| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Yahoo Targo12 ProblemeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.06.2016, 10:47
| #1 |
 |  Yahoo Targo12 Probleme Auch ich habe das gleiche Problem wie hier beschrieben: 1.Bei Yahoo taucht Bedrohungsmeldung von targo12.com auf 2.yahoo mail leitet auf unerwünschte seiten um 3.Sicherheitswarnung bei Besuch auf Yahoo Seite 4.yahoo-targo12-problemposts-forum-haeufen-letzen-tagen-me-too (von kirschm) 5. und mehrere Meldungen auch unter "Log-Analyse und Auswertungen" ... Auch in anderen Foren wird seit dem 3.6.16 berichtet (MS Support, AVG Support, etc..) Ich stimme user kirschm zu. Alle ausgeführten Massnahmen haben nicht zur Beseitigung des Problems geführt - auch bei mir nicht - trotz aller Scans wie hier empfohlen. Imübrigen wurden keine Funde durch all diese Scans berichtet. Bei mir tritt das Problem auf zwei PCs auf: Unter Win 8.1 mit Chrome und unter XP mit IE (ja ich weiss, wird nur zum Spielen genutzt) Hier Beispiel einer Abfrage: "https://de.finance.yahoo.com/kurse/ko,txn,hpq,hpe" danach das Problem - hier log aus Browser History: (3) 8:32 PM - System Warning - main.targo12.com (2) 8:28 PM - Loading... - main.targo12.com (1) 8:28 PM - KO,TXN,HPQ,HPE | Aktienkurse | Kursvergleich Portfolios | YAHOO! Finanzen de.finance.yahoo.com Gehe ich mit dem Cursor auf den Browser Verlauf sehe ich nach der Yahoo Aktien Abfrage dann unten in der Bildschirmzeile : "Loading...main.targo12.com - main.targo12.com/?utm_medium=4e10aefcea64e87c3ae3e3ff3cb93311915828e0&utm_campaign=maya-de danach dann "Systemwarnung" (im Browser Verlauf): main.targo12.com/?utm_term=12743369140&clickverify=1&utm_content=fdc2c69a9caf9cad93919891a6909395ba8eb8ccd0dbd9dbdbddd5d5b6c2dad1efede1e7ebeb11 Möglicherweise kann über diese Information hier von den Experten mehr herausgefunden werden. Im übrigen war und ist mein PC frei von Viren. Keine Funde von Avira, Adware, MBAM, etc. etc. Die Ursache liegt wohl in einem ärgerlichen "Werbe-Exploit" bei /von Yahoo und hat nichts mit der Targo Bank zu tun. Und wichtig, dasProblem tritt "random" auf - also nicht bei jeder Abfrage und bei mir nur bei YAHOO Finance Abfragen ... Hoffe ihr könnt das eingrenzen... ---- Update 7.6.16 11:45: Problem existiert weiter. Weitere Meldungen dieses Problems im Netz als auch in verschiedenen Threads hier! Zwei weitere Anmerkungen die hoffentlich helfen das Problem zu identifizieren: 1. Ich habe in den Browser Settings (Google/Chrome) die Settings für Java Script auf " Do not allow any site to run Java Scripts" geändert. Das scheint (?) das Problem zu lösen - gibt aber Probleme bei dem Aufsuchen anderer Seiten (i.e. Süddeutsche, ...) 2. Ohne diese Einstellung ("Do not allow any site to run Java Scripts") erscheinen auch Werbe Pop Ups hier im Forum!!! Beispiel: PC Cleaner Kostenlos - mit URL Verweis auf "SparkTrust.com" - in der Bildschirmzeile unten dazu https://www.googleadservices.com/pagead/aclk?sa=L&ai=... Hoffe diese Beobachtungen helfen weiter. Das Problem tritt bei verschiedenen Win OS Versionen und verschiedenen Browsern auf! Und: Es werden kein Funde von irgendwelchen Antiviren-, Scanning-, etc-Apps gemeldet.... Geändert von DaBlues (07.06.2016 um 11:09 Uhr) |
|
07.06.2016, 19:10
| #2 |
| /// Malwareteam   | Yahoo Targo12 Probleme Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen. Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
 Also hast du noch weiter das Problem nehme ich an? Schritt: 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt: 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
08.06.2016, 00:40
| #3 |
| | Yahoo Targo12 Probleme Hallo Rafael
__________________Danke für die Unterstützung. Im folgenden die FRST Logdateien. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2016 durchgeführt von KH (Administrator) auf DABLUES (08-06-2016 00:46:49) Gestartet von C:\Users\KH\Downloads\File Pony Geladene Profile: KH (Verfügbare Profile: KH) Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [404376 2015-08-09] () HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated) HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-08-25] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-08-25] (Lenovo(beijing) Limited) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-29] (Microsoft Corporation) Startup: C:\Users\KH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-06-01] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 80.69.100.205 80.69.100.213 Tcpip\..\Interfaces\{C1E05A86-E0DC-4E9A-8999-ABD047D14675}: [DhcpNameServer] 80.69.100.205 80.69.100.213 Internet Explorer: ================== HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?pc=UE07&ocid=UE07DHP SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4278822728-3545199388-2729823056-1001 -> DefaultScope {04F3434D-A396-4E75-A569-C36DBE04CCC2} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-31] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\KH\AppData\Roaming\Mozilla\Firefox\Profiles\JNv6vNnE.default FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-31] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\KH\AppData\Roaming\Mozilla\Firefox\Profiles\JNv6vNnE.default\Extensions\abs@avira.com [2016-06-02] Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.de/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-01] CHR Extension: (Google Docs) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-01] CHR Extension: (Google Drive) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Sheets) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-01] CHR Extension: (Google Docs Offline) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Gmail) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-01] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] () R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [Datei ist nicht signiert] R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-08-25] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] () R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-08] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-07 18:10 - 2016-06-08 00:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-06-07 18:09 - 2016-06-07 18:09 - 00001129 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-06-07 18:09 - 2016-06-07 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-06-07 18:09 - 2016-06-07 18:09 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-06-07 18:09 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-06-07 18:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-06-07 18:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-06-07 17:58 - 2016-06-07 18:01 - 00000000 ____D C:\AdwCleaner 2016-06-06 22:58 - 2016-06-06 23:02 - 00441490 _____ C:\TDSSKiller.3.1.0.9_06.06.2016_22.58.47_log.txt 2016-06-06 22:55 - 2016-06-06 22:55 - 00000000 ____D C:\Users\KH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2016-06-06 20:49 - 2016-06-07 09:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-06-06 20:49 - 2016-06-06 20:49 - 00002078 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-06-06 19:58 - 2016-06-06 19:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-06-06 19:51 - 2016-06-08 00:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-06-06 00:07 - 2016-06-08 00:46 - 00000000 ____D C:\FRST 2016-06-05 21:56 - 2016-06-07 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-06-05 21:53 - 2016-06-07 17:39 - 00000000 ____D C:\Users\KH\AppData\Roaming\Avira 2016-06-05 21:41 - 2016-06-05 21:41 - 00000000 ____D C:\Users\KH\AppData\Local\ElevatedDiagnostics 2016-06-05 21:01 - 2016-06-06 22:55 - 00001295 _____ C:\Users\KH\Desktop\Revo Uninstaller.lnk 2016-06-05 21:01 - 2016-06-06 22:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2016-06-05 20:08 - 2016-06-08 00:46 - 00000000 ____D C:\Users\KH\Downloads\File Pony 2016-06-05 18:22 - 2016-06-05 18:22 - 00000000 ____D C:\Program Files (x86)\ESET 2016-06-02 17:35 - 2016-06-02 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-06-02 10:36 - 2016-06-02 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-05-25 20:36 - 2016-05-25 20:36 - 00000000 ____D C:\Users\KH\Downloads\Snapform 2016-05-25 19:57 - 2016-05-25 19:57 - 00000000 ____D C:\Users\KH\AppData\Roaming\Mozilla 2016-05-25 19:50 - 2016-04-22 09:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-05-25 16:22 - 2016-04-14 17:25 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-05-25 16:22 - 2016-04-14 17:11 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-05-25 16:22 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-05-25 16:22 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-05-25 16:22 - 2016-04-10 07:35 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2016-05-25 16:22 - 2016-04-10 00:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll 2016-05-25 16:22 - 2016-04-10 00:14 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Geolocation.dll 2016-05-25 16:22 - 2016-04-10 00:10 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2016-05-25 16:22 - 2016-04-10 00:09 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2016-05-25 16:22 - 2016-04-10 00:02 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll 2016-05-25 16:22 - 2016-04-09 23:59 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll 2016-05-25 16:22 - 2016-04-09 23:59 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll 2016-05-25 16:22 - 2016-04-09 23:56 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2016-05-25 16:22 - 2016-04-09 23:55 - 00881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-05-25 16:22 - 2016-04-09 23:52 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll 2016-05-25 16:22 - 2016-04-07 18:34 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-05-25 16:22 - 2016-04-07 18:06 - 00927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2016-05-25 16:22 - 2016-04-07 17:36 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-05-25 16:22 - 2016-04-06 23:21 - 00114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys 2016-05-25 16:22 - 2016-04-06 20:20 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-05-25 16:22 - 2016-04-06 20:17 - 18825216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-05-25 16:22 - 2016-04-06 19:11 - 07074816 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-05-25 16:22 - 2016-04-06 18:40 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-05-25 16:22 - 2016-04-06 18:25 - 15158272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-05-25 16:22 - 2016-04-06 18:02 - 05269504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-05-25 16:22 - 2016-04-06 17:29 - 05265408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-05-25 16:22 - 2016-04-06 00:37 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys 2016-05-25 16:22 - 2016-04-02 15:58 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll 2016-05-25 16:22 - 2016-04-01 19:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2016-05-25 16:22 - 2016-04-01 19:00 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2016-05-25 16:22 - 2016-04-01 18:53 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2016-05-25 16:22 - 2016-04-01 18:50 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-05-25 16:22 - 2016-04-01 18:42 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2016-05-25 16:22 - 2016-04-01 18:41 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2016-05-25 16:22 - 2016-04-01 18:32 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2016-05-25 16:22 - 2016-03-31 08:53 - 07446360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-05-25 16:22 - 2016-03-31 08:51 - 01134776 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-05-25 16:22 - 2016-03-31 06:36 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-05-25 16:22 - 2016-02-04 18:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll 2016-05-25 16:22 - 2016-02-04 18:49 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2016-05-25 16:22 - 2016-02-04 18:39 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll 2016-05-11 12:34 - 2016-04-22 22:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-05-11 12:34 - 2016-04-22 22:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-05-11 12:34 - 2016-04-22 22:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-05-11 12:34 - 2016-04-22 22:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-05-11 12:34 - 2016-04-22 22:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-05-11 12:34 - 2016-04-22 22:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-05-11 12:34 - 2016-04-22 21:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-05-11 12:34 - 2016-04-22 21:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-05-11 12:34 - 2016-04-22 21:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-05-11 12:34 - 2016-04-22 21:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-05-11 12:34 - 2016-04-22 21:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-05-11 12:34 - 2016-04-22 21:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-05-11 