Disk: 1 (Size: 964 MB) (Disk ID: 3E07DA8B)
Partition 1: (Active) - (Size=964 MB) - (Type=0B)
==================== Ende von Addition.txt ============================
Geändert von mrehberg (22.12.2015 um 15:52 Uhr) |
|
22.12.2015, 15:57
| #2 |
| /// Malwareteam   | Firefox u. Thunderbird starten nicht + Meldung, dass Word für aktuellen Benutzer nicht installiert wurde + div. andere Probleme Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen. Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
 Schritt 1 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
22.12.2015, 16:27
| #3 |
| | Firefox u. Thunderbird starten nicht + Meldung, dass Word für aktuellen Benutzer nicht installiert wurde + div. andere Probleme Hallo, Danke für die schnelle Reaktion.
__________________Schritt 1 habe ich erledigt, jedoch war das Aktualisieren der Datenbank nicht möglich, weil der Rechner ja nicht ins Internet kommt. Ein Neustart wurde vom Programm nicht angefordert. Hier die Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2014.11.18.05
rootkit: v2014.11.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18059
Rehberg-Schroth :: RS-PC [administrator]
22.12.2015 16:02:02
mbar-log-2015-12-22 (16-02-02).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 339780
Time elapsed: 18 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
22.12.2015, 16:39
| #4 |
| /// Malwareteam | Firefox u. Thunderbird starten nicht + Meldung, dass Word für aktuellen Benutzer nicht installiert wurde + div. andere Probleme Ah okay... Frage Kannst du ausprobieren, deinen PC per Kabel mit dem Internet resp. deiner Fritzbox zu verbinden? Hast du dann Internet? Schritt 1 Scan mit Combofix
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~  Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
22.12.2015, 17:24
| #5 |
| | Firefox u. Thunderbird starten nicht + Meldung, dass Word für aktuellen Benutzer nicht installiert wurde + div. andere Probleme Antwort zu Deiner Frage: Nein, über LAN bekomme ich auch keinen Internetzugriff. Log-Datei zu Schritt 1: Code:
ATTFilter ComboFix 15-12-16.01 - Rehberg 22.12.2015 16:56:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3893.2176 [GMT 1:00]
ausgeführt von:: c:\users\Rehberg\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Outdated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Spyware-Schutz *Disabled/Outdated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1&1
c:\programdata\1&1\1&1 Upload-Manager\ULMSettings.xml
c:\programdata\1412321632.bdinstall.bin
c:\users\Rehberg\AppData\Roaming\1&1
c:\users\Rehberg\AppData\Roaming\1&1\1&1 Upload-Manager\ExceptionLog.txt
c:\users\Rehberg\AppData\Roaming\1&1\1&1 Upload-Manager\MiniDump.dmp
c:\users\Rehberg\AppData\Roaming\1&1\1&1 Upload-Manager\ULMSettings.xml
c:\users\Rehberg\videos\hpphotocreations.exe
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-11-22 bis 2015-12-22 ))))))))))))))))))))))))))))))
.
.
2015-12-22 16:07 . 2015-12-22 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-22 15:01 . 2015-12-22 15:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-12-22 13:41 . 2015-12-22 13:43 -------- d-----w- C:\FRST
2015-12-19 09:15 . 2015-12-22 14:14 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2015-12-17 01:10 . 2015-12-17 01:10 -------- d-----w- C:\found.001
2015-12-14 11:47 . 2015-12-14 11:47 -------- d-----w- C:\OneDriveTemp
2015-12-11 08:28 . 2015-12-11 08:28 9498816 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-11-26 09:52 . 2015-11-28 09:33 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-22 15:01 . 2015-10-28 19:15 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-22 15:01 . 2015-10-28 19:14 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-22 12:25 . 2015-09-09 08:15 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-12-22 12:25 . 2015-09-09 08:15 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-12-22 12:25 . 2015-09-09 08:19 115136 ----a-w- c:\windows\system32\consent.exe
2015-12-22 12:25 . 2015-03-11 09:44 1005056 ----a-w- c:\windows\SysWow64\cryptui.dll
2015-12-17 01:38 . 2015-08-13 13:53 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-12-14 09:25 . 2011-08-06 12:54 952 --sha-w- c:\programdata\KGyGaAvL.sys
2015-12-11 08:28 . 2012-05-11 15:18 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-12-11 08:28 . 2011-12-20 10:54 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-11-20 07:53 . 2015-10-27 20:41 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-10-22 08:42 . 2010-07-07 15:49 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-10-13 09:47 . 2015-10-21 10:04 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09BA9033-295A-4F34-B5AC-D0985BDDB39A}\mpengine.dll
2015-10-05 08:50 . 2015-10-28 19:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 08:50 . 2015-10-28 19:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-01 18:06 . 2015-10-14 08:22 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-01 18:04 . 2015-10-14 08:22 616360 ----a-w- c:\windows\system32\winresume.efi
2015-10-01 18:00 . 2015-10-14 08:22 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 18:00 . 2015-10-14 08:22 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 18:00 . 2015-10-14 08:22 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 18:00 . 2015-10-14 08:22 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 18:00 . 2015-10-14 08:22 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50 . 2015-10-14 08:22 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-10-01 17:00 . 2015-10-14 08:22 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-29 03:16 . 2015-10-14 09:35 5569472 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-09-29 03:13 . 2015-10-14 09:35 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-09-29 03:11 . 2015-10-14 09:35 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-09-29 03:11 . 2015-10-14 09:35 243712 ----a-w- c:\windows\system32\wow64.dll
2015-09-29 03:11 . 2015-10-14 09:35 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-09-29 03:11 . 2015-10-14 09:35 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-09-29 03:11 . 2015-10-14 09:35 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-09-29 03:11 . 2015-10-14 09:35 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-09-29 03:11 . 2015-10-14 09:35 503808 ----a-w- c:\windows\system32\srcore.dll
2015-09-29 03:11 . 2015-10-14 09:35 50176 ----a-w- c:\windows\system32\srclient.dll
2015-09-29 03:10 . 2015-10-14 09:35 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-09-29 03:10 . 2015-10-14 09:35 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-09-29 03:10 . 2015-10-14 09:35 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-09-29 03:10 . 2015-10-14 09:35 729088 ----a-w- c:\windows\system32\kerberos.dll
2015-09-29 03:10 . 2015-10-14 09:35 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-09-29 03:10 . 2015-10-14 09:35 1164800 ----a-w- c:\windows\system32\kernel32.dll
2015-09-29 03:10 . 2015-10-14 09:35 22016 ----a-w- c:\windows\system32\credssp.dll
2015-09-29 03:10 . 2015-10-14 09:35 44032 ----a-w- c:\windows\system32\cryptbase.dll
2015-09-29 03:10 . 2015-10-14 09:35 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-09-29 03:10 . 2015-10-14 09:35 112640 ----a-w- c:\windows\system32\smss.exe
2015-09-29 03:10 . 2015-10-14 09:35 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-09-29 03:09 . 2015-10-14 09:35 338432 ----a-w- c:\windows\system32\conhost.exe
2015-09-29 03:09 . 2015-10-14 09:35 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-09-29 03:05 . 2015-10-14 09:35 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-09-29 03:05 . 2015-10-14 09:35 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-09-29 03:05 . 2015-10-14 09:36 3990976 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-09-29 03:05 . 2015-10-14 09:36 3936192 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-09-29 03:02 . 2015-10-14 09:36 1311768 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-09-29 03:01 . 2015-10-14 09:35 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-09-29 03:01 . 2015-10-14 09:35 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-29 03:01 . 2015-10-14 09:35 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-09-29 02:59 . 2015-10-14 09:36 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-09-29 02:59 . 2015-10-14 09:36 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-09-29 02:59 . 2015-10-14 09:36 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-09-29 02:59 . 2015-10-14 09:36 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-09-29 02:59 . 2015-10-14 09:36 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-09-29 02:58 . 2015-10-14 09:36 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-09-29 02:58 . 2015-10-14 09:36 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
2015-09-29 02:58 . 2015-10-14 09:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-29 02:58 . 2015-10-14 09:36 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-09-29 02:58 . 2015-10-14 09:36 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-09-29 02:57 . 2015-10-14 09:36 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-09-29 02:57 . 2015-10-14 09:36 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-09-29 02:57 . 2015-10-14 09:36 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-09-29 02:53 . 2015-10-14 09:36 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-09-29 02:53 . 2015-10-14 09:36 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-09-29 02:49 . 2015-10-14 09:36 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-09-29 02:49 . 2015-10-14 09:36 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-29 02:49 . 2015-10-14 09:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
2015-07-27 02:15 1255248 ----a-w- c:\progra~2\Spyware Terminator\STInternetGuard.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-12-14 11:46 1587912 ----a-w- c:\users\Rehberg\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-12-14 11:46 1587912 ----a-w- c:\users\Rehberg\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-12-14 11:46 1587912 ----a-w- c:\users\Rehberg\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-12-14 11:46 1587912 ----a-w- c:\users\Rehberg\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-12-14 11:46 1587912 ----a-w- c:\users\Rehberg\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\Rehberg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\Rehberg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\Rehberg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender-Geldbörse-Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-02-24 790880]
"OneDrive"="c:\users\Rehberg\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2015-12-14 551112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-11-09 596528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HDDHealth;HDDHealth;c:\program files (x86)\HDD Health\HDDHealthService.exe;c:\program files (x86)\HDD Health\HDDHealthService.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mod7764;Tv Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys;c:\windows\SYSNATIVE\DRIVERS\mod77-64.sys [x]
R3 NxpCap64;CTX capture service;c:\windows\system32\DRIVERS\NxpCap64.sys;c:\windows\SYSNATIVE\DRIVERS\NxpCap64.sys [x]
R3 OKI OPHF DCS Loader;OKI OPHF DCS Loader;c:\windows\system32\spool\DRIVERS\x64\3\OPHFLDCS.EXE;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\OPHFLDCS.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TrdCap64;CTX's capture service;c:\windows\system32\DRIVERS\TrdCap64.sys;c:\windows\SYSNATIVE\DRIVERS\TrdCap64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 ui11rdr;ui11rdr;c:\windows\system32\DRIVERS\ui11rdr.sys;c:\windows\SYSNATIVE\DRIVERS\ui11rdr.sys [x]
S2 DiagTrack;DiagTrack;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2015 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe;c:\program files (x86)\Launch Manager\WisLMSvc.exe [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys;c:\windows\SYSNATIVE\Drivers\x10hid.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 08:28]
.
2015-12-22 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2060828157-3897711240-3754088973-1000Core.job
- c:\users\Rehberg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12 09:53]
.
2015-12-22 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2060828157-3897711240-3754088973-1000UA.job
- c:\users\Rehberg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12 09:53]
.
2015-12-22 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2060828157-3897711240-3754088973-1000.job
- c:\users\Rehberg\AppData\Local\Citrix\GoToMeeting\4099\g2mupdate.exe [2015-12-15 11:40]
.
2015-12-22 c:\windows\Tasks\G2MUploadTask-S-1-5-21-2060828157-3897711240-3754088973-1000.job
- c:\users\Rehberg\AppData\Local\Citrix\GoToMeeting\4099\g2mupload.exe [2015-12-15 11:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
2015-07-27 02:15 2013520 ----a-w- c:\progra~2\Spyware Terminator\STInternetGuard64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-12-14 11:46 1641664 ----a-w- c:\users\Rehberg\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-12-14 11:46 1641664 ----a-w- c:\users\Rehberg\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-12-14 11:46 1641664 ----a-w- c:\users\Rehberg\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-12-14 11:46 1641664 ----a-w- c:\users\Rehberg\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-12-14 11:46 1641664 ----a-w- c:\users\Rehberg\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\Rehberg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\Rehberg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\Rehberg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\Rehberg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11548264]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2015-04-12 1691112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Rehberg\AppData\Roaming\Mozilla\Firefox\Profiles\23wvpkzv.default-1445984042115\
.
.
------- Dateityp-Verknüpfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Rehberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - (no file)
SafeBoot-BsScanner
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\progra~2\COMMON~1\X10\Common\x10nets.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-12-22 17:18:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-12-22 16:18
.
Vor Suchlauf: 17 Verzeichnis(se), 118.087.835.648 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 117.908.996.096 Bytes frei
.
- - End Of File - - 0AEA5D70FE0253D9DBEE7FA44DE20B3B
|
|
22.12.2015, 17:46
| #6 |
| /// Malwareteam | Firefox u. Thunderbird starten nicht + Meldung, dass Word für aktuellen Benutzer nicht installiert wurde + div. andere Probleme Seit wann hast du diese ganzen Probleme? Bevor wir hier uns weiter mit dem Internet beschäftigen, möchte ich sicher gehen, dass nicht doch ein Rootkit auf deinem System ist: Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Firefox u. Thunderbird starten nicht + Meldung, dass Word für aktuellen Benutzer nicht installiert wurde + div. andere Probleme |
|
23.12.2015, 11:37
| #7 |
| | Firefox u. Thunderbird starten nicht + Meldung, dass Word für aktuellen Benutzer nicht installiert wurde + div. andere Probleme Die Probleme so massiv seit ca. einer Woche, allerdings gab es vor Monaten schon Funde von Adware und Trojaner. Anbei die Log: Code:
ATTFilter 17:49:32.0319 0x0e18 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
17:49:42.0397 0x0e18 ============================================================
17:49:42.0397 0x0e18 Current date / time: 2015/12/22 17:49:42.0397
17:49:42.0397 0x0e18 SystemInfo:
17:49:42.0397 0x0e18
17:49:42.0397 0x0e18 OS Version: 6.1.7601 ServicePack: 1.0
17:49:42.0397 0x0e18 Product type: Workstation
17:49:42.0397 0x0e18 ComputerName: RS-PC
17:49:42.0397 0x0e18 UserName: Rehberg
17:49:42.0397 0x0e18 Windows directory: C:\Windows
17:49:42.0397 0x0e18 System windows directory: C:\Windows
17:49:42.0397 0x0e18 Running under WOW64
17:49:42.0397 0x0e18 Processor architecture: Intel x64
17:49:42.0397 0x0e18 Number of processors: 4
17:49:42.0397 0x0e18 Page size: 0x1000
17:49:42.0397 0x0e18 Boot type: Normal boot
17:49:42.0397 0x0e18 ============================================================
17:49:42.0569 0x0e18 KLMD registered as C:\Windows\system32\drivers\15011262.sys
17:49:43.0224 0x0e18 System UUID: {162029AB-E9EE-F104-7DF0-9BA1A0FA65CF}
17:49:43.0973 0x0e18 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:49:44.0066 0x0e18 Drive \Device\Harddisk1\DR2 - Size: 0x3C400000 ( 0.94 Gb ), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:49:44.0066 0x0e18 ============================================================
17:49:44.0066 0x0e18 \Device\Harddisk0\DR0:
17:49:44.0066 0x0e18 MBR partitions:
17:49:44.0066 0x0e18 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:49:44.0066 0x0e18 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4447D800
17:49:44.0066 0x0e18 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x444B0000, BlocksNum 0x61A8000
17:49:44.0066 0x0e18 \Device\Harddisk1\DR2:
17:49:44.0066 0x0e18 MBR partitions:
17:49:44.0066 0x0e18 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1E1FC1
17:49:44.0066 0x0e18 ============================================================
17:49:44.0098 0x0e18 C: <-> \Device\Harddisk0\DR0\Partition2
17:49:44.0144 0x0e18 D: <-> \Device\Harddisk0\DR0\Partition3
17:49:44.0144 0x0e18 ============================================================
17:49:44.0144 0x0e18 Initialize success
17:49:44.0144 0x0e18 ============================================================
17:50:34.0564 0x0ccc ============================================================
17:50:34.0564 0x0ccc Scan started
17:50:34.0564 0x0ccc Mode: Manual; SigCheck; TDLFS;
17:50:34.0564 0x0ccc ============================================================
17:50:34.0564 0x0ccc KSN ping started
17:50:57.0745 0x0ccc KSN ping finished: false
17:50:58.0213 0x0ccc ================ Scan system memory ========================
17:50:58.0213 0x0ccc System memory - ok
17:50:58.0213 0x0ccc ================ Scan services =============================
17:50:58.0385 0x0ccc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:50:58.0556 0x0ccc 1394ohci - ok
17:50:58.0603 0x0ccc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:50:58.0650 0x0ccc ACPI - ok
17:50:58.0681 0x0ccc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:50:58.0744 0x0ccc AcpiPmi - ok
17:50:58.0853 0x0ccc [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:50:58.0931 0x0ccc AdobeARMservice - ok
17:50:59.0040 0x0ccc [ F54564025D2284AE498E51D7C139F971, AAA48F38B81DB894854E8C84DB2E1F5C8447AA982D27C0BB78FF2786D9F80F83 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:50:59.0071 0x0ccc AdobeFlashPlayerUpdateSvc - ok
17:50:59.0149 0x0ccc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:50:59.0196 0x0ccc adp94xx - ok
17:50:59.0243 0x0ccc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:50:59.0290 0x0ccc adpahci - ok
17:50:59.0321 0x0ccc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:50:59.0368 0x0ccc adpu320 - ok
17:50:59.0399 0x0ccc [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:50:59.0477 0x0ccc AeLookupSvc - ok
17:50:59.0524 0x0ccc [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
17:50:59.0633 0x0ccc AFD - ok
17:50:59.0680 0x0ccc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
17:50:59.0711 0x0ccc agp440 - ok
17:50:59.0742 0x0ccc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
17:50:59.0804 0x0ccc ALG - ok
17:50:59.0851 0x0ccc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
17:50:59.0898 0x0ccc aliide - ok
17:50:59.0929 0x0ccc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
17:50:59.0976 0x0ccc amdide - ok
17:51:00.0023 0x0ccc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:51:00.0070 0x0ccc AmdK8 - ok
17:51:00.0085 0x0ccc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:51:00.0148 0x0ccc AmdPPM - ok
17:51:00.0179 0x0ccc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:51:00.0210 0x0ccc amdsata - ok
17:51:00.0241 0x0ccc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:51:00.0272 0x0ccc amdsbs - ok
17:51:00.0288 0x0ccc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:51:00.0350 0x0ccc amdxata - ok
17:51:00.0397 0x0ccc [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
17:51:00.0475 0x0ccc AppID - ok
17:51:00.0491 0x0ccc [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:51:00.0584 0x0ccc AppIDSvc - ok
17:51:00.0616 0x0ccc [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\Windows\System32\appinfo.dll
17:51:00.0694 0x0ccc Appinfo - ok
17:51:00.0772 0x0ccc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:51:00.0787 0x0ccc arc - ok
17:51:00.0818 0x0ccc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:51:00.0850 0x0ccc arcsas - ok
17:51:00.0943 0x0ccc [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:51:00.0990 0x0ccc aspnet_state - ok
17:51:01.0037 0x0ccc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:51:01.0084 0x0ccc AsyncMac - ok
17:51:01.0130 0x0ccc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
17:51:01.0146 0x0ccc atapi - ok
17:51:01.0208 0x0ccc [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:51:01.0302 0x0ccc AudioEndpointBuilder - ok
17:51:01.0349 0x0ccc [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:51:01.0396 0x0ccc AudioSrv - ok