12:34 - 2016-04-22 21:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-05-11 12:34 - 2016-04-22 21:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-05-11 12:34 - 2016-04-22 21:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-05-11 12:34 - 2016-04-22 21:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-05-11 12:34 - 2016-04-22 20:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-05-11 12:34 - 2016-04-22 20:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-05-11 12:34 - 2016-04-22 20:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-05-11 12:34 - 2016-04-22 20:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-05-11 12:34 - 2016-04-22 20:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-05-11 12:34 - 2016-04-22 20:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-05-11 12:34 - 2016-04-22 20:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-05-11 12:34 - 2016-04-22 20:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-05-11 12:34 - 2016-04-22 20:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-05-11 12:34 - 2016-04-22 20:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-05-11 12:34 - 2016-04-22 20:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-05-11 12:34 - 2016-04-22 20:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-05-11 12:34 - 2016-04-22 20:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-05-11 12:34 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-05-11 12:34 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-05-11 12:34 - 2016-04-06 23:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-05-11 12:34 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll 2016-05-11 12:34 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-05-11 12:34 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-05-11 12:34 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-05-11 12:34 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll 2016-05-11 12:34 - 2016-04-06 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-05-11 12:34 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-05-11 12:34 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-05-11 12:34 - 2016-04-06 18:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-05-11 12:34 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-05-11 12:34 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-05-11 12:34 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-05-11 12:33 - 2016-04-11 08:21 - 00074584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2016-05-11 12:33 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-05-11 12:33 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-05-11 12:33 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-05-11 12:33 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-05-11 12:33 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-05-11 12:33 - 2016-04-10 06:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-05-11 12:33 - 2016-04-10 01:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-05-11 12:33 - 2016-04-10 00:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-08 00:35 - 2015-06-01 11:55 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-08 00:10 - 2015-05-31 19:46 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4278822728-3545199388-2729823056-1001 2016-06-08 00:05 - 2015-06-01 23:17 - 00000000 __SHD C:\Users\KH\IntelGraphicsProfiles 2016-06-08 00:05 - 2015-06-01 11:55 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-08 00:05 - 2015-05-31 20:03 - 00000000 __RDO C:\Users\KH\OneDrive 2016-06-07 18:02 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-07 18:01 - 2014-08-25 07:25 - 00018944 _____ C:\WINDOWS\system32\VfService.trf 2016-06-07 17:43 - 2014-08-25 07:17 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-07 17:39 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2016-06-07 09:43 - 2015-06-01 12:20 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-06-06 20:49 - 2015-06-01 12:22 - 00000000 ____D C:\Users\KH\AppData\Local\Adobe 2016-06-06 20:49 - 2015-06-01 12:19 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-06-05 22:03 - 2014-08-25 15:54 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat 2016-06-05 22:03 - 2014-08-25 15:54 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat 2016-06-05 22:03 - 2014-03-18 11:53 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-05 21:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-06-05 20:46 - 2015-06-01 13:58 - 00000000 ____D C:\Download Programme 2016-06-03 19:04 - 2015-06-01 11:55 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-03 18:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2016-06-03 17:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-02 23:51 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-06-02 23:50 - 2015-06-01 22:20 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-06-02 23:50 - 2015-06-01 22:20 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-06-02 23:29 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-06-02 23:19 - 2015-05-31 20:33 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-06-02 23:06 - 2015-05-31 19:38 - 00000000 ____D C:\Users\KH 2016-06-02 23:03 - 2015-06-01 22:20 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2016-06-02 23:03 - 2014-03-18 11:38 - 00000000 ____D C:\WINDOWS\ShellNew 2016-06-02 23:03 - 2014-03-18 11:38 - 00000000 ____D C:\Program Files\Windows Journal 2016-06-02 23:03 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-06-02 23:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppCompat 2016-06-02 23:03 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-06-02 23:00 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-02 22:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\registration 2016-06-02 22:46 - 2015-06-01 15:11 - 00000000 ____D C:\Users\KH\Me 2016-05-13 19:47 - 2015-06-01 22:23 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-05-11 22:08 - 2015-06-01 22:32 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-05-11 22:08 - 2015-06-01 22:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-11 12:44 - 2013-08-22 16:44 - 00381448 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-05-11 12:42 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(342) 2016-05-11 12:40 - 2015-06-01 20:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-11 12:35 - 2015-06-01 20:43 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-11 11:30 - 2015-06-01 11:55 - 00004106 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 11:30 - 2015-06-01 11:55 - 00003870 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-08-25 06:43 - 2014-08-25 06:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\KH\AppData\Local\Temp\avgnt.exe C:\Users\KH\AppData\Local\Temp\libeay32.dll C:\Users\KH\AppData\Local\Temp\msvcr120.dll C:\Users\KH\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-06-05 12:32 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-06-2016
durchgeführt von KH (2016-06-08 00:47:13)
Gestartet von C:\Users\KH\Downloads\File Pony
Windows 8.1 (Update) (X64) (2015-05-31 17:38:21)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4278822728-3545199388-2729823056-500 - Administrator - Disabled)
Gast (S-1-5-21-4278822728-3545199388-2729823056-501 - Limited - Disabled)
KH (S-1-5-21-4278822728-3545199388-2729823056-1001 - Administrator - Enabled) => C:\Users\KH
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.79 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.829.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 354.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 354.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Snapform Viewer 1.7.39 (HKLM-x32\...\2841-5017-1617-4151) (Version: 1.7.39 - Ringler Informatik AG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4278822728-3545199388-2729823056-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {036B2B68-20F2-4119-9E53-FF0557BC91EB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {092895C6-B226-4A3E-A7E3-90B366BFAADF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {44411367-D51B-4C6C-8368-AEADB8063459} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {4C86DAF0-3C70-4ED9-A58F-FF51743AE6D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {5838DFD7-102E-4EDC-89E9-3982F0DD808A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {8803F75A-30E9-4AF0-87AB-05C9DB4CE6AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-01] (Google Inc.)
Task: {8E5CDC88-F1DF-4255-8004-9FF66DBFC915} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-01] (Google Inc.)
Task: {9FE95601-DF6D-42AA-8701-CB78304777FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-05-31 20:33 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-25 07:22 - 2012-04-25 04:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-08-25 07:25 - 2014-08-25 07:25 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-08-25 07:25 - 2014-08-25 07:25 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-08-25 06:39 - 2015-10-15 05:59 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-25 15:31 - 2015-08-09 04:50 - 00404376 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-06-03 19:04 - 2016-06-01 08:38 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libglesv2.dll
2016-06-03 19:04 - 2016-06-01 08:38 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libegl.dll
2015-08-09 04:52 - 2015-08-09 04:52 - 17973744 _____ () C:\WINDOWS\SYSTEM32\igd11dxva64.dll
2014-08-25 06:42 - 2013-09-04 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-02-24 00:32 - 2016-02-24 00:32 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 80.69.100.205 - 80.69.100.213
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D37D03F8-49F6-4665-B0F1-9558211D75AC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5A4D4100-B973-406A-9253-C3D79A851C13}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C47E6A96-3C5F-4184-AE80-78D3864F57DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B928A7C1-DB7D-4AED-9729-74468CB8A898}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{87A419C3-461D-41FC-88B9-DD52C1CDCB3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{751FB353-FDB0-4746-8256-FD54BFCC346F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE51D775-A726-4681-B00D-DD67CF6D2E07}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F47B0B6A-B2D8-40DC-AB43-8ADD4EB78EBF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B897F9BD-7472-4695-B4B7-1DA9BB01305E}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{89337636-45A9-4FD0-A047-ADFD3F30FAC5}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{6D737568-5306-4C01-9A5D-E6A731680935}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C3CD2676-3B0D-4D4F-9310-0E505AC6EF4E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
27-05-2016 21:28:06 Windows Update
02-06-2016 02:55:31 Wiederherstellungsvorgang
05-06-2016 20:54:52 JRT Pre-Junkware Removal
05-06-2016 20:59:48 JRT Pre-Junkware Removal
05-06-2016 22:24:38 JRT Pre-Junkware Removal
06-06-2016 20:04:50 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/07/2016 06:26:47 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (06/07/2016 09:37:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 10:52:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 10:48:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 10:48:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 08:52:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 08:52:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 12:06:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/05/2016 10:33:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/05/2016 10:33:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Systemfehler:
=============
Error: (06/07/2016 06:02:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Fehlercode: 126
Error: (06/07/2016 06:01:39 PM) (Source: DCOM) (EventID: 10010) (User: DABLUES)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (06/07/2016 06:01:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (06/07/2016 06:01:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/07/2016 06:01:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/07/2016 06:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/07/2016 06:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/07/2016 06:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/07/2016 06:01:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/07/2016 06:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo64 Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 8116.27 MB
Verfügbarer physikalischer RAM: 5869.77 MB
Summe virtueller Speicher: 9588.27 MB
Verfügbarer virtueller Speicher: 6680.77 MB
==================== Laufwerke ================================
Drive c: (Windows8_OS) (Fixed) (Total:423.61 GB) (Free:354.73 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.89 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0AB09FFE)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