17:51:01.0520 0x0ccc [ 1517FBA8213F75ECCD9311DE493DD8C9, B5296BE2501F19B525BBC774465CB03E06BD5DE17DAED058CC74B0121D569EEF ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
17:51:01.0567 0x0ccc avc3 - ok
17:51:01.0630 0x0ccc [ 075AE98458B00E98F3104D777C062032, 3447D7E2439B8EE89047E3C43973490F47129C416A983B72F86EF67EB349F794 ] avchv C:\Windows\system32\DRIVERS\avchv.sys
17:51:01.0692 0x0ccc avchv - ok
17:51:01.0770 0x0ccc [ D1A0A4A314FCE6478F2E8C05D8DABC5B, 2EF0DE520081AB82B53733209EB1791D99ADA5E0F9E94B0EAC56E4609CB67D72 ] avckf C:\Windows\system32\DRIVERS\avckf.sys
17:51:01.0817 0x0ccc avckf - ok
17:51:01.0864 0x0ccc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:51:01.0988 0x0ccc AxInstSV - ok
17:51:02.0035 0x0ccc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:51:02.0098 0x0ccc b06bdrv - ok
17:51:02.0144 0x0ccc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:51:02.0207 0x0ccc b57nd60a - ok
17:51:02.0254 0x0ccc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
17:51:02.0316 0x0ccc BDESVC - ok
17:51:02.0456 0x0ccc [ EC80614A72BC7039D2B22E3DD6C15895, 932260AB126523428B884034162E3619E1B7FA13720F830783B592AAE825AC86 ] bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
17:51:02.0488 0x0ccc bdfwfpf - ok
17:51:02.0519 0x0ccc [ 397307349A31F530718DAE781825A8EB, 65F6B1E7556A5B3D63BDD80E0E1D4BCB0A2CB804622DB7C511EBC4B5CFDA5A10 ] BDSandBox C:\Windows\system32\drivers\bdsandbox.sys
17:51:02.0550 0x0ccc BDSandBox - ok
17:51:02.0581 0x0ccc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
17:51:02.0690 0x0ccc Beep - ok
17:51:02.0784 0x0ccc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
17:51:02.0909 0x0ccc BFE - ok
17:51:02.0971 0x0ccc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
17:51:03.0080 0x0ccc BITS - ok
17:51:03.0112 0x0ccc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:51:03.0158 0x0ccc blbdrive - ok
17:51:03.0205 0x0ccc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:51:03.0268 0x0ccc bowser - ok
17:51:03.0314 0x0ccc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:51:03.0424 0x0ccc BrFiltLo - ok
17:51:03.0439 0x0ccc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:51:03.0502 0x0ccc BrFiltUp - ok
17:51:03.0548 0x0ccc [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:51:03.0611 0x0ccc BridgeMP - ok
17:51:03.0658 0x0ccc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
17:51:03.0689 0x0ccc Browser - ok
17:51:03.0736 0x0ccc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:51:03.0814 0x0ccc Brserid - ok
17:51:03.0845 0x0ccc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:51:03.0923 0x0ccc BrSerWdm - ok
17:51:03.0970 0x0ccc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:51:04.0048 0x0ccc BrUsbMdm - ok
17:51:04.0079 0x0ccc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:51:04.0094 0x0ccc BrUsbSer - ok
17:51:04.0110 0x0ccc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:51:04.0188 0x0ccc BTHMODEM - ok
17:51:04.0219 0x0ccc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
17:51:04.0328 0x0ccc bthserv - ok
17:51:04.0375 0x0ccc catchme - ok
17:51:04.0406 0x0ccc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:51:04.0516 0x0ccc cdfs - ok
17:51:04.0578 0x0ccc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:51:04.0640 0x0ccc cdrom - ok
17:51:04.0687 0x0ccc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
17:51:04.0750 0x0ccc CertPropSvc - ok
17:51:04.0796 0x0ccc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:51:04.0812 0x0ccc circlass - ok
17:51:04.0859 0x0ccc [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
17:51:04.0906 0x0ccc CLFS - ok
17:51:04.0952 0x0ccc [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:51:05.0015 0x0ccc clr_optimization_v2.0.50727_32 - ok
17:51:05.0062 0x0ccc [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:51:05.0124 0x0ccc clr_optimization_v2.0.50727_64 - ok
17:51:05.0186 0x0ccc clr_optimization_v4.0.30319_32 - ok
17:51:05.0202 0x0ccc [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:51:05.0233 0x0ccc clr_optimization_v4.0.30319_64 - ok
17:51:05.0264 0x0ccc [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
17:51:05.0327 0x0ccc clwvd - ok
17:51:05.0358 0x0ccc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:51:05.0436 0x0ccc CmBatt - ok
17:51:05.0467 0x0ccc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:51:05.0514 0x0ccc cmdide - ok
17:51:05.0592 0x0ccc [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
17:51:05.0639 0x0ccc CNG - ok
17:51:05.0670 0x0ccc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:51:05.0686 0x0ccc Compbatt - ok
17:51:05.0717 0x0ccc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:51:05.0779 0x0ccc CompositeBus - ok
17:51:05.0810 0x0ccc COMSysApp - ok
17:51:05.0842 0x0ccc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:51:05.0904 0x0ccc crcdisk - ok
17:51:05.0951 0x0ccc [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:51:05.0982 0x0ccc CryptSvc - ok
17:51:06.0060 0x0ccc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:51:06.0122 0x0ccc DcomLaunch - ok
17:51:06.0169 0x0ccc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
17:51:06.0294 0x0ccc defragsvc - ok
17:51:06.0325 0x0ccc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:51:06.0419 0x0ccc DfsC - ok
17:51:06.0466 0x0ccc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:51:06.0559 0x0ccc Dhcp - ok
17:51:06.0684 0x0ccc [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll
17:51:06.0809 0x0ccc DiagTrack - ok
17:51:06.0840 0x0ccc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
17:51:06.0902 0x0ccc discache - ok
17:51:06.0949 0x0ccc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:51:06.0965 0x0ccc Disk - ok
17:51:07.0012 0x0ccc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:51:07.0105 0x0ccc Dnscache - ok
17:51:07.0152 0x0ccc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
17:51:07.0261 0x0ccc dot3svc - ok
17:51:07.0308 0x0ccc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
17:51:07.0386 0x0ccc DPS - ok
17:51:07.0433 0x0ccc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:51:07.0495 0x0ccc drmkaud - ok
17:51:07.0573 0x0ccc [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:51:07.0636 0x0ccc DXGKrnl - ok
17:51:07.0682 0x0ccc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
17:51:07.0776 0x0ccc EapHost - ok
17:51:07.0932 0x0ccc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:51:08.0057 0x0ccc ebdrv - ok
17:51:08.0104 0x0ccc [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] EFS C:\Windows\System32\lsass.exe
17:51:08.0135 0x0ccc EFS - ok
17:51:08.0228 0x0ccc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:51:08.0322 0x0ccc ehRecvr - ok
17:51:08.0353 0x0ccc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
17:51:08.0400 0x0ccc ehSched - ok
17:51:08.0462 0x0ccc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:51:08.0509 0x0ccc elxstor - ok
17:51:08.0540 0x0ccc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:51:08.0556 0x0ccc ErrDev - ok
17:51:08.0603 0x0ccc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
17:51:08.0650 0x0ccc EventSystem - ok
17:51:08.0696 0x0ccc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
17:51:08.0821 0x0ccc exfat - ok
17:51:08.0852 0x0ccc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:51:08.0915 0x0ccc fastfat - ok
17:51:08.0993 0x0ccc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
17:51:09.0102 0x0ccc Fax - ok
17:51:09.0118 0x0ccc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:51:09.0164 0x0ccc fdc - ok
17:51:09.0196 0x0ccc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
17:51:09.0305 0x0ccc fdPHost - ok
17:51:09.0320 0x0ccc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
17:51:09.0383 0x0ccc FDResPub - ok
17:51:09.0430 0x0ccc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:51:09.0461 0x0ccc FileInfo - ok
17:51:09.0492 0x0ccc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:51:09.0586 0x0ccc Filetrace - ok
17:51:09.0617 0x0ccc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:51:09.0632 0x0ccc flpydisk - ok
17:51:09.0664 0x0ccc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:51:09.0710 0x0ccc FltMgr - ok
17:51:09.0804 0x0ccc [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll
17:51:09.0898 0x0ccc FontCache - ok
17:51:09.0960 0x0ccc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:51:10.0007 0x0ccc FontCache3.0.0.0 - ok
17:51:10.0054 0x0ccc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:51:10.0085 0x0ccc FsDepends - ok
17:51:10.0116 0x0ccc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:51:10.0132 0x0ccc Fs_Rec - ok
17:51:10.0178 0x0ccc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:51:10.0241 0x0ccc fvevol - ok
17:51:10.0288 0x0ccc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:51:10.0319 0x0ccc gagp30kx - ok
17:51:10.0381 0x0ccc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
17:51:10.0506 0x0ccc gpsvc - ok
17:51:10.0568 0x0ccc [ 4250E0978FBC9B3C0D115CD26C5BA9F4, 5674E267D9053BDF185A73C689CB125EE70AE14C7F2D0E37718379F425EBDC01 ] gzflt C:\Windows\system32\DRIVERS\gzflt.sys
17:51:10.0615 0x0ccc gzflt - ok
17:51:10.0631 0x0ccc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:51:10.0724 0x0ccc hcw85cir - ok
17:51:10.0756 0x0ccc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:51:10.0849 0x0ccc HdAudAddService - ok
17:51:10.0896 0x0ccc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:51:10.0974 0x0ccc HDAudBus - ok
17:51:11.0083 0x0ccc [ 354F7AC7AE454A1DAF85BF7C0FFEFD07, 0C404A04A7A18E07629ED3C6809C3D534ECEA34807EDDBE69AB5007B1B331596 ] HDDHealth C:\Program Files (x86)\HDD Health\HDDHealthService.exe
17:51:11.0130 0x0ccc HDDHealth - detected UnsignedFile.Multi.Generic ( 1 )
17:51:11.0239 0x0ccc HDDHealth ( UnsignedFile.Multi.Generic ) - warning
17:51:11.0239 0x0ccc Force sending object to P2P due to detect: HDDHealth
17:51:11.0255 0x0ccc Object send P2P result: false
17:51:11.0302 0x0ccc [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:51:11.0333 0x0ccc HECIx64 - ok
17:51:11.0364 0x0ccc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:51:11.0442 0x0ccc HidBatt - ok
17:51:11.0489 0x0ccc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:51:11.0520 0x0ccc HidBth - ok
17:51:11.0551 0x0ccc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:51:11.0614 0x0ccc HidIr - ok
17:51:11.0645 0x0ccc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
17:51:11.0738 0x0ccc hidserv - ok
17:51:11.0770 0x0ccc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:51:11.0816 0x0ccc HidUsb - ok
17:51:11.0848 0x0ccc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:51:11.0941 0x0ccc hkmsvc - ok
17:51:11.0988 0x0ccc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:51:12.0035 0x0ccc HomeGroupListener - ok
17:51:12.0082 0x0ccc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:51:12.0160 0x0ccc HomeGroupProvider - ok
17:51:12.0191 0x0ccc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:51:12.0222 0x0ccc HpSAMD - ok
17:51:12.0331 0x0ccc [ 2CFEA9C337B699ACA38487E8A7438F35, 2BD6718798A246C996109745107834AE8F768EA7A01EE305F162C65AA5F7D4EB ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
17:51:12.0362 0x0ccc HssSrv - ok
17:51:12.0409 0x0ccc [ 4EFB7FC2A11DB10AB6205206D60C432B, 20DEBB1A0CF6E6D5EAC98662CC9DB87BAC363CC8FF5F60921EC42FFD8BCC2C43 ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
17:51:12.0456 0x0ccc HssTrayService - ok
17:51:12.0472 0x0ccc HssWd - ok
17:51:12.0550 0x0ccc [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:51:12.0659 0x0ccc HTTP - ok
17:51:12.0784 0x0ccc [ E5805896A55D4166C20F216249F40FA3, F426BF60D5B916E7A778EF24C49FE1FFE1B2977C2ABD2977FD5C38C6E6CB139F ] HWiNFO32 C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
17:51:12.0815 0x0ccc HWiNFO32 - ok
17:51:12.0846 0x0ccc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:51:12.0893 0x0ccc hwpolicy - ok
17:51:12.0940 0x0ccc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:51:13.0033 0x0ccc i8042prt - ok
17:51:13.0080 0x0ccc [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:51:13.0111 0x0ccc iaStor - ok
17:51:13.0189 0x0ccc [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:51:13.0236 0x0ccc IAStorDataMgrSvc - ok
17:51:13.0298 0x0ccc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:51:13.0330 0x0ccc iaStorV - ok
17:51:13.0439 0x0ccc [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:51:13.0486 0x0ccc idsvc - ok
17:51:13.0517 0x0ccc IEEtwCollectorService - ok
17:51:13.0922 0x0ccc [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:51:14.0453 0x0ccc igfx - ok
17:51:14.0500 0x0ccc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:51:14.0531 0x0ccc iirsp - ok
17:51:14.0593 0x0ccc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
17:51:14.0687 0x0ccc IKEEXT - ok
17:51:14.0734 0x0ccc [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
17:51:14.0796 0x0ccc Impcd - detected UnsignedFile.Multi.Generic ( 1 )
17:51:14.0796 0x0ccc Impcd ( UnsignedFile.Multi.Generic ) - warning
17:51:14.0936 0x0ccc [ 4E2745DB3ADEF0FFA5E14857666AAE13, D10E98F641D7C693FAF95ED4F8161CE3DD75F69518178745707DD66CCF8DE63E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:51:15.0014 0x0ccc IntcAzAudAddService - ok
17:51:15.0046 0x0ccc [ 03C74719D48056A1078F3A51CEB76BAA, 34BCC73EE4D65E1F282208C243C54BBD8458DB50FA893DE3306E1A1E73D05B1A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:51:15.0124 0x0ccc IntcDAud - ok
17:51:15.0155 0x0ccc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
17:51:15.0170 0x0ccc intelide - ok
17:51:15.0202 0x0ccc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:51:15.0264 0x0ccc intelppm - ok
17:51:15.0311 0x0ccc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:51:15.0436 0x0ccc IPBusEnum - ok
17:51:15.0467 0x0ccc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:51:15.0560 0x0ccc IpFilterDriver - ok
17:51:15.0623 0x0ccc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:51:15.0716 0x0ccc iphlpsvc - ok
17:51:15.0748 0x0ccc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:51:15.0810 0x0ccc IPMIDRV - ok
17:51:15.0841 0x0ccc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:51:15.0950 0x0ccc IPNAT - ok
17:51:15.0982 0x0ccc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:51:16.0091 0x0ccc IRENUM - ok
17:51:16.0122 0x0ccc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:51:16.0138 0x0ccc isapnp - ok
17:51:16.0169 0x0ccc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:51:16.0200 0x0ccc iScsiPrt - ok
17:51:16.0231 0x0ccc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:51:16.0247 0x0ccc kbdclass - ok
17:51:16.0294 0x0ccc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:51:16.0340 0x0ccc kbdhid - ok
17:51:16.0372 0x0ccc [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] KeyIso C:\Windows\system32\lsass.exe
17:51:16.0387 0x0ccc KeyIso - ok
17:51:16.0403 0x0ccc [ 3A8C03156C3E31E70EF84E48CA179B46, E25E43D53BB6EE1B5F34C95B4FAD111B37A36367B8D047B10FC614DEE13658E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:51:16.0434 0x0ccc KSecDD - ok
17:51:16.0450 0x0ccc [ C6330F7C2E92A00E6773E82F79078AFC, D8B851BF4FCE85F2A269F0B46BC7EC5A118FCFDACE8460E7B54C1A7CE306774A ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:51:16.0496 0x0ccc KSecPkg - ok
17:51:16.0528 0x0ccc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:51:16.0621 0x0ccc ksthunk - ok
17:51:16.0668 0x0ccc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
17:51:16.0793 0x0ccc KtmRm - ok
17:51:16.0840 0x0ccc [ 48686C29856F46443952A831424F8D6F, 05BEA2243E219575B2FBED23824DB2BE61F422C2972AC2E835C94DFC8A285BF6 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
17:51:16.0886 0x0ccc L1C - ok
17:51:16.0933 0x0ccc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:51:17.0042 0x0ccc LanmanServer - ok
17:51:17.0074 0x0ccc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:51:17.0183 0x0ccc LanmanWorkstation - ok
17:51:17.0245 0x0ccc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:51:17.0339 0x0ccc lltdio - ok
17:51:17.0370 0x0ccc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:51:17.0479 0x0ccc lltdsvc - ok
17:51:17.0510 0x0ccc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:51:17.0620 0x0ccc lmhosts - ok
17:51:17.0713 0x0ccc [ 1E2F802846EB944E0333EFEE7C9532A8, 86EB59BF238E3DB8AF9E379B0BAE5AEC734C15598E665062B2E19C0A58BEF783 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:51:17.0760 0x0ccc LMS - ok
17:51:17.0791 0x0ccc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:51:17.0807 0x0ccc LSI_FC - ok
17:51:17.0838 0x0ccc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:51:17.0885 0x0ccc LSI_SAS - ok
17:51:17.0900 0x0ccc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:51:17.0916 0x0ccc LSI_SAS2 - ok
17:51:17.0963 0x0ccc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:51:17.0978 0x0ccc LSI_SCSI - ok
17:51:18.0010 0x0ccc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
17:51:18.0103 0x0ccc luafv - ok
17:51:18.0181 0x0ccc [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:51:18.0212 0x0ccc MBAMProtector - ok
17:51:18.0322 0x0ccc [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
17:51:18.0384 0x0ccc MBAMService - ok
17:51:18.0431 0x0ccc [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
17:51:18.0493 0x0ccc MBAMWebAccessControl - ok
17:51:18.0540 0x0ccc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:51:18.0587 0x0ccc Mcx2Svc - ok
17:51:18.0634 0x0ccc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:51:18.0665 0x0ccc megasas - ok
17:51:18.0712 0x0ccc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:51:18.0743 0x0ccc MegaSR - ok
17:51:18.0774 0x0ccc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
17:51:18.0852 0x0ccc MMCSS - ok
17:51:18.0946 0x0ccc [ B6187C5F104DA7F2519BB996F9653F01, BCC4CFA70FD429CFB6F301E96B34F5AAF48466959EF9DEE56AB66E27E66AA09C ] mod7764 C:\Windows\system32\DRIVERS\mod77-64.sys
17:51:19.0086 0x0ccc mod7764 - ok
17:51:19.0117 0x0ccc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
17:51:19.0211 0x0ccc Modem - ok
17:51:19.0258 0x0ccc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:51:19.0336 0x0ccc monitor - ok
17:51:19.0367 0x0ccc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:51:19.0398 0x0ccc mouclass - ok
17:51:19.0445 0x0ccc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:51:19.0476 0x0ccc mouhid - ok
17:51:19.0523 0x0ccc [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:51:19.0570 0x0ccc mountmgr - ok
17:51:19.0663 0x0ccc [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:51:19.0694 0x0ccc MozillaMaintenance - ok
17:51:19.0726 0x0ccc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
17:51:19.0741 0x0ccc mpio - ok
17:51:19.0772 0x0ccc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:51:19.0866 0x0ccc mpsdrv - ok
17:51:19.0944 0x0ccc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:51:20.0100 0x0ccc MpsSvc - ok