08.06.2016, 00:47
| #4 |
| | Yahoo Targo12 Probleme TDSSKiller no Threats found. Anbei Report: Code:
ATTFilter 01:13:32.0167 0x0e44 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
01:13:32.0167 0x0e44 UEFI system
01:14:11.0818 0x0e44 ============================================================
01:14:11.0819 0x0e44 Current date / time: 2016/06/08 01:14:11.0818
01:14:11.0819 0x0e44 SystemInfo:
01:14:11.0819 0x0e44
01:14:11.0819 0x0e44 OS Version: 6.3.9600 ServicePack: 0.0
01:14:11.0819 0x0e44 Product type: Workstation
01:14:11.0819 0x0e44 ComputerName: DABLUES
01:14:11.0819 0x0e44 UserName: KH
01:14:11.0819 0x0e44 Windows directory: C:\WINDOWS
01:14:11.0819 0x0e44 System windows directory: C:\WINDOWS
01:14:11.0819 0x0e44 Running under WOW64
01:14:11.0819 0x0e44 Processor architecture: Intel x64
01:14:11.0819 0x0e44 Number of processors: 4
01:14:11.0819 0x0e44 Page size: 0x1000
01:14:11.0819 0x0e44 Boot type: Normal boot
01:14:11.0819 0x0e44 ============================================================
01:14:11.0918 0x0e44 KLMD registered as C:\WINDOWS\system32\drivers\57833971.sys
01:14:12.0559 0x0e44 System UUID: {23DF8C97-E188-1DA3-2F26-B11077D888A0}
01:14:13.0303 0x0e44 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:14:13.0364 0x0e44 ============================================================
01:14:13.0364 0x0e44 \Device\Harddisk0\DR0:
01:14:13.0379 0x0e44 GPT partitions:
01:14:13.0379 0x0e44 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6A80CCC3-3FEE-4A46-AEE2-492C07A0214C}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
01:14:13.0379 0x0e44 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1E30FE12-A8AB-4E78-8B5D-B8394C44C0C6}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
01:14:13.0379 0x0e44 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {FB0B77F2-2ECD-4FBA-8993-74DF65FF8766}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
01:14:13.0379 0x0e44 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4D1F8843-6730-4331-AF92-4F8FDBE49E97}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
01:14:13.0379 0x0e44 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {402C926F-1B05-477E-9D8A-1EBA43C9A67B}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x34F38800
01:14:13.0379 0x0e44 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C390AEE5-47F4-4958-B651-85EF2FC5AB30}, Name: Basic data partition, StartLBA 0x353E3000, BlocksNum 0x3200000
01:14:13.0379 0x0e44 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {26A313FF-2BFC-4180-BE1D-BDA120BA8D60}, Name: Basic data partition, StartLBA 0x385E3000, BlocksNum 0x1DA3000
01:14:13.0379 0x0e44 MBR partitions:
01:14:13.0379 0x0e44 ============================================================
01:14:13.0379 0x0e44 C: <-> \Device\Harddisk0\DR0\Partition5
01:14:13.0426 0x0e44 D: <-> \Device\Harddisk0\DR0\Partition6
01:14:13.0426 0x0e44 ============================================================
01:14:13.0426 0x0e44 Initialize success
01:14:13.0426 0x0e44 ============================================================
01:15:24.0903 0x0be8 ============================================================
01:15:24.0903 0x0be8 Scan started
01:15:24.0903 0x0be8 Mode: Manual; SigCheck; TDLFS;
01:15:24.0903 0x0be8 ============================================================
01:15:24.0903 0x0be8 KSN ping started
01:15:27.0215 0x0be8 KSN ping finished: true
01:15:28.0009 0x0be8 ================ Scan system memory ========================
01:15:28.0009 0x0be8 System memory - ok
01:15:28.0009 0x0be8 ================ Scan services =============================
01:15:28.0217 0x0be8 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
01:15:28.0270 0x0be8 1394ohci - ok
01:15:28.0280 0x0be8 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
01:15:28.0288 0x0be8 3ware - ok
01:15:28.0311 0x0be8 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
01:15:28.0329 0x0be8 ACPI - ok
01:15:28.0334 0x0be8 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
01:15:28.0342 0x0be8 acpiex - ok
01:15:28.0345 0x0be8 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
01:15:28.0352 0x0be8 acpipagr - ok
01:15:28.0355 0x0be8 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
01:15:28.0362 0x0be8 AcpiPmi - ok
01:15:28.0366 0x0be8 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
01:15:28.0371 0x0be8 acpitime - ok
01:15:28.0380 0x0be8 [ AF7A18603B0B82DFA5B420456FAF2201, 64AD831433778BB0B0B1615EEA7682960ED5815A091A9EFEE95A862EFBDE6D69 ] ACPIVPC C:\WINDOWS\System32\drivers\AcpiVpc.sys
01:15:28.0393 0x0be8 ACPIVPC - ok
01:15:28.0409 0x0be8 [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:15:28.0424 0x0be8 AdobeARMservice - ok
01:15:28.0445 0x0be8 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
01:15:28.0466 0x0be8 ADP80XX - ok
01:15:28.0476 0x0be8 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
01:15:28.0487 0x0be8 AeLookupSvc - ok
01:15:28.0509 0x0be8 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\WINDOWS\system32\drivers\afd.sys
01:15:28.0526 0x0be8 AFD - ok
01:15:28.0531 0x0be8 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
01:15:28.0538 0x0be8 agp440 - ok
01:15:28.0543 0x0be8 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
01:15:28.0551 0x0be8 ahcache - ok
01:15:28.0556 0x0be8 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
01:15:28.0564 0x0be8 ALG - ok
01:15:28.0571 0x0be8 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
01:15:28.0578 0x0be8 AmdK8 - ok
01:15:28.0584 0x0be8 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
01:15:28.0591 0x0be8 AmdPPM - ok
01:15:28.0596 0x0be8 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
01:15:28.0603 0x0be8 amdsata - ok
01:15:28.0609 0x0be8 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
01:15:28.0609 0x0be8 amdsbs - ok
01:15:28.0626 0x0be8 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
01:15:28.0633 0x0be8 amdxata - ok
01:15:28.0638 0x0be8 [ 4126D30992B26303E47E8981313FD6D6, 4C8DB2DDDB88FBEA87CDBFB93D9855B40043778878AF4A5571C174434F9C0D4C ] AmUStor C:\WINDOWS\system32\drivers\AmUStor.SYS
01:15:28.0645 0x0be8 AmUStor - ok
01:15:28.0650 0x0be8 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
01:15:28.0657 0x0be8 AppID - ok
01:15:28.0661 0x0be8 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
01:15:28.0668 0x0be8 AppIDSvc - ok
01:15:28.0673 0x0be8 [ 734622FBA766DBD65B1803549B24A04A, 3B6872B87A60D4DA265D3B8AB0561A929CFE2C097419183E93D3843422363C89 ] Appinfo C:\WINDOWS\System32\appinfo.dll
01:15:28.0682 0x0be8 Appinfo - ok
01:15:28.0697 0x0be8 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
01:15:28.0713 0x0be8 AppReadiness - ok
01:15:28.0743 0x0be8 [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
01:15:28.0771 0x0be8 AppXSvc - ok
01:15:28.0778 0x0be8 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
01:15:28.0786 0x0be8 arcsas - ok
01:15:28.0790 0x0be8 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
01:15:28.0796 0x0be8 atapi - ok
01:15:28.0810 0x0be8 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
01:15:28.0821 0x0be8 AudioEndpointBuilder - ok
01:15:28.0842 0x0be8 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
01:15:28.0863 0x0be8 Audiosrv - ok
01:15:28.0893 0x0be8 Avira.ServiceHost - ok
01:15:28.0898 0x0be8 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
01:15:28.0906 0x0be8 AxInstSV - ok
01:15:28.0909 0x0be8 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
01:15:28.0936 0x0be8 b06bdrv - ok
01:15:28.0941 0x0be8 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
01:15:28.0948 0x0be8 BasicDisplay - ok
01:15:28.0951 0x0be8 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
01:15:28.0957 0x0be8 BasicRender - ok
01:15:29.0122 0x0be8 [ 626993CA204D0DE1C3023F635C013F2B, 264CF2883EBD7A005AA1D17BAEF367E489F11B93ABDFD0BDF87F50748A82A883 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys
01:15:29.0244 0x0be8 BCM43XX - ok
01:15:29.0255 0x0be8 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
01:15:29.0259 0x0be8 bcmfn2 - ok
01:15:29.0269 0x0be8 [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC C:\WINDOWS\System32\bdesvc.dll
01:15:29.0281 0x0be8 BDESVC - ok
01:15:29.0284 0x0be8 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:15:29.0291 0x0be8 Beep - ok
01:15:29.0329 0x0be8 [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE C:\WINDOWS\System32\bfe.dll
01:15:29.0348 0x0be8 BFE - ok
01:15:29.0370 0x0be8 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
01:15:29.0392 0x0be8 BITS - ok
01:15:29.0397 0x0be8 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
01:15:29.0405 0x0be8 bowser - ok
01:15:29.0409 0x0be8 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
01:15:29.0409 0x0be8 BrokerInfrastructure - ok
01:15:29.0430 0x0be8 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
01:15:29.0438 0x0be8 Browser - ok
01:15:29.0442 0x0be8 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
01:15:29.0449 0x0be8 BthAvrcpTg - ok
01:15:29.0453 0x0be8 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
01:15:29.0461 0x0be8 BthHFEnum - ok
01:15:29.0464 0x0be8 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
01:15:29.0471 0x0be8 bthhfhid - ok
01:15:29.0480 0x0be8 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
01:15:29.0491 0x0be8 BthHFSrv - ok
01:15:29.0496 0x0be8 [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
01:15:29.0502 0x0be8 BTHMODEM - ok
01:15:29.0511 0x0be8 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
01:15:29.0518 0x0be8 bthserv - ok
01:15:29.0524 0x0be8 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
01:15:29.0532 0x0be8 cdfs - ok
01:15:29.0540 0x0be8 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
01:15:29.0549 0x0be8 cdrom - ok
01:15:29.0558 0x0be8 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
01:15:29.0567 0x0be8 CertPropSvc - ok
01:15:29.0571 0x0be8 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
01:15:29.0580 0x0be8 circlass - ok
01:15:29.0601 0x0be8 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
01:15:29.0609 0x0be8 CLFS - ok
01:15:29.0692 0x0be8 [ 4DDC45ACA9EEAB337F6D8E50C87CF1BF, F004079B1E6629E1112190D4F773134EDEC1E2EF17E7181BC1D02A570EB8F1CE ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
01:15:29.0745 0x0be8 ClickToRunSvc - ok
01:15:29.0756 0x0be8 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
01:15:29.0762 0x0be8 CmBatt - ok
01:15:29.0776 0x0be8 [ 6A48941C527C8C51051A1514C5B23A31, B0553DAE1F70DB43F2FB3BE699B80783B7943CDE8B31FB3AAB98E689971DFA51 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
01:15:29.0794 0x0be8 CNG - ok
01:15:29.0799 0x0be8 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
01:15:29.0807 0x0be8 CompositeBus - ok
01:15:29.0808 0x0be8 COMSysApp - ok
01:15:29.0808 0x0be8 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
01:15:29.0808 0x0be8 condrv - ok
01:15:29.0884 0x0be8 [ DAC4D7D79C07957F237E1A4F24435E96, F0D5C21A403580D71F1F6B049C5BB043D3257D39FABCDE623E81CD48034610AC ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
01:15:29.0906 0x0be8 cphs - ok
01:15:29.0915 0x0be8 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
01:15:29.0925 0x0be8 CryptSvc - ok
01:15:29.0931 0x0be8 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\WINDOWS\system32\drivers\dam.sys
01:15:29.0938 0x0be8 dam - ok
01:15:29.0959 0x0be8 [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:15:29.0979 0x0be8 DcomLaunch - ok
01:15:29.0993 0x0be8 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
01:15:30.0007 0x0be8 defragsvc - ok
01:15:30.0009 0x0be8 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
01:15:30.0033 0x0be8 DeviceAssociationService - ok
01:15:30.0039 0x0be8 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
01:15:30.0049 0x0be8 DeviceInstall - ok
01:15:30.0054 0x0be8 [ FDE50F8CBFC986086FE47D3D582F80BE, 4D0D5C6F9B1B7EF76F89F78B79AF8D7BBFF05127F512A14701012EB01599B898 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
01:15:30.0063 0x0be8 Dfsc - ok
01:15:30.0097 0x0be8 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
01:15:30.0108 0x0be8 Dhcp - ok
01:15:30.0144 0x0be8 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
01:15:30.0177 0x0be8 DiagTrack - ok
01:15:30.0189 0x0be8 [ 8B1E62881D5AC68E673CD94B136B34AC, A0C50F17041E43AC07B67A74F2C408820316201439F47CDEA37A4F5891CC0E6F ] disk C:\WINDOWS\system32\drivers\disk.sys
01:15:30.0197 0x0be8 disk - ok
01:15:30.0209 0x0be8 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
01:15:30.0209 0x0be8 dmvsc - ok
01:15:30.0209 0x0be8 [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:15:30.0233 0x0be8 Dnscache - ok
01:15:30.0241 0x0be8 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
01:15:30.0252 0x0be8 dot3svc - ok
01:15:30.0258 0x0be8 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
01:15:30.0258 0x0be8 DPS - ok
01:15:30.0258 0x0be8 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
01:15:30.0279 0x0be8 drmkaud - ok
01:15:30.0286 0x0be8 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