17:51:20.0131 0x0ccc [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:51:20.0194 0x0ccc MRxDAV - ok
17:51:20.0225 0x0ccc [ ACB6782973BD93760D597FC7BB37E692, 9B6EC2858D236DCE61FD5E0247F4D947A5DC484C9C0AABFDAF8270ABA392E787 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:51:20.0256 0x0ccc mrxsmb - ok
17:51:20.0287 0x0ccc [ 262BF7BB7D0E44CFAA9B12A1E0A6EDF1, CCC3A4CE929C7C8B07C1038BBE8425590CE14F5C37E1D5608978A3AD2F41519C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:51:20.0334 0x0ccc mrxsmb10 - ok
17:51:20.0365 0x0ccc [ 8C0376974AA28398FF501E78C04ACB30, 81CE67BE933F67F760A72BF9B581F33BC151D98970765FE4425450A2EF450409 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:51:20.0412 0x0ccc mrxsmb20 - ok
17:51:20.0443 0x0ccc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
17:51:20.0459 0x0ccc msahci - ok
17:51:20.0474 0x0ccc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:51:20.0506 0x0ccc msdsm - ok
17:51:20.0537 0x0ccc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
17:51:20.0599 0x0ccc MSDTC - ok
17:51:20.0646 0x0ccc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:51:20.0755 0x0ccc Msfs - ok
17:51:20.0786 0x0ccc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:51:20.0896 0x0ccc mshidkmdf - ok
17:51:20.0927 0x0ccc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:51:20.0958 0x0ccc msisadrv - ok
17:51:20.0989 0x0ccc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:51:21.0067 0x0ccc MSiSCSI - ok
17:51:21.0067 0x0ccc msiserver - ok
17:51:21.0114 0x0ccc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:51:21.0208 0x0ccc MSKSSRV - ok
17:51:21.0223 0x0ccc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:51:21.0286 0x0ccc MSPCLOCK - ok
17:51:21.0301 0x0ccc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:51:21.0348 0x0ccc MSPQM - ok
17:51:21.0379 0x0ccc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:51:21.0410 0x0ccc MsRPC - ok
17:51:21.0426 0x0ccc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:51:21.0442 0x0ccc mssmbios - ok
17:51:21.0457 0x0ccc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:51:21.0520 0x0ccc MSTEE - ok
17:51:21.0551 0x0ccc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:51:21.0629 0x0ccc MTConfig - ok
17:51:21.0644 0x0ccc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
17:51:21.0676 0x0ccc Mup - ok
17:51:21.0738 0x0ccc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
17:51:21.0847 0x0ccc napagent - ok
17:51:21.0925 0x0ccc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:51:21.0988 0x0ccc NativeWifiP - ok
17:51:22.0050 0x0ccc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
17:51:22.0081 0x0ccc NDIS - ok
17:51:22.0112 0x0ccc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:51:22.0206 0x0ccc NdisCap - ok
17:51:22.0237 0x0ccc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:51:22.0362 0x0ccc NdisTapi - ok
17:51:22.0393 0x0ccc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:51:22.0456 0x0ccc Ndisuio - ok
17:51:22.0487 0x0ccc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:51:22.0596 0x0ccc NdisWan - ok
17:51:22.0643 0x0ccc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:51:22.0721 0x0ccc NDProxy - ok
17:51:22.0752 0x0ccc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:51:22.0830 0x0ccc NetBIOS - ok
17:51:22.0861 0x0ccc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:51:22.0939 0x0ccc NetBT - ok
17:51:22.0970 0x0ccc [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] Netlogon C:\Windows\system32\lsass.exe
17:51:22.0986 0x0ccc Netlogon - ok
17:51:23.0017 0x0ccc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
17:51:23.0126 0x0ccc Netman - ok
17:51:23.0189 0x0ccc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:51:23.0220 0x0ccc NetMsmqActivator - ok
17:51:23.0236 0x0ccc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:51:23.0267 0x0ccc NetPipeActivator - ok
17:51:23.0298 0x0ccc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
17:51:23.0407 0x0ccc netprofm - ok
17:51:23.0423 0x0ccc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:51:23.0454 0x0ccc NetTcpActivator - ok
17:51:23.0470 0x0ccc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:51:23.0485 0x0ccc NetTcpPortSharing - ok
17:51:23.0532 0x0ccc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:51:23.0548 0x0ccc nfrd960 - ok
17:51:23.0594 0x0ccc [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:51:23.0672 0x0ccc NlaSvc - ok
17:51:23.0704 0x0ccc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:51:23.0766 0x0ccc Npfs - ok
17:51:23.0813 0x0ccc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
17:51:23.0906 0x0ccc nsi - ok
17:51:23.0938 0x0ccc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:51:24.0031 0x0ccc nsiproxy - ok
17:51:24.0140 0x0ccc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:51:24.0203 0x0ccc Ntfs - ok
17:51:24.0234 0x0ccc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
17:51:24.0265 0x0ccc Null - ok
17:51:24.0312 0x0ccc [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
17:51:24.0374 0x0ccc nusb3hub - ok
17:51:24.0421 0x0ccc [ 7BDEC000D56D485021D9C1E63C2F81CA, 7F1303FD0371AF8715BFC38433B730C797170AEF10C7DB845B7B547DA8DBB5D5 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:51:24.0468 0x0ccc nusb3xhc - ok
17:51:24.0889 0x0ccc [ DD81FBC57AB9134CDDC5CE90880BFD80, 16DF4D9645238D1014FA9189FF171DCF7B7C7573F759B5AC73025518139D86B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:51:25.0342 0x0ccc nvlddmkm - ok
17:51:25.0404 0x0ccc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:51:25.0435 0x0ccc nvraid - ok
17:51:25.0451 0x0ccc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:51:25.0513 0x0ccc nvstor - ok
17:51:25.0560 0x0ccc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:51:25.0591 0x0ccc nv_agp - ok
17:51:25.0716 0x0ccc [ C64097401081D5D641924E8B96332F75, ACE6A440F977EFDE3CD4044CC88D75D638E33C83AEB24D06D1C402AF3AB8FA34 ] NxpCap64 C:\Windows\system32\DRIVERS\NxpCap64.sys
17:51:25.0825 0x0ccc NxpCap64 - detected UnsignedFile.Multi.Generic ( 1 )
17:51:25.0825 0x0ccc NxpCap64 ( UnsignedFile.Multi.Generic ) - warning
17:51:25.0825 0x0ccc Force sending object to P2P due to detect: NxpCap64
17:51:25.0841 0x0ccc Object send P2P result: false
17:51:25.0950 0x0ccc [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:51:25.0997 0x0ccc odserv - ok
17:51:26.0028 0x0ccc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:51:26.0059 0x0ccc ohci1394 - ok
17:51:26.0122 0x0ccc [ 5DC6581B652997497AC682F1A3D38097, 56FE846A2DEDEEF3EEB6587D330374A21A4B8391D6CB3DD865EDBF86F3880E09 ] OKI OPHF DCS Loader C:\Windows\system32\spool\DRIVERS\x64\3\OPHFLDCS.EXE
17:51:26.0137 0x0ccc OKI OPHF DCS Loader - detected UnsignedFile.Multi.Generic ( 1 )
17:51:26.0137 0x0ccc OKI OPHF DCS Loader ( UnsignedFile.Multi.Generic ) - warning
17:51:26.0137 0x0ccc Force sending object to P2P due to detect: OKI OPHF DCS Loader
17:51:26.0153 0x0ccc Object send P2P result: false
17:51:26.0200 0x0ccc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:51:26.0246 0x0ccc ose - ok
17:51:26.0278 0x0ccc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:51:26.0371 0x0ccc p2pimsvc - ok
17:51:26.0418 0x0ccc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
17:51:26.0480 0x0ccc p2psvc - ok
17:51:26.0512 0x0ccc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:51:26.0558 0x0ccc Parport - ok
17:51:26.0590 0x0ccc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:51:26.0621 0x0ccc partmgr - ok
17:51:26.0652 0x0ccc [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:51:26.0714 0x0ccc PcaSvc - ok
17:51:26.0761 0x0ccc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
17:51:26.0777 0x0ccc pci - ok
17:51:26.0808 0x0ccc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
17:51:26.0824 0x0ccc pciide - ok
17:51:26.0855 0x0ccc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:51:26.0886 0x0ccc pcmcia - ok
17:51:26.0917 0x0ccc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
17:51:26.0948 0x0ccc pcw - ok
17:51:27.0058 0x0ccc [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
17:51:27.0136 0x0ccc PDF Architect Helper Service - ok
17:51:27.0198 0x0ccc [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
17:51:27.0276 0x0ccc PDF Architect Service - ok
17:51:27.0323 0x0ccc [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:51:27.0370 0x0ccc PEAUTH - ok
17:51:27.0432 0x0ccc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:51:27.0494 0x0ccc PerfHost - ok
17:51:27.0619 0x0ccc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
17:51:27.0713 0x0ccc pla - ok
17:51:27.0744 0x0ccc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:51:27.0822 0x0ccc PlugPlay - ok
17:51:27.0838 0x0ccc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:51:27.0916 0x0ccc PNRPAutoReg - ok
17:51:27.0947 0x0ccc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:51:27.0978 0x0ccc PNRPsvc - ok
17:51:28.0040 0x0ccc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:51:28.0118 0x0ccc PolicyAgent - ok
17:51:28.0165 0x0ccc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
17:51:28.0228 0x0ccc Power - ok
17:51:28.0259 0x0ccc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:51:28.0384 0x0ccc PptpMiniport - ok
17:51:28.0399 0x0ccc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:51:28.0446 0x0ccc Processor - ok
17:51:28.0508 0x0ccc [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
17:51:28.0555 0x0ccc ProfSvc - ok
17:51:28.0571 0x0ccc [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:51:28.0602 0x0ccc ProtectedStorage - ok
17:51:28.0664 0x0ccc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:51:28.0742 0x0ccc Psched - ok
17:51:28.0789 0x0ccc [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:51:28.0836 0x0ccc PSI_SVC_2 - ok
17:51:28.0945 0x0ccc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:51:29.0008 0x0ccc ql2300 - ok
17:51:29.0039 0x0ccc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:51:29.0070 0x0ccc ql40xx - ok
17:51:29.0117 0x0ccc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
17:51:29.0179 0x0ccc QWAVE - ok
17:51:29.0210 0x0ccc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:51:29.0304 0x0ccc QWAVEdrv - ok
17:51:29.0320 0x0ccc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:51:29.0398 0x0ccc RasAcd - ok
17:51:29.0444 0x0ccc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:51:29.0569 0x0ccc RasAgileVpn - ok
17:51:29.0600 0x0ccc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
17:51:29.0710 0x0ccc RasAuto - ok
17:51:29.0741 0x0ccc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:51:29.0819 0x0ccc Rasl2tp - ok
17:51:29.0834 0x0ccc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
17:51:29.0897 0x0ccc RasMan - ok
17:51:29.0928 0x0ccc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:51:29.0975 0x0ccc RasPppoe - ok
17:51:29.0990 0x0ccc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:51:30.0115 0x0ccc RasSstp - ok
17:51:30.0146 0x0ccc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:51:30.0256 0x0ccc rdbss - ok
17:51:30.0287 0x0ccc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:51:30.0334 0x0ccc rdpbus - ok
17:51:30.0349 0x0ccc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:51:30.0443 0x0ccc RDPCDD - ok
17:51:30.0474 0x0ccc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:51:30.0552 0x0ccc RDPENCDD - ok
17:51:30.0583 0x0ccc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:51:30.0630 0x0ccc RDPREFMP - ok
17:51:30.0708 0x0ccc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:51:30.0786 0x0ccc RdpVideoMiniport - ok
17:51:30.0833 0x0ccc [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:51:30.0880 0x0ccc RDPWD - ok
17:51:30.0911 0x0ccc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:51:30.0958 0x0ccc rdyboost - ok
17:51:30.0989 0x0ccc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:51:31.0067 0x0ccc RemoteAccess - ok
17:51:31.0082 0x0ccc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:51:31.0129 0x0ccc RemoteRegistry - ok
17:51:31.0207 0x0ccc [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:51:31.0270 0x0ccc RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
17:51:31.0270 0x0ccc RichVideo ( UnsignedFile.Multi.Generic ) - warning
17:51:31.0332 0x0ccc [ AD42432D22940B4215177BE113E4919C, BF04E1F942846B928E523727EB03BBFA83FCE535CF7C0A4E787A5CBA46D5BF8D ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:51:31.0410 0x0ccc RimUsb - ok
17:51:31.0441 0x0ccc [ 4AAFFFA67AC4DFA3D9985D78573887E2, A2A4623A1DFA3C1BF0B09390F3731AFF5616BF9E9144F5DEEAA89B37E445D834 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
17:51:31.0488 0x0ccc RimVSerPort - ok
17:51:31.0504 0x0ccc [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
17:51:31.0597 0x0ccc ROOTMODEM - ok
17:51:31.0628 0x0ccc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:51:31.0738 0x0ccc RpcEptMapper - ok
17:51:31.0784 0x0ccc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
17:51:31.0816 0x0ccc RpcLocator - ok
17:51:31.0894 0x0ccc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
17:51:31.0956 0x0ccc RpcSs - ok
17:51:31.0972 0x0ccc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:51:32.0018 0x0ccc rspndr - ok
17:51:32.0081 0x0ccc [ 44ED82612403021E36998E1ECB1198F1, 3AD488ED116C61E26B6D857494CFA80E3F99565C2D7C88C1C95DD2C6B6355BF0 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
17:51:32.0112 0x0ccc RSUSBSTOR - ok
17:51:32.0159 0x0ccc [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:51:32.0237 0x0ccc RTL8167 - ok
17:51:32.0315 0x0ccc [ 8E843C0340C30994161C10FBA87EEA18, 4ED57D9F23C54FCB0EA99387D3EBAA5E34EB5465D84FF70E6652F9FA46F55CB2 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
17:51:32.0377 0x0ccc rtl8192se - ok
17:51:32.0377 0x0ccc [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] SamSs C:\Windows\system32\lsass.exe
17:51:32.0393 0x0ccc SamSs - ok
17:51:32.0424 0x0ccc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:51:32.0440 0x0ccc sbp2port - ok
17:51:32.0455 0x0ccc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:51:32.0549 0x0ccc SCardSvr - ok
17:51:32.0580 0x0ccc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:51:32.0658 0x0ccc scfilter - ok
17:51:32.0752 0x0ccc [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
17:51:32.0798 0x0ccc Schedule - ok
17:51:32.0830 0x0ccc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:51:32.0861 0x0ccc SCPolicySvc - ok
17:51:32.0892 0x0ccc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:51:32.0970 0x0ccc SDRSVC - ok
17:51:33.0001 0x0ccc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:51:33.0079 0x0ccc secdrv - ok
17:51:33.0126 0x0ccc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
17:51:33.0220 0x0ccc seclogon - ok
17:51:33.0251 0x0ccc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
17:51:33.0344 0x0ccc SENS - ok
17:51:33.0360 0x0ccc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:51:33.0422 0x0ccc SensrSvc - ok
17:51:33.0454 0x0ccc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:51:33.0485 0x0ccc Serenum - ok
17:51:33.0532 0x0ccc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:51:33.0547 0x0ccc Serial - ok
17:51:33.0594 0x0ccc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:51:33.0641 0x0ccc sermouse - ok
17:51:33.0688 0x0ccc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
17:51:33.0766 0x0ccc SessionEnv - ok
17:51:33.0797 0x0ccc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:51:33.0844 0x0ccc sffdisk - ok
17:51:33.0859 0x0ccc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:51:33.0890 0x0ccc sffp_mmc - ok
17:51:33.0922 0x0ccc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:51:33.0968 0x0ccc sffp_sd - ok
17:51:34.0015 0x0ccc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:51:34.0046 0x0ccc sfloppy - ok
17:51:34.0124 0x0ccc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:51:34.0218 0x0ccc SharedAccess - ok
17:51:34.0280 0x0ccc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:51:34.0358 0x0ccc ShellHWDetection - ok
17:51:34.0390 0x0ccc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:51:34.0436 0x0ccc SiSRaid2 - ok
17:51:34.0483 0x0ccc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:51:34.0514 0x0ccc SiSRaid4 - ok
17:51:34.0561 0x0ccc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:51:34.0624 0x0ccc Smb - ok
17:51:34.0655 0x0ccc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:51:34.0702 0x0ccc SNMPTRAP - ok
17:51:34.0764 0x0ccc [ 3BB48F7E33C2B76184DDF233000C09CD, D1AAE5B0425047CA0C2D376D3E59324D35A90DF9074CD442DFD0ED6E434D3C84 ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
17:51:34.0811 0x0ccc Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic ( 1 )
17:51:34.0811 0x0ccc Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
17:51:34.0826 0x0ccc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
17:51:34.0842 0x0ccc spldr - ok
17:51:34.0889 0x0ccc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
17:51:34.0951 0x0ccc Spooler - ok
17:51:35.0107 0x0ccc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
17:51:35.0232 0x0ccc sppsvc - ok
17:51:35.0248 0x0ccc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:51:35.0372 0x0ccc sppuinotify - ok
17:51:35.0435 0x0ccc [ B9657A0AFF28C1CB114ACC0CB93EE4BB, 619DE6438827A648566CB6F6407DF30E3BBCE345775B0154D883A48E244A62EE ] sp_rsdrv2 C:\Windows\system32\DRIVERS\stflt.sys
17:51:35.0466 0x0ccc sp_rsdrv2 - ok
17:51:35.0513 0x0ccc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:51:35.0606 0x0ccc srv - ok
17:51:35.0653 0x0ccc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:51:35.0716 0x0ccc srv2 - ok
17:51:35.0747 0x0ccc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:51:35.0809 0x0ccc srvnet - ok
17:51:35.0840 0x0ccc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:51:35.0918 0x0ccc SSDPSRV - ok
17:51:35.0918 0x0ccc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:51:35.0965 0x0ccc SstpSvc - ok
17:51:36.0137 0x0ccc [ E816BC647CF3AA58FF673B4D8C2B489F, 5B9C2B037084F7943CE84D78A0A340D13870A9CF0AF5B525DDC48E9674E5A7BC ] ST2012_Svc C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
17:51:36.0215 0x0ccc ST2012_Svc - ok
17:51:36.0246 0x0ccc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:51:36.0246 0x0ccc stexstor - ok
17:51:36.0277 0x0ccc [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\drivers\serscan.sys
17:51:36.0355 0x0ccc StillCam - ok
17:51:36.0433 0x0ccc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
17:51:36.0527 0x0ccc stisvc - ok
17:51:36.0558 0x0ccc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
17:51:36.0574 0x0ccc swenum - ok
17:51:36.0620 0x0ccc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
17:51:36.0698 0x0ccc swprv - ok