01:15:30.0296 0x0be8 DsmSvc - ok
01:15:30.0340 0x0be8 [ F74B839FA0F4E6060CA1DA6B8DA17941, EF493E1F55FCD6A8C32B3D5D5809B7EFCCC9829E9A347522D1E6FE080D41BF37 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
01:15:30.0380 0x0be8 DXGKrnl - ok
01:15:30.0408 0x0be8 [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
01:15:30.0424 0x0be8 e1iexpress - ok
01:15:30.0424 0x0be8 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
01:15:30.0440 0x0be8 Eaphost - ok
01:15:30.0508 0x0be8 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
01:15:30.0586 0x0be8 ebdrv - ok
01:15:30.0586 0x0be8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
01:15:30.0602 0x0be8 EFS - ok
01:15:30.0602 0x0be8 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
01:15:30.0602 0x0be8 EhStorClass - ok
01:15:30.0618 0x0be8 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
01:15:30.0618 0x0be8 EhStorTcgDrv - ok
01:15:30.0618 0x0be8 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
01:15:30.0633 0x0be8 ErrDev - ok
01:15:30.0665 0x0be8 [ 5DEB98736E142C943F27EDBD6A048BC7, D9514CC98E23969C577277756197C888A0D0B3D439340899B32D84D2675903A7 ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
01:15:30.0680 0x0be8 ESProtectionDriver - ok
01:15:30.0712 0x0be8 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
01:15:30.0734 0x0be8 EventSystem - ok
01:15:30.0750 0x0be8 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
01:15:30.0765 0x0be8 exfat - ok
01:15:30.0765 0x0be8 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
01:15:30.0781 0x0be8 fastfat - ok
01:15:30.0796 0x0be8 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
01:15:30.0812 0x0be8 Fax - ok
01:15:30.0812 0x0be8 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
01:15:30.0812 0x0be8 fdc - ok
01:15:30.0828 0x0be8 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
01:15:30.0828 0x0be8 fdPHost - ok
01:15:30.0828 0x0be8 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
01:15:30.0843 0x0be8 FDResPub - ok
01:15:30.0843 0x0be8 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
01:15:30.0859 0x0be8 fhsvc - ok
01:15:30.0859 0x0be8 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
01:15:30.0859 0x0be8 FileInfo - ok
01:15:30.0874 0x0be8 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
01:15:30.0874 0x0be8 Filetrace - ok
01:15:30.0890 0x0be8 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
01:15:30.0890 0x0be8 flpydisk - ok
01:15:30.0937 0x0be8 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
01:15:30.0937 0x0be8 FltMgr - ok
01:15:30.0968 0x0be8 [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache C:\WINDOWS\system32\FntCache.dll
01:15:31.0000 0x0be8 FontCache - ok
01:15:31.0031 0x0be8 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:15:31.0031 0x0be8 FontCache3.0.0.0 - ok
01:15:31.0031 0x0be8 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
01:15:31.0046 0x0be8 FsDepends - ok
01:15:31.0046 0x0be8 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:15:31.0046 0x0be8 Fs_Rec - ok
01:15:31.0062 0x0be8 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
01:15:31.0093 0x0be8 fvevol - ok
01:15:31.0097 0x0be8 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
01:15:31.0104 0x0be8 FxPPM - ok
01:15:31.0108 0x0be8 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
01:15:31.0124 0x0be8 gagp30kx - ok
01:15:31.0124 0x0be8 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
01:15:31.0124 0x0be8 gencounter - ok
01:15:31.0139 0x0be8 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
01:15:31.0139 0x0be8 GPIOClx0101 - ok
01:15:31.0171 0x0be8 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
01:15:31.0202 0x0be8 gpsvc - ok
01:15:31.0202 0x0be8 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:15:31.0218 0x0be8 gupdate - ok
01:15:31.0218 0x0be8 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:15:31.0218 0x0be8 gupdatem - ok
01:15:31.0233 0x0be8 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
01:15:31.0249 0x0be8 HdAudAddService - ok
01:15:31.0249 0x0be8 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
01:15:31.0264 0x0be8 HDAudBus - ok
01:15:31.0264 0x0be8 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
01:15:31.0280 0x0be8 HidBatt - ok
01:15:31.0280 0x0be8 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
01:15:31.0280 0x0be8 HidBth - ok
01:15:31.0296 0x0be8 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
01:15:31.0296 0x0be8 hidi2c - ok
01:15:31.0296 0x0be8 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
01:15:31.0311 0x0be8 HidIr - ok
01:15:31.0311 0x0be8 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
01:15:31.0311 0x0be8 hidserv - ok
01:15:31.0327 0x0be8 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
01:15:31.0343 0x0be8 HidUsb - ok
01:15:31.0343 0x0be8 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
01:15:31.0358 0x0be8 hkmsvc - ok
01:15:31.0358 0x0be8 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
01:15:31.0374 0x0be8 HomeGroupListener - ok
01:15:31.0389 0x0be8 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
01:15:31.0405 0x0be8 HomeGroupProvider - ok
01:15:31.0405 0x0be8 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
01:15:31.0421 0x0be8 HpSAMD - ok
01:15:31.0436 0x0be8 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
01:15:31.0468 0x0be8 HTTP - ok
01:15:31.0468 0x0be8 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
01:15:31.0468 0x0be8 hwpolicy - ok
01:15:31.0483 0x0be8 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
01:15:31.0483 0x0be8 hyperkbd - ok
01:15:31.0483 0x0be8 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
01:15:31.0483 0x0be8 HyperVideo - ok
01:15:31.0499 0x0be8 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
01:15:31.0499 0x0be8 i8042prt - ok
01:15:31.0514 0x0be8 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
01:15:31.0514 0x0be8 iaLPSSi_GPIO - ok
01:15:31.0514 0x0be8 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
01:15:31.0530 0x0be8 iaLPSSi_I2C - ok
01:15:31.0546 0x0be8 [ E5A15FEDEBDFB8E12CB94DBF01833775, 9C751A1FD8A5CEC8DD9FE8AE46E86A514C67F07EED04AB23A26A36F400DF8EA4 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
01:15:31.0577 0x0be8 iaStorA - ok
01:15:31.0593 0x0be8 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
01:15:31.0608 0x0be8 iaStorAV - ok
01:15:31.0630 0x0be8 [ 95BA9605AE793746D8F6AD18E5DA7EFE, 1CFB12E798E268D812EB20EBC85AC1DD1345F073389DEF79986BA45E7BDC701D ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
01:15:31.0635 0x0be8 IAStorDataMgrSvc - ok
01:15:31.0646 0x0be8 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
01:15:31.0660 0x0be8 iaStorV - ok
01:15:31.0662 0x0be8 IEEtwCollectorService - ok
01:15:31.0779 0x0be8 [ 5863E2DD2E5C2D1B1F70C3826C162A7B, A6A0DBFA91F53D116AFFC1644F636A9D33A20B00A842A190190584F8AE2D1FF0 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
01:15:31.0859 0x0be8 igfx - ok
01:15:31.0881 0x0be8 [ C5202C7669226FF13A74228BD42AD982, BA843DEF6649DF34F9D0D0A380E77557D7785B8239A61EA33EFF08AEF0C8E6DE ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
01:15:31.0893 0x0be8 igfxCUIService1.0.0.0 - ok
01:15:31.0929 0x0be8 [ 2530D33CE2F5F30D08A039EC33E91F17, DE1669A9F67C9CA3EEF6D0D0A56167318E4DB50965D87BF94A2795A21EBEE979 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
01:15:31.0952 0x0be8 IKEEXT - ok
01:15:31.0958 0x0be8 [ 5950F69F9B345952F3C2275C39EA393B, 382923DE0F5F25285F8C86BA628350DF1CFB6E63FF20736CF9285FB0F36A76DE ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
01:15:31.0958 0x0be8 intaud_WaveExtensible - ok
01:15:31.0974 0x0be8 [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
01:15:31.0989 0x0be8 IntcDAud - ok
01:15:32.0005 0x0be8 [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
01:15:32.0021 0x0be8 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
01:15:34.0345 0x0be8 Detect skipped due to KSN trusted
01:15:34.0346 0x0be8 Intel(R) Capability Licensing Service Interface - ok
01:15:34.0384 0x0be8 [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
01:15:34.0408 0x0be8 Intel(R) Capability Licensing Service TCP IP Interface - ok
01:15:34.0408 0x0be8 [ B1B3CED4AACC96080EE7E7516A558184, 3B76DDC32EDEF6FFC5722FB063576FBE154A958A73F9E3B377E541C9BB2F06D5 ] IntelHSWPcc C:\WINDOWS\system32\drivers\IntelPcc.sys
01:15:34.0408 0x0be8 IntelHSWPcc - ok
01:15:34.0425 0x0be8 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
01:15:34.0432 0x0be8 intelide - ok
01:15:34.0436 0x0be8 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
01:15:34.0442 0x0be8 intelpep - ok
01:15:34.0448 0x0be8 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
01:15:34.0455 0x0be8 intelppm - ok
01:15:34.0460 0x0be8 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:15:34.0469 0x0be8 IpFilterDriver - ok
01:15:34.0491 0x0be8 [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
01:15:34.0513 0x0be8 iphlpsvc - ok
01:15:34.0518 0x0be8 [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
01:15:34.0527 0x0be8 IPMIDRV - ok
01:15:34.0532 0x0be8 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
01:15:34.0540 0x0be8 IPNAT - ok
01:15:34.0544 0x0be8 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
01:15:34.0552 0x0be8 IRENUM - ok
01:15:34.0563 0x0be8 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
01:15:34.0569 0x0be8 isapnp - ok
01:15:34.0580 0x0be8 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
01:15:34.0591 0x0be8 iScsiPrt - ok
01:15:34.0597 0x0be8 [ F1D3A377ED9BA1CA449824C41CAF104C, EA0E90D5D827664CFDB644753C6DC134C3F8F852F24175EC8328A9FA925B25BF ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
01:15:34.0602 0x0be8 iwdbus - ok
01:15:34.0611 0x0be8 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
01:15:34.0618 0x0be8 jhi_service - ok
01:15:34.0623 0x0be8 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
01:15:34.0631 0x0be8 kbdclass - ok
01:15:34.0635 0x0be8 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
01:15:34.0642 0x0be8 kbdhid - ok
01:15:34.0647 0x0be8 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
01:15:34.0653 0x0be8 kdnic - ok
01:15:34.0656 0x0be8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
01:15:34.0665 0x0be8 KeyIso - ok
01:15:34.0670 0x0be8 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
01:15:34.0678 0x0be8 KSecDD - ok
01:15:34.0686 0x0be8 [ A950AB512ED2BD847789FAAD3E967AFA, 005340965B30C5A14E4E081E2CDF7214D2C00BAF05C62DA9ED63EA3026E70C8A ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
01:15:34.0696 0x0be8 KSecPkg - ok
01:15:34.0700 0x0be8 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
01:15:34.0708 0x0be8 ksthunk - ok
01:15:34.0721 0x0be8 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
01:15:34.0735 0x0be8 KtmRm - ok
01:15:34.0741 0x0be8 [ 4E5EA006CFFB96E0BAFC767D659AAB9A, A24A334955FB98D0903971454FADAC639D535BD32BB48964BD95019C7F6C454E ] L1C C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
01:15:34.0748 0x0be8 L1C - ok
01:15:34.0758 0x0be8 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
01:15:34.0770 0x0be8 LanmanServer - ok
01:15:34.0779 0x0be8 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
01:15:34.0790 0x0be8 LanmanWorkstation - ok
01:15:34.0805 0x0be8 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
01:15:34.0820 0x0be8 lfsvc - ok
01:15:34.0825 0x0be8 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
01:15:34.0834 0x0be8 lltdio - ok
01:15:34.0843 0x0be8 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
01:15:34.0854 0x0be8 lltdsvc - ok
01:15:34.0857 0x0be8 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
01:15:34.0865 0x0be8 lmhosts - ok
01:15:34.0876 0x0be8 [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:15:34.0886 0x0be8 LMS - ok
01:15:34.0892 0x0be8 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
01:15:34.0900 0x0be8 LSI_SAS - ok
01:15:34.0905 0x0be8 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
01:15:34.0908 0x0be8 LSI_SAS2 - ok
01:15:34.0925 0x0be8 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
01:15:34.0933 0x0be8 LSI_SAS3 - ok
01:15:34.0938 0x0be8 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
01:15:34.0945 0x0be8 LSI_SSS - ok
01:15:34.0964 0x0be8 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
01:15:34.0985 0x0be8 LSM - ok
01:15:34.0992 0x0be8 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
01:15:35.0000 0x0be8 luafv - ok
01:15:35.0039 0x0be8 [ 8DBF3E38A0AA715FFB0C86FFDCF052B4, 4BBF101976637EEE0CC9D3053687328020C1E9133F363B1B30C713CB7EF7ABAF ] MbaeSvc C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
01:15:35.0056 0x0be8 MbaeSvc - ok
01:15:35.0077 0x0be8 [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
01:15:35.0082 0x0be8 MBAMProtector - ok
01:15:35.0179 0x0be8 [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
01:15:35.0208 0x0be8 MBAMScheduler - ok
01:15:35.0263 0x0be8 [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
01:15:35.0285 0x0be8 MBAMService - ok
01:15:35.0293 0x0be8 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