17:51:36.0745 0x0ccc [ 064A2530A4A7C7CEC1BE6A1945645BE4, 06E4B59B6BFCEE1E2F1EDED77621C9DFED09F460E94065E528A2F746B568193D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:51:36.0792 0x0ccc SynTP - ok
17:51:36.0901 0x0ccc [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
17:51:37.0011 0x0ccc SysMain - ok
17:51:37.0057 0x0ccc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:51:37.0104 0x0ccc TabletInputService - ok
17:51:37.0151 0x0ccc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
17:51:37.0245 0x0ccc TapiSrv - ok
17:51:37.0276 0x0ccc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
17:51:37.0385 0x0ccc TBS - ok
17:51:37.0510 0x0ccc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:51:37.0557 0x0ccc Tcpip - ok
17:51:37.0619 0x0ccc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:51:37.0681 0x0ccc TCPIP6 - ok
17:51:37.0713 0x0ccc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:51:37.0744 0x0ccc tcpipreg - ok
17:51:37.0775 0x0ccc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:51:37.0853 0x0ccc TDPIPE - ok
17:51:37.0884 0x0ccc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:51:37.0915 0x0ccc TDTCP - ok
17:51:37.0947 0x0ccc [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:51:37.0978 0x0ccc tdx - ok
17:51:38.0196 0x0ccc [ 97F6FFB8A305A77D25C6C0E07B71D252, 97C5FC73A250FC2016E29148A6A37E54BD74AE983D99AAF4890C059719C93EC2 ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
17:51:38.0383 0x0ccc TeamViewer9 - ok
17:51:38.0415 0x0ccc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
17:51:38.0446 0x0ccc TermDD - ok
17:51:38.0524 0x0ccc [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
17:51:38.0571 0x0ccc TermService - ok
17:51:38.0602 0x0ccc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
17:51:38.0633 0x0ccc Themes - ok
17:51:38.0649 0x0ccc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
17:51:38.0711 0x0ccc THREADORDER - ok
17:51:38.0820 0x0ccc [ 023317B4CB35E1E87FC12D43B7BA4864, F868FF01C8829EF80AD7F4A539CA7123E02461C94881300C249CF08D039A5E1A ] TrdCap64 C:\Windows\system32\DRIVERS\TrdCap64.sys
17:51:38.0883 0x0ccc TrdCap64 - ok
17:51:38.0914 0x0ccc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
17:51:38.0976 0x0ccc TrkWks - ok
17:51:39.0039 0x0ccc [ 3E75A47D2DEFD2683DCA409572FBE8B2, 33964B1A05E045D3B878CDFD9F52A9086B4FA54D6D4D1DC38062D2874CACD4A0 ] trufos C:\Windows\system32\DRIVERS\trufos.sys
17:51:39.0070 0x0ccc trufos - ok
17:51:39.0132 0x0ccc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:51:39.0226 0x0ccc TrustedInstaller - ok
17:51:39.0273 0x0ccc [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:51:39.0304 0x0ccc tssecsrv - ok
17:51:39.0351 0x0ccc [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:51:39.0413 0x0ccc TsUsbFlt - ok
17:51:39.0444 0x0ccc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:51:39.0553 0x0ccc tunnel - ok
17:51:39.0569 0x0ccc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:51:39.0600 0x0ccc uagp35 - ok
17:51:39.0631 0x0ccc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:51:39.0709 0x0ccc udfs - ok
17:51:39.0756 0x0ccc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:51:39.0803 0x0ccc UI0Detect - ok
17:51:39.0865 0x0ccc [ 90EB009FB4EBFD70B51A771876CAA160, 5EA79C8EE67A604C9068A0A73F489EDD53DFC16BF61AC641BE2BDF0E8529DD5C ] ui11rdr C:\Windows\system32\DRIVERS\ui11rdr.sys
17:51:39.0912 0x0ccc ui11rdr - ok
17:51:39.0959 0x0ccc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:51:40.0006 0x0ccc uliagpkx - ok
17:51:40.0053 0x0ccc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:51:40.0084 0x0ccc umbus - ok
17:51:40.0131 0x0ccc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:51:40.0162 0x0ccc UmPass - ok
17:51:40.0365 0x0ccc [ AF905F4966CFC8B973623AB150CD4B2B, E1BF0481A584C10AE4A927A01A1E6B76036C18FAF7AB38D9B78641F5808D9888 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:51:40.0458 0x0ccc UNS - ok
17:51:40.0583 0x0ccc [ C1C2C9231EBD263DB9C4F34DBB080B32, 25A046D8CC6674A47F3338E84661BF502D21C571C50643D9EF20D334CC27538C ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
17:51:40.0614 0x0ccc UPDATESRV - ok
17:51:40.0645 0x0ccc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
17:51:40.0770 0x0ccc upnphost - ok
17:51:40.0801 0x0ccc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:51:40.0879 0x0ccc usbccgp - ok
17:51:40.0926 0x0ccc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:51:40.0989 0x0ccc usbcir - ok
17:51:41.0020 0x0ccc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:51:41.0067 0x0ccc usbehci - ok
17:51:41.0113 0x0ccc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:51:41.0145 0x0ccc usbhub - ok
17:51:41.0176 0x0ccc [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:51:41.0238 0x0ccc usbohci - ok
17:51:41.0285 0x0ccc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:51:41.0332 0x0ccc usbprint - ok
17:51:41.0379 0x0ccc [ 2C42E595E7E381596B9A14F88F5AE027, 948C2AD7FA0B01184312D1ABE43F2F3D85A934CF0658A8B2BDF9F0919568377B ] usbrndis6 C:\Windows\system32\DRIVERS\usb80236.sys
17:51:41.0410 0x0ccc usbrndis6 - ok
17:51:41.0457 0x0ccc [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\drivers\usbscan.sys
17:51:41.0519 0x0ccc usbscan - ok
17:51:41.0566 0x0ccc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:51:41.0644 0x0ccc USBSTOR - ok
17:51:41.0675 0x0ccc [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:51:41.0706 0x0ccc usbuhci - ok
17:51:41.0753 0x0ccc [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:51:41.0784 0x0ccc usbvideo - ok
17:51:41.0815 0x0ccc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
17:51:41.0878 0x0ccc UxSms - ok
17:51:41.0909 0x0ccc [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] VaultSvc C:\Windows\system32\lsass.exe
17:51:41.0925 0x0ccc VaultSvc - ok
17:51:41.0956 0x0ccc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:51:41.0971 0x0ccc vdrvroot - ok
17:51:42.0018 0x0ccc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
17:51:42.0112 0x0ccc vds - ok
17:51:42.0159 0x0ccc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:51:42.0205 0x0ccc vga - ok
17:51:42.0221 0x0ccc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:51:42.0283 0x0ccc VgaSave - ok
17:51:42.0299 0x0ccc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:51:42.0361 0x0ccc vhdmp - ok
17:51:42.0377 0x0ccc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
17:51:42.0408 0x0ccc viaide - ok
17:51:42.0424 0x0ccc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:51:42.0455 0x0ccc volmgr - ok
17:51:42.0486 0x0ccc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:51:42.0564 0x0ccc volmgrx - ok
17:51:42.0595 0x0ccc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:51:42.0642 0x0ccc volsnap - ok
17:51:42.0689 0x0ccc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:51:42.0736 0x0ccc vsmraid - ok
17:51:42.0814 0x0ccc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
17:51:42.0907 0x0ccc VSS - ok
17:51:43.0032 0x0ccc [ 964C356C9AEEEE88B8B9B71D94042874, BE2BCA4923B5A246D40935D50827D0C233520BF2548B9DD98DE0310CFEC47EF1 ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
17:51:43.0079 0x0ccc VSSERV - ok
17:51:43.0110 0x0ccc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:51:43.0141 0x0ccc vwifibus - ok
17:51:43.0157 0x0ccc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:51:43.0219 0x0ccc vwififlt - ok
17:51:43.0251 0x0ccc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:51:43.0329 0x0ccc vwifimp - ok
17:51:43.0391 0x0ccc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
17:51:43.0500 0x0ccc W32Time - ok
17:51:43.0516 0x0ccc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:51:43.0531 0x0ccc WacomPen - ok
17:51:43.0578 0x0ccc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:51:43.0656 0x0ccc WANARP - ok
17:51:43.0672 0x0ccc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:51:43.0719 0x0ccc Wanarpv6 - ok
17:51:43.0781 0x0ccc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
17:51:43.0875 0x0ccc wbengine - ok
17:51:43.0921 0x0ccc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:51:43.0968 0x0ccc WbioSrvc - ok
17:51:44.0015 0x0ccc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:51:44.0077 0x0ccc wcncsvc - ok
17:51:44.0077 0x0ccc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:51:44.0124 0x0ccc WcsPlugInService - ok
17:51:44.0155 0x0ccc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:51:44.0187 0x0ccc Wd - ok
17:51:44.0249 0x0ccc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:51:44.0311 0x0ccc Wdf01000 - ok
17:51:44.0327 0x0ccc [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:51:44.0358 0x0ccc WdiServiceHost - ok
17:51:44.0358 0x0ccc [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:51:44.0374 0x0ccc WdiSystemHost - ok
17:51:44.0405 0x0ccc [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
17:51:44.0483 0x0ccc WebClient - ok
17:51:44.0530 0x0ccc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:51:44.0608 0x0ccc Wecsvc - ok
17:51:44.0623 0x0ccc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:51:44.0670 0x0ccc wercplsupport - ok
17:51:44.0686 0x0ccc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
17:51:44.0733 0x0ccc WerSvc - ok
17:51:44.0779 0x0ccc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:51:44.0842 0x0ccc WfpLwf - ok
17:51:44.0857 0x0ccc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:51:44.0889 0x0ccc WIMMount - ok
17:51:44.0920 0x0ccc WinDefend - ok
17:51:44.0935 0x0ccc WinHttpAutoProxySvc - ok
17:51:44.0998 0x0ccc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:51:45.0123 0x0ccc Winmgmt - ok
17:51:45.0247 0x0ccc [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
17:51:45.0341 0x0ccc WinRM - ok
17:51:45.0388 0x0ccc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:51:45.0450 0x0ccc WinUsb - ok
17:51:45.0513 0x0ccc [ 4C69A8E2E159C1C59BC4B688E9DD7F8C, 235C7A41425846EFE4966490EB7F72AA768B3FE1665843BF58520DDBD6822A74 ] WisLMSvc C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
17:51:45.0559 0x0ccc WisLMSvc - ok
17:51:45.0606 0x0ccc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:51:45.0684 0x0ccc Wlansvc - ok
17:51:45.0747 0x0ccc [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:51:45.0762 0x0ccc wlcrasvc - ok
17:51:45.0918 0x0ccc [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:51:45.0996 0x0ccc wlidsvc - ok
17:51:46.0027 0x0ccc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:51:46.0090 0x0ccc WmiAcpi - ok
17:51:46.0121 0x0ccc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:51:46.0152 0x0ccc wmiApSrv - ok
17:51:46.0199 0x0ccc WMPNetworkSvc - ok
17:51:46.0230 0x0ccc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:51:46.0308 0x0ccc WPCSvc - ok
17:51:46.0355 0x0ccc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:51:46.0433 0x0ccc WPDBusEnum - ok
17:51:46.0464 0x0ccc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:51:46.0542 0x0ccc ws2ifsl - ok
17:51:46.0589 0x0ccc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
17:51:46.0683 0x0ccc wscsvc - ok
17:51:46.0729 0x0ccc [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
17:51:46.0792 0x0ccc WSDPrintDevice - ok
17:51:46.0792 0x0ccc WSearch - ok
17:51:46.0948 0x0ccc [ 291778E1A36716182AFBC1731B2DFEAB, C0B928CCCE8C496C90C42E0D294BAB51DC67C02B0D20CFB6A16B0AE1F51CC497 ] wuauserv C:\Windows\system32\wuaueng.dll
17:51:47.0057 0x0ccc wuauserv - ok
17:51:47.0104 0x0ccc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:51:47.0151 0x0ccc WudfPf - ok
17:51:47.0182 0x0ccc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:51:47.0213 0x0ccc WUDFRd - ok
17:51:47.0260 0x0ccc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:51:47.0307 0x0ccc wudfsvc - ok
17:51:47.0353 0x0ccc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
17:51:47.0431 0x0ccc WwanSvc - ok
17:51:47.0463 0x0ccc [ BAA813A76F5DB6CC3C2CEAB7D82B6972, 783B7AF92E98623FDB9B395F3BC1D30736902A68E3AE78249243CE97548387FA ] X10Hid C:\Windows\System32\Drivers\x10hid.sys
17:51:47.0494 0x0ccc X10Hid - ok
17:51:47.0525 0x0ccc [ 5A0C788C5BC5F2C993CB60940ADCF95E, FEEC158466040A6528E7FC8D33706B50D2F03479E0B62DF8F06B69A1A850A9FB ] x10nets C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
17:51:47.0541 0x0ccc x10nets - detected UnsignedFile.Multi.Generic ( 1 )
17:51:47.0541 0x0ccc x10nets ( UnsignedFile.Multi.Generic ) - warning
17:51:47.0572 0x0ccc [ A4B2A8751A8F96134BE6063B8A759116, F8E8A5554C8E4364C127CCDCF2F816C6CB34E14C677A350A3DAF6ED168F0643D ] XUIF C:\Windows\System32\Drivers\x10ufx2.sys
17:51:47.0587 0x0ccc XUIF - ok
17:51:47.0619 0x0ccc ================ Scan global ===============================
17:51:47.0650 0x0ccc [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
17:51:47.0681 0x0ccc [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\Windows\system32\winsrv.dll
17:51:47.0697 0x0ccc [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\Windows\system32\winsrv.dll
17:51:47.0728 0x0ccc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:51:47.0775 0x0ccc [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
17:51:47.0790 0x0ccc [ Global ] - ok
17:51:47.0790 0x0ccc ================ Scan MBR ==================================
17:51:47.0806 0x0ccc [ 8B790A79784018D2B00DC944072570F8 ] \Device\Harddisk0\DR0
17:51:50.0115 0x0ccc \Device\Harddisk0\DR0 - ok
17:51:50.0130 0x0ccc [ FBFA8E0F9F095746823F0934601B4B21 ] \Device\Harddisk1\DR2
17:51:50.0255 0x0ccc \Device\Harddisk1\DR2 - ok
17:51:50.0255 0x0ccc ================ Scan VBR ==================================
17:51:50.0271 0x0ccc [ DF0A5F15B0D2BD459D141162D87652BB ] \Device\Harddisk0\DR0\Partition1
17:51:50.0271 0x0ccc \Device\Harddisk0\DR0\Partition1 - ok
17:51:50.0271 0x0ccc [ 7AD2168EF754372BEDB27DE016F9039D ] \Device\Harddisk0\DR0\Partition2
17:51:50.0271 0x0ccc \Device\Harddisk0\DR0\Partition2 - ok
17:51:50.0286 0x0ccc [ 1468261406A3B7F63BE7E920F56B5AA6 ] \Device\Harddisk0\DR0\Partition3
17:51:50.0286 0x0ccc \Device\Harddisk0\DR0\Partition3 - ok
17:51:50.0286 0x0ccc [ 24E8FDDC020EFB649C62FF1F60D5CC7B ] \Device\Harddisk1\DR2\Partition1
17:51:50.0302 0x0ccc \Device\Harddisk1\DR2\Partition1 - ok
17:51:50.0302 0x0ccc ================ Scan generic autorun ======================
17:51:50.0302 0x0ccc SynTPEnh - ok
17:51:50.0692 0x0ccc [ D0BE6E4C29D46D663A2A6FC3BC306A12, 89091C32D13BFE250D5267880042663F1368377675A387500E46D8E290E27C34 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:51:50.0973 0x0ccc RtHDVCpl - ok
17:51:51.0051 0x0ccc [ 0E2D12F8068B109A61514727137E073F, 9FC4D259A90A622FCDB322331785FC6EA5459A2CD801AF713BD5B2AFBF994F8B ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:51:51.0113 0x0ccc RtHDVBg - ok
17:51:51.0144 0x0ccc [ 810A5F70CEB063CEC85360394BEC2C56, FCC289B23B2347AD7C34B48E6EFB1914B5ED8D9DD397B0816D94747B168DFD64 ] C:\Windows\system32\igfxtray.exe
17:51:51.0160 0x0ccc IgfxTray - ok
17:51:51.0191 0x0ccc [ 2FE8F6A30802B69A3F501607F346DEEA, CD603DB6055861E9EAD397234120FBE0D3CACEFADB0D6001099CF0DA9DF1CC34 ] C:\Windows\system32\hkcmd.exe
17:51:51.0222 0x0ccc HotKeysCmds - ok
17:51:51.0253 0x0ccc [ CA1941B93BA45B7EA4D7D9F451B25C84, B0648762862931CB12004C92CD7A7EF8E3B1C14DD33C980A490D8AA56F7AA723 ] C:\Windows\system32\igfxpers.exe
17:51:51.0269 0x0ccc Persistence - ok
17:51:51.0347 0x0ccc [ 51C494FEE2AB2EAEF3EE7D9329098950, 9EF665FA7627462755D0B1BA5296AA89C972242784A05806AA0AEABC8E08BD4D ] C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
17:51:51.0409 0x0ccc Bdagent - ok
17:51:51.0425 0x0ccc [ 8D2851FC8807D456319C721AE3809824, 3AB40A5538C04CC536523E1AB890BBD4BA648134BB594B852EB8434DCE80632C ] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
17:51:51.0487 0x0ccc HotkeyApp - detected UnsignedFile.Multi.Generic ( 1 )
17:51:51.0487 0x0ccc HotkeyApp ( UnsignedFile.Multi.Generic ) - warning
17:51:51.0550 0x0ccc [ DFA1067EA4157BCCCFD48F052066A076, 5E5B60C20CFF1F3F9D45588B0E0AEB59C3F4C11089CCB52AA92890773BAA081F ] C:\Program Files (x86)\Launch Manager\OSD.exe
17:51:51.0597 0x0ccc LMgrVolOSD - ok
17:51:51.0659 0x0ccc [ 94D2739E7F421BC0EE0B32387B78B619, D7835E81FD08EBBFBDF44712D48CBF4311A89FF505ADD4DF4ECC46A2ECCD6F1B ] C:\Program Files (x86)\Launch Manager\Wbutton.exe
17:51:51.0721 0x0ccc Wbutton - ok
17:51:51.0784 0x0ccc [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
17:51:51.0862 0x0ccc HP Software Update - ok
17:51:51.0940 0x0ccc [ 53A6B1ED8BE0F7208FB72EF2580F71EC, 18799E69603DC0F67D56FA7A748FECFEDFD1CFFB8A12DC2B7E75035724B09303 ] C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
17:51:52.0002 0x0ccc Bitdefender-Geldbörse-Agent - ok
17:51:52.0158 0x0ccc [ 2010CA459E5EC8F9D5FC8B000D130294, 058FF215A3AAD04F2A4CF23B2CC62A5EA28F5A705EFA689DCE9126720CF33229 ] C:\Users\Rehberg\AppData\Local\Microsoft\OneDrive\OneDrive.exe
17:51:52.0221 0x0ccc OneDrive - ok
17:51:52.0252 0x0ccc AV detected via SS2: Bitdefender Antivirus, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 18.18.0.1254 ), 0x41000 ( enabled : updated )
17:51:52.0267 0x0ccc Win FW state via NFP2: enabled ( trusted )
17:51:52.0267 0x0ccc ============================================================
17:51:52.0267 0x0ccc Scan finished
17:51:52.0267 0x0ccc ============================================================
17:51:52.0283 0x0ae8 Detected object count: 8
17:51:52.0283 0x0ae8 Actual detected object count: 8
17:52:45.0011 0x0ae8 HDDHealth ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:45.0011 0x0ae8 HDDHealth ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:45.0011 0x0ae8 Impcd ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:45.0011 0x0ae8 Impcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:45.0011 0x0ae8 NxpCap64 ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:45.0011 0x0ae8 NxpCap64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:45.0011 0x0ae8 OKI OPHF DCS Loader ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:45.0011 0x0ae8 OKI OPHF DCS Loader ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:45.0011 0x0ae8 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:45.0011 0x0ae8 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:45.0027 0x0ae8 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:45.0027 0x0ae8 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:45.0027 0x0ae8 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:45.0027 0x0ae8 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:45.0027 0x0ae8 HotkeyApp ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:45.0027 0x0ae8 HotkeyApp ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
23.12.2015, 14:14
| #8 |
| /// Malwareteam | Firefox u. Thunderbird starten nicht + Meldung, dass Word für aktuellen Benutzer nicht installiert wurde + div. andere Probleme Schritt 1 Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... Geändert von burningice (23.12.2015 um 15:04 Uhr) |
WARNUNG an die MITLESER: 
Starte bitte wieder 
Linear-Darstellung