01:15:35.0300 0x0be8 MBAMSwissArmy - ok
01:15:35.0311 0x0be8 [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
01:15:35.0317 0x0be8 MBAMWebAccessControl - ok
01:15:35.0323 0x0be8 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
01:15:35.0330 0x0be8 megasas - ok
01:15:35.0344 0x0be8 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
01:15:35.0364 0x0be8 megasr - ok
01:15:35.0370 0x0be8 [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64 C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
01:15:35.0376 0x0be8 MEIx64 - ok
01:15:35.0381 0x0be8 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
01:15:35.0389 0x0be8 MMCSS - ok
01:15:35.0392 0x0be8 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
01:15:35.0402 0x0be8 Modem - ok
01:15:35.0405 0x0be8 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
01:15:35.0413 0x0be8 monitor - ok
01:15:35.0417 0x0be8 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
01:15:35.0423 0x0be8 mouclass - ok
01:15:35.0429 0x0be8 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
01:15:35.0436 0x0be8 mouhid - ok
01:15:35.0447 0x0be8 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
01:15:35.0454 0x0be8 mountmgr - ok
01:15:35.0459 0x0be8 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
01:15:35.0467 0x0be8 mpsdrv - ok
01:15:35.0488 0x0be8 [ D1418745A5472F3930A288E05B9E2C05, 95785F0FA7EE239459C0288DB37E9E54648029FD6FE45A61E6343526D67FFA32 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
01:15:35.0511 0x0be8 MpsSvc - ok
01:15:35.0517 0x0be8 [ D2AC8F07995CE6CD18848C129435B481, 839B04116B49A757950E049150F6AADE41335914CC699ED73BE886BECAC39D36 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
01:15:35.0527 0x0be8 MRxDAV - ok
01:15:35.0539 0x0be8 [ 5DCD41F62F71519D2A46D41F60C69B0C, A9C2F8B8F82BDBF48F34D5837ED27CE251C75232A07AF26F7B796D2A106795A0 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:15:35.0551 0x0be8 mrxsmb - ok
01:15:35.0560 0x0be8 [ D7C9BC4D37BF08C7DD436A0A5F321668, 30A5AF211BEC89E26134CDAE3E60D0D9F0AE2748F56E9D09B07431206AD381C6 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
01:15:35.0573 0x0be8 mrxsmb10 - ok
01:15:35.0581 0x0be8 [ FE219A7107C4BC3BBC35D6CDC281612C, 98CA0FECF1F7269DAED43561FA40AAC1A9456F2C2FE7C1243C628F78864D2F54 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
01:15:35.0590 0x0be8 mrxsmb20 - ok
01:15:35.0597 0x0be8 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
01:15:35.0605 0x0be8 MsBridge - ok
01:15:35.0611 0x0be8 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
01:15:35.0619 0x0be8 MSDTC - ok
01:15:35.0627 0x0be8 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:15:35.0635 0x0be8 Msfs - ok
01:15:35.0639 0x0be8 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
01:15:35.0646 0x0be8 msgpiowin32 - ok
01:15:35.0650 0x0be8 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
01:15:35.0656 0x0be8 mshidkmdf - ok
01:15:35.0660 0x0be8 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
01:15:35.0666 0x0be8 mshidumdf - ok
01:15:35.0670 0x0be8 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
01:15:35.0676 0x0be8 msisadrv - ok
01:15:35.0683 0x0be8 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
01:15:35.0691 0x0be8 MSiSCSI - ok
01:15:35.0694 0x0be8 msiserver - ok
01:15:35.0697 0x0be8 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:15:35.0704 0x0be8 MSKSSRV - ok
01:15:35.0712 0x0be8 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
01:15:35.0719 0x0be8 MsLldp - ok
01:15:35.0722 0x0be8 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:15:35.0729 0x0be8 MSPCLOCK - ok
01:15:35.0732 0x0be8 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
01:15:35.0738 0x0be8 MSPQM - ok
01:15:35.0750 0x0be8 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
01:15:35.0766 0x0be8 MsRPC - ok
01:15:35.0771 0x0be8 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
01:15:35.0779 0x0be8 mssmbios - ok
01:15:35.0782 0x0be8 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
01:15:35.0788 0x0be8 MSTEE - ok
01:15:35.0791 0x0be8 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
01:15:35.0799 0x0be8 MTConfig - ok
01:15:35.0804 0x0be8 [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup C:\WINDOWS\system32\Drivers\mup.sys
01:15:35.0813 0x0be8 Mup - ok
01:15:35.0817 0x0be8 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
01:15:35.0824 0x0be8 mvumis - ok
01:15:35.0837 0x0be8 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
01:15:35.0852 0x0be8 napagent - ok
01:15:35.0865 0x0be8 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
01:15:35.0880 0x0be8 NativeWifiP - ok
01:15:35.0898 0x0be8 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
01:15:35.0907 0x0be8 NcaSvc - ok
01:15:35.0915 0x0be8 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
01:15:35.0923 0x0be8 NcbService - ok
01:15:35.0928 0x0be8 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
01:15:35.0936 0x0be8 NcdAutoSetup - ok
01:15:35.0957 0x0be8 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
01:15:35.0988 0x0be8 NDIS - ok
01:15:35.0993 0x0be8 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
01:15:35.0999 0x0be8 NdisCap - ok
01:15:36.0005 0x0be8 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
01:15:36.0014 0x0be8 NdisImPlatform - ok
01:15:36.0018 0x0be8 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:15:36.0024 0x0be8 NdisTapi - ok
01:15:36.0028 0x0be8 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:15:36.0035 0x0be8 Ndisuio - ok
01:15:36.0038 0x0be8 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
01:15:36.0047 0x0be8 NdisVirtualBus - ok
01:15:36.0054 0x0be8 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:15:36.0064 0x0be8 NdisWan - ok
01:15:36.0069 0x0be8 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:15:36.0078 0x0be8 NdisWanLegacy - ok
01:15:36.0093 0x0be8 [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
01:15:36.0100 0x0be8 NDProxy - ok
01:15:36.0105 0x0be8 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
01:15:36.0115 0x0be8 Ndu - ok
01:15:36.0119 0x0be8 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
01:15:36.0127 0x0be8 NetBIOS - ok
01:15:36.0137 0x0be8 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:15:36.0150 0x0be8 NetBT - ok
01:15:36.0153 0x0be8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
01:15:36.0162 0x0be8 Netlogon - ok
01:15:36.0170 0x0be8 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
01:15:36.0183 0x0be8 Netman - ok
01:15:36.0206 0x0be8 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
01:15:36.0222 0x0be8 netprofm - ok
01:15:36.0246 0x0be8 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:15:36.0256 0x0be8 NetTcpPortSharing - ok
01:15:36.0261 0x0be8 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
01:15:36.0270 0x0be8 netvsc - ok
01:15:36.0385 0x0be8 [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64 C:\WINDOWS\system32\DRIVERS\NETwew02.sys
01:15:36.0462 0x0be8 NETwNe64 - ok
01:15:36.0489 0x0be8 [ 02E736F9861F1A6134736CF7473C513F, 7C574A50980885B213EFC0C394AFE613879B669246A4EA5EA6B5F791F7F6F32E ] NitroDriverReadSpool9 C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
01:15:36.0496 0x0be8 NitroDriverReadSpool9 - ok
01:15:36.0507 0x0be8 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
01:15:36.0508 0x0be8 NlaSvc - ok
01:15:36.0552 0x0be8 [ CD2C0C25ECFCF816306126D3C208614B, C0C8B59BDDB349A593DFF5107841EB76618631C867D7C8F234C9ECBD76713CB0 ] nlsX86cc C:\WINDOWS\SysWOW64\NLSSRV32.EXE
01:15:36.0559 0x0be8 nlsX86cc - ok
01:15:36.0565 0x0be8 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:15:36.0573 0x0be8 Npfs - ok
01:15:36.0579 0x0be8 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
01:15:36.0585 0x0be8 npsvctrig - ok
01:15:36.0589 0x0be8 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
01:15:36.0599 0x0be8 nsi - ok
01:15:36.0611 0x0be8 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
01:15:36.0618 0x0be8 nsiproxy - ok
01:15:36.0689 0x0be8 [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
01:15:36.0740 0x0be8 Ntfs - ok
01:15:36.0745 0x0be8 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
01:15:36.0752 0x0be8 Null - ok
01:15:37.0043 0x0be8 [ 489689B316ACA5A122322BE417E20009, 62B9385910548A91E859F5D0882591D18266EA25D5DD10E4D8837685A2B367E9 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
01:15:37.0228 0x0be8 nvlddmkm - ok
01:15:37.0279 0x0be8 [ 6F5D2728019DCE7BFF3BAC1885CC0449, D62ECFE384361F04E6AF446CBB8CF64A58556AEFC0E04204F81073B016960EB8 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
01:15:37.0312 0x0be8 NvNetworkService - ok
01:15:37.0326 0x0be8 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
01:15:37.0336 0x0be8 nvraid - ok
01:15:37.0342 0x0be8 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
01:15:37.0351 0x0be8 nvstor - ok
01:15:37.0763 0x0be8 [ F9C2484E42EDB56E1FFE8378DA3AA778, FB200D950A3BC92B5207A31E9B8255F1DA3989F2DEA160FB653AD1D283FFBFC4 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
01:15:38.0016 0x0be8 NvStreamSvc - ok
01:15:38.0063 0x0be8 [ 5B8394D2A5981F1468D2FC7085C5F6AB, EB1B94F9ECF43EB64FE9DC8F2AC90376F8704602025740717A69356816C85157 ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
01:15:38.0081 0x0be8 nvsvc - ok
01:15:38.0096 0x0be8 [ 939C0FAE9CC0CDD69E6508BDE4C11FE5, 1E82FF4A8797A0EC5DF0E54DE7F358542C73FFFBECADDF86ED66839182E3B55D ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
01:15:38.0096 0x0be8 nvvad_WaveExtensible - ok
01:15:38.0119 0x0be8 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
01:15:38.0128 0x0be8 nv_agp - ok
01:15:38.0152 0x0be8 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:15:38.0160 0x0be8 ose - ok
01:15:38.0171 0x0be8 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
01:15:38.0185 0x0be8 p2pimsvc - ok
01:15:38.0197 0x0be8 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
01:15:38.0212 0x0be8 p2psvc - ok
01:15:38.0217 0x0be8 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
01:15:38.0226 0x0be8 Parport - ok
01:15:38.0232 0x0be8 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
01:15:38.0239 0x0be8 partmgr - ok
01:15:38.0267 0x0be8 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
01:15:38.0285 0x0be8 PcaSvc - ok
01:15:38.0297 0x0be8 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
01:15:38.0308 0x0be8 pci - ok
01:15:38.0313 0x0be8 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
01:15:38.0319 0x0be8 pciide - ok
01:15:38.0325 0x0be8 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
01:15:38.0333 0x0be8 pcmcia - ok
01:15:38.0337 0x0be8 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
01:15:38.0345 0x0be8 pcw - ok
01:15:38.0351 0x0be8 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
01:15:38.0358 0x0be8 pdc - ok
01:15:38.0383 0x0be8 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
01:15:38.0400 0x0be8 PEAUTH - ok
01:15:38.0405 0x0be8 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
01:15:38.0412 0x0be8 PerfHost - ok
01:15:38.0448 0x0be8 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
01:15:38.0480 0x0be8 pla - ok
01:15:38.0486 0x0be8 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
01:15:38.0496 0x0be8 PlugPlay - ok
01:15:38.0499 0x0be8 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
01:15:38.0506 0x0be8 PNRPAutoReg - ok
01:15:38.0516 0x0be8 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
01:15:38.0530 0x0be8 PNRPsvc - ok
01:15:38.0545 0x0be8 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
01:15:38.0561 0x0be8 PolicyAgent - ok
01:15:38.0567 0x0be8 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
01:15:38.0575 0x0be8 Power - ok
01:15:38.0683 0x0be8 [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
01:15:38.0742 0x0be8 PrintNotify - ok
01:15:38.0752 0x0be8 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
01:15:38.0760 0x0be8 Processor - ok
01:15:38.0768 0x0be8 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
01:15:38.0780 0x0be8 ProfSvc - ok
01:15:38.0787 0x0be8 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
01:15:38.0797 0x0be8 Psched - ok
01:15:38.0806 0x0be8 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
01:15:38.0818 0x0be8 QWAVE - ok
01:15:38.0823 0x0be8 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
01:15:38.0830 0x0be8 QWAVEdrv - ok
01:15:38.0834 0x0be8 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:15:38.0840 0x0be8 RasAcd - ok
01:15:38.0846 0x0be8 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:15:38.0854 0x0be8 RasAuto - ok
01:15:38.0875 0x0be8 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
01:15:38.0890 0x0be8 RasMan - ok
01:15:38.0896 0x0be8 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:15:38.0905 0x0be8 RasPppoe - ok
01:15:38.0917 0x0be8 [ D67ED4AB59D1EF66B05AD1A81AC28B26, 72E750A9A6B484D8BEDE52FA6DABEF4D95765DE491152E1F6C856D0590B50C28 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:15:38.0930 0x0be8 rdbss - ok
01:15:38.0934 0x0be8 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
01:15:38.0941 0x0be8 rdpbus - ok
01:15:38.0949 0x0be8 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
01:15:38.0959 0x0be8 RDPDR - ok
01:15:38.0965 0x0be8 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
01:15:38.0971 0x0be8 RdpVideoMiniport - ok
01:15:38.0979 0x0be8 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
01:15:38.0989 0x0be8 rdyboost - ok
01:15:39.0025 0x0be8 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
01:15:39.0051 0x0be8 ReFS - ok
01:15:39.0059 0x0be8 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:15:39.0069 0x0be8 RemoteAccess - ok
01:15:39.0076 0x0be8 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
01:15:39.0085 0x0be8 RemoteRegistry - ok
01:15:39.0097 0x0be8 [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
01:15:39.0108 0x0be8 RichVideo64 - ok
01:15:39.0113 0x0be8 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
01:15:39.0122 0x0be8 RpcEptMapper - ok
01:15:39.0126 0x0be8 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
01:15:39.0132 0x0be8 RpcLocator - ok
01:15:39.0152 0x0be8 [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] RpcSs C:\WINDOWS\system32\rpcss.dll
01:15:39.0173 0x0be8 RpcSs - ok
01:15:39.0179 0x0be8 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
01:15:39.0189 0x0be8 rspndr - ok
01:15:39.0192 0x0be8 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
01:15:39.0199 0x0be8 s3cap - ok
01:15:39.0203 0x0be8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
01:15:39.0211 0x0be8 SamSs - ok
01:15:39.0217 0x0be8 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
01:15:39.0226 0x0be8 sbp2port - ok
01:15:39.0234 0x0be8 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
01:15:39.0246 0x0be8 SCardSvr - ok
01:15:39.0251 0x0be8 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
01:15:39.0262 0x0be8 ScDeviceEnum - ok
01:15:39.0265 0x0be8 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
01:15:39.0272 0x0be8 scfilter - ok
01:15:39.0304 0x0be8 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:15:39.0339 0x0be8 Schedule - ok
01:15:39.0349 0x0be8 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
01:15:39.0359 0x0be8 SCPolicySvc - ok
01:15:39.0377 0x0be8 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
01:15:39.0387 0x0be8 sdbus - ok
01:15:39.0392 0x0be8 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
01:15:39.0402 0x0be8 sdstor - ok
01:15:39.0405 0x0be8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
01:15:39.0412 0x0be8 secdrv - ok
01:15:39.0416 0x0be8 [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\WINDOWS\system32\seclogon.dll
01:15:39.0425 0x0be8 seclogon - ok
01:15:39.0439 0x0be8 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
01:15:39.0449 0x0be8 SENS - ok
01:15:39.0457 0x0be8 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
01:15:39.0467 0x0be8 SensrSvc - ok
01:15:39.0481 0x0be8 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
01:15:39.0488 0x0be8 SerCx - ok
01:15:39.0501 0x0be8 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
01:15:39.0510 0x0be8 SerCx2 - ok
01:15:39.0513 0x0be8 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
01:15:39.0520 0x0be8 Serenum - ok
01:15:39.0525 0x0be8 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
01:15:39.0534 0x0be8 Serial - ok
01:15:39.0537 0x0be8 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
01:15:39.0544 0x0be8 sermouse - ok
01:15:39.0557 0x0be8 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
01:15:39.0570 0x0be8 SessionEnv - ok
01:15:39.0574 0x0be8 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
01:15:39.0581 0x0be8 sfloppy - ok
01:15:39.0592 0x0be8 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
01:15:39.0606 0x0be8 SharedAccess - ok
01:15:39.0623 0x0be8 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:15:39.0642 0x0be8 ShellHWDetection - ok
01:15:39.0646 0x0be8 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
01:15:39.0652 0x0be8 SiSRaid2 - ok
01:15:39.0657 0x0be8 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
01:15:39.0665 0x0be8 SiSRaid4 - ok
01:15:39.0669 0x0be8 [ 2458D9FA17F51A458463CF0A4D3FC238, 9CB160C391C24229FF068A56E6B0AD7869FBDAF254B9B30497FAE3443AC19FC3 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
01:15:39.0674 0x0be8 SmbDrvI - ok
01:15:39.0678 0x0be8 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
01:15:39.0685 0x0be8 smphost - ok
01:15:39.0690 0x0be8 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
01:15:39.0698 0x0be8 SNMPTRAP - ok
01:15:39.0708 0x0be8 [ B45AE0970B2D66CCE756DE6989E23EEC, 8393CF2DC4F65CD48D4D7B3C8C2D29E26728593B652D6CEAB65B50AEDA0884B7 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
01:15:39.0727 0x0be8 spaceport - ok
01:15:39.0744 0x0be8 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
01:15:39.0751 0x0be8 SpbCx - ok
01:15:39.0770 0x0be8 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\WINDOWS\System32\spoolsv.exe
01:15:39.0792 0x0be8 Spooler - ok
01:15:39.0958 0x0be8 [ 46549AF7CB672BC8138264CC4100E9F8, 6434249FADB07A033FD40C37DF2B775CF0617CF0C3E7C170F2984BD3CE423794 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
01:15:40.0094 0x0be8 sppsvc - ok
01:15:40.0110 0x0be8 [ 8003E034E3EA0E29DA54215A770FC27C, 28AB1FDEA372D33540A26DAE413A10336409D33B91F51DC0AE144D451022A2A7 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:15:40.0123 0x0be8 srv - ok
01:15:40.0140 0x0be8 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
01:15:40.0158 0x0be8 srv2 - ok
01:15:40.0166 0x0be8 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
01:15:40.0176 0x0be8 srvnet - ok
01:15:40.0184 0x0be8 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:15:40.0195 0x0be8 SSDPSRV - ok
01:15:40.0201 0x0be8 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
01:15:40.0207 0x0be8 SstpSvc - ok
01:15:40.0207 0x0be8 [ 9F32B689FFC8F454D6086FC125001F84, C000811E9032F2607ECE62632921E71B92A4FF832856D59E74D95089699D8447 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
01:15:40.0231 0x0be8 STacSV - detected UnsignedFile.Multi.Generic ( 1 )
01:15:42.0573 0x0be8 Detect skipped due to KSN trusted
01:15:42.0573 0x0be8 STacSV - ok
01:15:42.0573 0x0be8 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
01:15:42.0589 0x0be8 stexstor - ok
01:15:42.0622 0x0be8 [ F4C2C83BAFEBABA3B934A934D3C7186B, C6C7AD8B511E710A3F4B96238ED8F11E34779E4B7F213C1FEC81FEE11D9FC505 ] STHDA C:\WINDOWS\system32\DRIVERS\stwrt64.sys
01:15:42.0639 0x0be8 STHDA - ok
01:15:42.0657 0x0be8 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
01:15:42.0675 0x0be8 stisvc - ok
01:15:42.0680 0x0be8 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
01:15:42.0687 0x0be8 storahci - ok
01:15:42.0692 0x0be8 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
01:15:42.0699 0x0be8 storflt - ok
01:15:42.0703 0x0be8 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
01:15:42.0710 0x0be8 stornvme - ok
01:15:42.0714 0x0be8 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
01:15:42.0721 0x0be8 StorSvc - ok
01:15:42.0724 0x0be8 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
01:15:42.0731 0x0be8 storvsc - ok
01:15:42.0735 0x0be8 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
01:15:42.0742 0x0be8 svsvc - ok
01:15:42.0746 0x0be8 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
01:15:42.0752 0x0be8 swenum - ok
01:15:42.0768 0x0be8 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
01:15:42.0787 0x0be8 swprv - ok
01:15:42.0802 0x0be8 [ ECC3E50A419EABCE700D3E956495E08C, FBC8E365BE88D37553E0C670984CAE0F3FE0A51B5EDBF627315F6FEBF23BBFC1 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
01:15:42.0807 0x0be8 SynTP - ok
01:15:42.0842 0x0be8 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
01:15:42.0869 0x0be8 SysMain - ok
01:15:42.0880 0x0be8 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
01:15:42.0890 0x0be8 SystemEventsBroker - ok
01:15:42.0890 0x0be8 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
01:15:42.0906 0x0be8 TabletInputService - ok
01:15:42.0922 0x0be8 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:15:42.0937 0x0be8 TapiSrv - ok
01:15:42.0996 0x0be8 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
01:15:43.0039 0x0be8 Tcpip - ok
01:15:43.0092 0x0be8 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:15:43.0139 0x0be8 TCPIP6 - ok
01:15:43.0139 0x0be8 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
01:15:43.0155 0x0be8 tcpipreg - ok
01:15:43.0155 0x0be8 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
01:15:43.0171 0x0be8 tdx - ok
01:15:43.0171 0x0be8 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
01:15:43.0187 0x0be8 terminpt - ok
01:15:43.0219 0x0be8 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
01:15:43.0239 0x0be8 TermService - ok
01:15:43.0239 0x0be8 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
01:15:43.0255 0x0be8 Themes - ok
01:15:43.0255 0x0be8 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
01:15:43.0255 0x0be8 THREADORDER - ok
01:15:43.0270 0x0be8 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
01:15:43.0286 0x0be8 TimeBroker - ok
01:15:43.0286 0x0be8 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
01:15:43.0302 0x0be8 TPM - ok
01:15:43.0302 0x0be8 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
01:15:43.0317 0x0be8 TrkWks - ok
01:15:43.0317 0x0be8 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
01:15:43.0333 0x0be8 TrustedInstaller - ok
01:15:43.0333 0x0be8 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
01:15:43.0333 0x0be8 TsUsbFlt - ok
01:15:43.0349 0x0be8 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
01:15:43.0349 0x0be8 TsUsbGD - ok
01:15:43.0364 0x0be8 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
01:15:43.0364 0x0be8 tunnel - ok
01:15:43.0384 0x0be8 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
01:15:43.0391 0x0be8 uagp35 - ok
01:15:43.0397 0x0be8 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
01:15:43.0404 0x0be8 UASPStor - ok
01:15:43.0422 0x0be8 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
01:15:43.0422 0x0be8 UCX01000 - ok
01:15:43.0454 0x0be8 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
01:15:43.0454 0x0be8 udfs - ok
01:15:43.0469 0x0be8 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
01:15:43.0469 0x0be8 UEFI - ok
01:15:43.0469 0x0be8 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
01:15:43.0489 0x0be8 UI0Detect - ok
01:15:43.0507 0x0be8 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
01:15:43.0514 0x0be8 uliagpkx - ok
01:15:43.0518 0x0be8 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
01:15:43.0523 0x0be8 umbus - ok
01:15:43.0523 0x0be8 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
01:15:43.0523 0x0be8 UmPass - ok
01:15:43.0539 0x0be8 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
01:15:43.0555 0x0be8 UmRdpService - ok
01:15:43.0555 0x0be8 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
01:15:43.0570 0x0be8 upnphost - ok
01:15:43.0586 0x0be8 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
01:15:43.0586 0x0be8 usbccgp - ok
01:15:43.0602 0x0be8 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
01:15:43.0602 0x0be8 usbcir - ok
01:15:43.0602 0x0be8 [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
01:15:43.0617 0x0be8 usbehci - ok
01:15:43.0633 0x0be8 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
01:15:43.0648 0x0be8 usbhub - ok
01:15:43.0664 0x0be8 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
01:15:43.0680 0x0be8 USBHUB3 - ok
01:15:43.0680 0x0be8 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
01:15:43.0680 0x0be8 usbohci - ok
01:15:43.0695 0x0be8 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
01:15:43.0695 0x0be8 usbprint - ok
01:15:43.0695 0x0be8 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\WINDOWS\System32\drivers\usbscan.sys
01:15:43.0711 0x0be8 usbscan - ok
01:15:43.0711 0x0be8 [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
01:15:43.0727 0x0be8 USBSTOR - ok
01:15:43.0727 0x0be8 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
01:15:43.0742 0x0be8 usbuhci - ok
01:15:43.0742 0x0be8 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
01:15:43.0758 0x0be8 usbvideo - ok
01:15:43.0758 0x0be8 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
01:15:43.0773 0x0be8 USBXHCI - ok
01:15:43.0773 0x0be8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
01:15:43.0789 0x0be8 VaultSvc - ok
01:15:43.0801 0x0be8 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
01:15:43.0809 0x0be8 vdrvroot - ok
01:15:43.0840 0x0be8 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
01:15:43.0872 0x0be8 vds - ok
01:15:43.0872 0x0be8 [ F7579733F4E8FF9B534C3F7D38F25C2C, 449FED49F2178D2A8000549B180606D050751762F53E600C13CFBEC91601DE87 ] VeriFaceSrv C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
01:15:43.0887 0x0be8 VeriFaceSrv - ok
01:15:43.0887 0x0be8 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
01:15:43.0903 0x0be8 VerifierExt - ok
01:15:43.0918 0x0be8 [ 5DB4AFA10A488EC4DDB3DA09B0425BE5, 480AFB6A6BCC95E86C5087C3D9DCD6058D48659A5A63F524A0B9ED3A8FEF6B9B ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
01:15:43.0934 0x0be8 vhdmp - ok
01:15:43.0934 0x0be8 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
01:15:43.0934 0x0be8 viaide - ok
01:15:43.0965 0x0be8 [ 231DE833E5BEE3AA9FFCCFFD0327D82D, FCB752DF5EC1AA5E20AA92E895CC41397E00BD0AE1283F4883070C902135D3B7 ] vm331avs C:\WINDOWS\System32\Drivers\vm331avs.sys
01:15:43.0981 0x0be8 vm331avs - ok
01:15:43.0997 0x0be8 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
01:15:44.0012 0x0be8 vmbus - ok
01:15:44.0012 0x0be8 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
01:15:44.0012 0x0be8 VMBusHID - ok
01:15:44.0028 0x0be8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
01:15:44.0043 0x0be8 vmicguestinterface - ok
01:15:44.0059 0x0be8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
01:15:44.0075 0x0be8 vmicheartbeat - ok
01:15:44.0090 0x0be8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
01:15:44.0106 0x0be8 vmickvpexchange - ok
01:15:44.0106 0x0be8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
01:15:44.0122 0x0be8 vmicrdv - ok
01:15:44.0137 0x0be8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
01:15:44.0153 0x0be8 vmicshutdown - ok
01:15:44.0168 0x0be8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
01:15:44.0168 0x0be8 vmictimesync - ok
01:15:44.0184 0x0be8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
01:15:44.0200 0x0be8 vmicvss - ok
01:15:44.0215 0x0be8 [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
01:15:44.0235 0x0be8 volmgr - ok
01:15:44.0246 0x0be8 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
01:15:44.0259 0x0be8 volmgrx - ok
01:15:44.0269 0x0be8 [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
01:15:44.0281 0x0be8 volsnap - ok
01:15:44.0287 0x0be8 [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
01:15:44.0294 0x0be8 vpci - ok
01:15:44.0301 0x0be8 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
01:15:44.0310 0x0be8 vsmraid - ok
01:15:44.0343 0x0be8 [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS C:\WINDOWS\system32\vssvc.exe
01:15:44.0374 0x0be8 VSS - ok
01:15:44.0394 0x0be8 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
01:15:44.0406 0x0be8 VSTXRAID - ok
01:15:44.0408 0x0be8 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
01:15:44.0408 0x0be8 vwifibus - ok
01:15:44.0408 0x0be8 [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
01:15:44.0430 0x0be8 vwififlt - ok
01:15:44.0433 0x0be8 [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
01:15:44.0442 0x0be8 vwifimp - ok
01:15:44.0454 0x0be8 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
01:15:44.0467 0x0be8 W32Time - ok
01:15:44.0471 0x0be8 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
01:15:44.0478 0x0be8 WacomPen - ok
01:15:44.0507 0x0be8 [ 139D842E5FB75A1E2F0212FBD7B0E457, F29F73B56865C5EBBE89B8F92AEFE2DB19E5C29A94D2E006A23243C23A41AE79 ] wbengine C:\WINDOWS\system32\wbengine.exe
01:15:44.0552 0x0be8 wbengine - ok
01:15:44.0580 0x0be8 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
01:15:44.0595 0x0be8 WbioSrvc - ok
01:15:44.0605 0x0be8 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
01:15:44.0618 0x0be8 Wcmsvc - ok
01:15:44.0631 0x0be8 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
01:15:44.0646 0x0be8 wcncsvc - ok
01:15:44.0650 0x0be8 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
01:15:44.0663 0x0be8 WcsPlugInService - ok
01:15:44.0672 0x0be8 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
01:15:44.0681 0x0be8 WdBoot - ok
01:15:44.0701 0x0be8 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
01:15:44.0720 0x0be8 Wdf01000 - ok
01:15:44.0730 0x0be8 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
01:15:44.0741 0x0be8 WdFilter - ok
01:15:44.0757 0x0be8 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
01:15:44.0767 0x0be8 WdiServiceHost - ok
01:15:44.0769 0x0be8 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
01:15:44.0780 0x0be8 WdiSystemHost - ok
01:15:44.0785 0x0be8 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
01:15:44.0793 0x0be8 WdNisDrv - ok
01:15:44.0796 0x0be8 WdNisSvc - ok
01:15:44.0804 0x0be8 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\WINDOWS\System32\webclnt.dll
01:15:44.0815 0x0be8 WebClient - ok
01:15:44.0823 0x0be8 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
01:15:44.0834 0x0be8 Wecsvc - ok
01:15:44.0838 0x0be8 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
01:15:44.0846 0x0be8 WEPHOSTSVC - ok
01:15:44.0851 0x0be8 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
01:15:44.0861 0x0be8 wercplsupport - ok
01:15:44.0866 0x0be8 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
01:15:44.0876 0x0be8 WerSvc - ok
01:15:44.0881 0x0be8 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
01:15:44.0891 0x0be8 WFPLWFS - ok
01:15:44.0905 0x0be8 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
01:15:44.0914 0x0be8 WiaRpc - ok
01:15:44.0930 0x0be8 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
01:15:44.0937 0x0be8 WIMMount - ok
01:15:44.0939 0x0be8 WinDefend - ok
01:15:44.0961 0x0be8 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
01:15:44.0981 0x0be8 WinHttpAutoProxySvc - ok
01:15:45.0007 0x0be8 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:15:45.0007 0x0be8 Winmgmt - ok
01:15:45.0083 0x0be8 [ 427873F889F2F508BE8BE982219CE578, CA8DCFB774BF0F747295A7A0CB46A6177DE12AD6BD58266182206C41A3C9001E ] WinRM C:\WINDOWS\system32\WsmSvc.dll
01:15:45.0134 0x0be8 WinRM - ok
01:15:45.0172 0x0be8 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
01:15:45.0204 0x0be8 WlanSvc - ok
01:15:45.0255 0x0be8 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
01:15:45.0289 0x0be8 wlidsvc - ok
01:15:45.0293 0x0be8 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
01:15:45.0300 0x0be8 WmiAcpi - ok
01:15:45.0307 0x0be8 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
01:15:45.0307 0x0be8 wmiApSrv - ok
01:15:45.0307 0x0be8 WMPNetworkSvc - ok
01:15:45.0341 0x0be8 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
01:15:45.0350 0x0be8 Wof - ok
01:15:45.0387 0x0be8 [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
01:15:45.0420 0x0be8 workfolderssvc - ok
01:15:45.0427 0x0be8 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
01:15:45.0434 0x0be8 wpcfltr - ok
01:15:45.0437 0x0be8 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
01:15:45.0445 0x0be8 WPCSvc - ok
01:15:45.0450 0x0be8 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
01:15:45.0459 0x0be8 WPDBusEnum - ok
01:15:45.0462 0x0be8 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
01:15:45.0469 0x0be8 WpdUpFltr - ok
01:15:45.0472 0x0be8 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
01:15:45.0481 0x0be8 ws2ifsl - ok
01:15:45.0486 0x0be8 [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc C:\WINDOWS\System32\wscsvc.dll
01:15:45.0496 0x0be8 wscsvc - ok
01:15:45.0499 0x0be8 WSearch - ok
01:15:45.0592 0x0be8 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
01:15:45.0667 0x0be8 WSService - ok
01:15:45.0675 0x0be8 [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd C:\WINDOWS\system32\DRIVERS\wsvd.sys
01:15:45.0681 0x0be8 wsvd - ok
01:15:45.0776 0x0be8 [ 020F47C655ED1F63BBA834AA53575D5C, 7E36BB83B937CEA8B5D1EAF1DF63D32D64CA8045DA377DF5237D2F4DC16574CC ] wuauserv C:\WINDOWS\system32\wuaueng.dll
01:15:45.0843 0x0be8 wuauserv - ok
01:15:45.0865 0x0be8 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
01:15:45.0873 0x0be8 WudfPf - ok
01:15:45.0882 0x0be8 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
01:15:45.0891 0x0be8 WUDFRd - ok
01:15:45.0896 0x0be8 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
01:15:45.0905 0x0be8 wudfsvc - ok
01:15:45.0911 0x0be8 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
01:15:45.0921 0x0be8 WUDFWpdFs - ok
01:15:45.0948 0x0be8 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
01:15:45.0964 0x0be8 WwanSvc - ok
01:15:45.0970 0x0be8 ================ Scan global ===============================
01:15:45.0981 0x0be8 [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\WINDOWS\system32\basesrv.dll
01:15:45.0989 0x0be8 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
01:15:45.0996 0x0be8 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
01:15:46.0016 0x0be8 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
01:15:46.0023 0x0be8 [ Global ] - ok
01:15:46.0023 0x0be8 ================ Scan MBR ==================================
01:15:46.0025 0x0be8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
01:15:46.0090 0x0be8 \Device\Harddisk0\DR0 - ok
01:15:46.0091 0x0be8 ================ Scan VBR ==================================
01:15:46.0092 0x0be8 [ FF19CD6B0B40ECB931DDAF4BA4F377EA ] \Device\Harddisk0\DR0\Partition1
01:15:46.0108 0x0be8 \Device\Harddisk0\DR0\Partition1 - ok
01:15:46.0110 0x0be8 [ 5A607C982DDFB435332C29DEF7769D9D ] \Device\Harddisk0\DR0\Partition2
01:15:46.0117 0x0be8 \Device\Harddisk0\DR0\Partition2 - ok
01:15:46.0129 0x0be8 [ BD89DFEB3DAFB797BC8AF0962115D597 ] \Device\Harddisk0\DR0\Partition3
01:15:46.0137 0x0be8 \Device\Harddisk0\DR0\Partition3 - ok
01:15:46.0137 0x0be8 [ 5D14BFFB51A238D3EBA2523AFA9B1649 ] \Device\Harddisk0\DR0\Partition4
01:15:46.0138 0x0be8 \Device\Harddisk0\DR0\Partition4 - ok
01:15:46.0139 0x0be8 [ 87771D2A14A789DDB24FCEA780D63878 ] \Device\Harddisk0\DR0\Partition5
01:15:46.0154 0x0be8 \Device\Harddisk0\DR0\Partition5 - ok
01:15:46.0154 0x0be8 [ 50F9BB26C5E53F3E8FA18F4BA5DF8EF2 ] \Device\Harddisk0\DR0\Partition6
01:15:46.0156 0x0be8 \Device\Harddisk0\DR0\Partition6 - ok
01:15:46.0157 0x0be8 [ 1E67732259355B5EDE557AF08CB53162 ] \Device\Harddisk0\DR0\Partition7
01:15:46.0160 0x0be8 \Device\Harddisk0\DR0\Partition7 - ok
01:15:46.0160 0x0be8 ================ Scan generic autorun ======================
01:15:46.0179 0x0be8 [ 75FBFC49CE8A7EF087AB450145C093C1, 9682D832BFA8054D32A6C977CE3EF2B376EDDCBD9D722703029690203EA0061F ] C:\WINDOWS\system32\igfxtray.exe
01:15:46.0191 0x0be8 IgfxTray - ok
01:15:46.0192 0x0be8 HotKeysCmds - ok
01:15:46.0193 0x0be8 Persistence - ok
01:15:46.0247 0x0be8 [ EE316C8D7C1B99412F2C8F1C64268182, F297F1AB3493FE73B40A3B3F9B20612C33E4F155D35B18CAB4256FB6E62C320A ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
01:15:46.0285 0x0be8 NvBackend - ok
01:15:46.0298 0x0be8 [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\WINDOWS\system32\rundll32.exe
01:15:46.0306 0x0be8 ShadowPlay - ok
01:15:46.0310 0x0be8 [ 37F0C08BFCEDF218A43C84B2447AACB1, 895C1EAF1BC4C7CB4AA803D19A422E8CC59FDC07FAC1A78E5FCC03C31D4AFB84 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
01:15:46.0312 0x0be8 IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
01:15:48.0655 0x0be8 Detect skipped due to KSN trusted
01:15:48.0655 0x0be8 IAStorIcon - ok
01:15:48.0754 0x0be8 [ 0B27419E1FF4F326D07FF1D6EBAD20E8, FF3DD255B99676B4AC0EE1F32BBBF9B601392F37A54B62EB704F0060248F7D35 ] C:\Program Files\IDT\WDM\sttray64.exe
01:15:48.0796 0x0be8 SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
01:15:51.0133 0x0be8 Detect skipped due to KSN trusted
01:15:51.0133 0x0be8 SysTrayApp - ok
01:15:51.0135 0x0be8 SynTPEnh - ok
01:15:51.0281 0x0be8 [ E7C8E8D71978722E1D3C4D6FBC7D98C0, C45B79FCAA1D3D25DD50A525CE26D1469E4C6183E117DDD7950B57BBAB31E8D9 ] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
01:15:51.0348 0x0be8 OnekeyStudio - ok
01:15:51.0755 0x0be8 [ 8AFBDD458A6CBBC5654D959C03C2A87A, D27889AEA72F316A2FBAF06AAF3D94B823875D6108E12CAF7B76B3293C22D1CD ] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
01:15:52.0002 0x0be8 Energy Manager - ok
01:15:52.0008 0x0be8 [ F0627CE818DA58BAE771DCD4669FA343, 070CE17C9DAC01CC5AE465DFA3FDD8A44ABF97AC8101ED238C96668027B6F10B ] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
01:15:52.0008 0x0be8 Lenovo Utility - ok
01:15:52.0025 0x0be8 [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\Windows\system32\rundll32.exe
01:15:52.0034 0x0be8 Logitech Download Assistant - ok
01:15:52.0054 0x0be8 [ 8F83160C43C61FC6775391B46B7C16BF, 648588126B2CD0B9F50F478BF4F7474137D1285061A3B22B56C1CB5B4FD3C3BF ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
01:15:52.0061 0x0be8 UpdateP2GShortCut - ok
01:15:52.0073 0x0be8 [ FA6220C7FDF2D94CFF82D45B72E5C929, C3E414388F8818EC4B3BEABC8ED16DE6CBF965A6603328A45AD6D9A1808F3E55 ] C:\Program Files (x86)\USB Camera\VM331STI.EXE
01:15:52.0087 0x0be8 331BigDog - ok
01:15:52.0155 0x0be8 [ E91BD985B61AFCE072217D7AEBA599A8, 2B0AD1FF5103330B18699130001EDB27EB3B9C4D7937FC69D742D8CC936974F4 ] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
01:15:52.0206 0x0be8 Malwarebytes Anti-Exploit - ok
01:15:52.0206 0x0be8 Waiting for KSN requests completion. In queue: 133
01:15:53.0224 0x0be8 Waiting for KSN requests completion. In queue: 6
01:15:54.0225 0x0be8 Waiting for KSN requests completion. In queue: 6
01:15:55.0306 0x0be8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x61100 ( enabled : updated )
01:15:55.0326 0x0be8 Win FW state via NFP2: enabled ( trusted )
01:15:57.0687 0x0be8 ============================================================
01:15:57.0687 0x0be8 Scan finished
01:15:57.0687 0x0be8 ============================================================
01:15:57.0707 0x0a70 Detected object count: 0
01:15:57.0707 0x0a70 Actual detected object count: 0
|
|
08.06.2016, 08:49
| #5 |
| /// Malwareteam | Yahoo Targo12 Probleme hm ja - wie oft kommt diese Beobachtung bei den Besuchen auf yahoo ? Fast jedes Mal? Machen wir erstmal den Standard weiter - wenn das nicht hilft, können wir ja komplizierter werden  Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen. Bitte poste in deiner nächsten Antwort also:
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~  Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
08.06.2016, 09:54
| #6 |
| | Yahoo Targo12 Probleme OK Rafael - es sind im Moment mindestens 8 weitere Problem der gleichen Art in Bearbeitung. Es muss sich also um ein generelles Problem handeln. Nach Durchsicht dieser Threads gibt es bisher keine klaren Funde bzw keine Ursachenerklärung :-(( Hier also die Logs - zunächst der ADWCleaner Report: Code:
ATTFilter # AdwCleaner v5.119 - Bericht erstellt am 08/06/2016 um 10:19:28
# Aktualisiert am 30/05/2016 von Xplode
# Datenbank : 2016-06-07.1 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : KH - DABLUES
# Gestartet von : C:\Users\KH\Downloads\File Pony\adwcleaner_5.119.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1122 Bytes] - [07/06/2016 18:01:09]
C:\AdwCleaner\AdwCleaner[C2].txt - [972 Bytes] - [08/06/2016 10:19:28]
C:\AdwCleaner\AdwCleaner[S1].txt - [825 Bytes] - [07/06/2016 18:00:09]
C:\AdwCleaner\AdwCleaner[S2].txt - [970 Bytes] - [08/06/2016 10:18:32]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1188 Bytes] ##########
Und hier MBAM.TXT: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 08.06.2016 Suchlaufzeit: 10:33 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.06.08.02 Rootkit-Datenbank: v2016.05.27.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: KH Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 283586 Abgelaufene Zeit: 10 Min., 46 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Hier FRST Log: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2016 durchgeführt von KH (Administrator) auf DABLUES (08-06-2016 10:50:23) Gestartet von C:\Users\KH\Downloads\File Pony Geladene Profile: KH (Verfügbare Profile: KH) Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [404376 2015-08-09] () HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated) HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-08-25] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-08-25] (Lenovo(beijing) Limited) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-29] (Microsoft Corporation) Startup: C:\Users\KH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-06-01] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 80.69.100.205 80.69.100.213 Tcpip\..\Interfaces\{C1E05A86-E0DC-4E9A-8999-ABD047D14675}: [DhcpNameServer] 80.69.100.205 80.69.100.213 Internet Explorer: ================== HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?pc=UE07&ocid=UE07DHP SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4278822728-3545199388-2729823056-1001 -> DefaultScope {04F3434D-A396-4E75-A569-C36DBE04CCC2} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-31] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\KH\AppData\Roaming\Mozilla\Firefox\Profiles\JNv6vNnE.default FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-31] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\KH\AppData\Roaming\Mozilla\Firefox\Profiles\JNv6vNnE.default\Extensions\abs@avira.com [2016-06-02] Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.de/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-01] CHR Extension: (Google Docs) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-01] CHR Extension: (Google Drive) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Sheets) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-01] CHR Extension: (Google Docs Offline) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Gmail) - C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-01] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] () R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [Datei ist nicht signiert] R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-08-25] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] () R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-08] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-08 01:13 - 2016-06-08 01:47 - 00221108 _____ C:\TDSSKiller.3.1.0.9_08.06.2016_01.13.32_log.txt 2016-06-07 18:10 - 2016-06-08 10:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-06-07 18:09 - 2016-06-08 10:46 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-06-07 18:09 - 2016-06-08 10:32 - 00001129 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-06-07 18:09 - 2016-06-08 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-06-07 18:09 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-06-07 18:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-06-07 18:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-06-07 17:58 - 2016-06-08 10:19 - 00000000 ____D C:\AdwCleaner 2016-06-06 22:58 - 2016-06-06 23:02 - 00441490 _____ C:\TDSSKiller.3.1.0.9_06.06.2016_22.58.47_log.txt 2016-06-06 22:55 - 2016-06-06 22:55 - 00000000 ____D C:\Users\KH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2016-06-06 20:49 - 2016-06-07 09:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-06-06 20:49 - 2016-06-06 20:49 - 00002078 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-06-06 19:58 - 2016-06-06 19:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-06-06 19:51 - 2016-06-08 10:21 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-06-06 00:07 - 2016-06-08 10:50 - 00000000 ____D C:\FRST 2016-06-05 21:56 - 2016-06-07 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-06-05 21:53 - 2016-06-07 17:39 - 00000000 ____D C:\Users\KH\AppData\Roaming\Avira 2016-06-05 21:41 - 2016-06-05 21:41 - 00000000 ____D C:\Users\KH\AppData\Local\ElevatedDiagnostics 2016-06-05 21:01 - 2016-06-06 22:55 - 00001295 _____ C:\Users\KH\Desktop\Revo Uninstaller.lnk 2016-06-05 21:01 - 2016-06-06 22:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2016-06-05 20:08 - 2016-06-08 01:13 - 00000000 ____D C:\Users\KH\Downloads\File Pony 2016-06-05 18:22 - 2016-06-05 18:22 - 00000000 ____D C:\Program Files (x86)\ESET 2016-06-02 17:35 - 2016-06-02 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-06-02 10:36 - 2016-06-02 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-05-25 20:36 - 2016-05-25 20:36 - 00000000 ____D C:\Users\KH\Downloads\Snapform 2016-05-25 19:57 - 2016-05-25 19:57 - 00000000 ____D C:\Users\KH\AppData\Roaming\Mozilla 2016-05-25 19:50 - 2016-04-22 09:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-05-25 16:22 - 2016-04-14 17:25 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-05-25 16:22 - 2016-04-14 17:11 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-05-25 16:22 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-05-25 16:22 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-05-25 16:22 - 2016-04-10 07:35 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2016-05-25 16:22 - 2016-04-10 00:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll 2016-05-25 16:22 - 2016-04-10 00:14 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Geolocation.dll 2016-05-25 16:22 - 2016-04-10 00:10 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2016-05-25 16:22 - 2016-04-10 00:09 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2016-05-25 16:22 - 2016-04-10 00:02 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll 2016-05-25 16:22 - 2016-04-09 23:59 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll 2016-05-25 16:22 - 2016-04-09 23:59 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll 2016-05-25 16:22 - 2016-04-09 23:56 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2016-05-25 16:22 - 2016-04-09 23:55 - 00881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-05-25 16:22 - 2016-04-09 23:52 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll 2016-05-25 16:22 - 2016-04-07 18:34 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-05-25 16:22 - 2016-04-07 18:06 - 00927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2016-05-25 16:22 - 2016-04-07 17:36 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-05-25 16:22 - 2016-04-06 23:21 - 00114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys 2016-05-25 16:22 - 2016-04-06 20:20 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-05-25 16:22 - 2016-04-06 20:17 - 18825216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-05-25 16:22 - 2016-04-06 19:11 - 07074816 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-05-25 16:22 - 2016-04-06 18:40 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-05-25 16:22 - 2016-04-06 18:25 - 15158272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-05-25 16:22 - 2016-04-06 18:02 - 05269504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-05-25 16:22 - 2016-04-06 17:29 - 05265408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-05-25 16:22 - 2016-04-06 00:37 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys 2016-05-25 16:22 - 2016-04-02 15:58 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll 2016-05-25 16:22 - 2016-04-01 19:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2016-05-25 16:22 - 2016-04-01 19:00 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2016-05-25 16:22 - 2016-04-01 18:53 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2016-05-25 16:22 - 2016-04-01 18:50 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-05-25 16:22 - 2016-04-01 18:42 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2016-05-25 16:22 - 2016-04-01 18:41 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2016-05-25 16:22 - 2016-04-01 18:32 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2016-05-25 16:22 - 2016-03-31 08:53 - 07446360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-05-25 16:22 - 2016-03-31 08:51 - 01134776 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-05-25 16:22 - 2016-03-31 06:36 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-05-25 16:22 - 2016-02-04 18:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll 2016-05-25 16:22 - 2016-02-04 18:49 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2016-05-25 16:22 - 2016-02-04 18:39 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll 2016-05-11 12:34 - 2016-04-22 22:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-05-11 12:34 - 2016-04-22 22:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-05-11 12:34 - 2016-04-22 22:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-05-11 12:34 - 2016-04-22 22:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-05-11 12:34 - 2016-04-22 22:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-05-11 12:34 - 2016-04-22 22:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-05-11 12:34 - 2016-04-22 21:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-05-11 12:34 - 2016-04-22 21:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-05-11 12:34 - 2016-04-22 21:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-05-11 12:34 - 2016-04-22 21:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-05-11 12:34 - 2016-04-22 21:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-05-11 12:34 - 2016-04-22 21:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-05-11 12:34 - 2016-04-22 21:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-05-11 12:34 - 2016-04-22 21:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-05-11 12:34 - 2016-04-22 21:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-05-11 12:34 - 2016-04-22 21:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-05-11 12:34 - 2016-04-22 20:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-05-11 12:34 - 2016-04-22 20:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-05-11 12:34 - 2016-04-22 20:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-05-11 12:34 - 2016-04-22 20:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-05-11 12:34 - 2016-04-22 20:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-05-11 12:34 - 2016-04-22 20:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-05-11 12:34 - 2016-04-22 20:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-05-11 12:34 - 2016-04-22 20:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-05-11 12:34 - 2016-04-22 20:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-05-11 12:34 - 2016-04-22 20:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-05-11 12:34 - 2016-04-22 20:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-05-11 12:34 - 2016-04-22 20:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-05-11 12:34 - 2016-04-22 20:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-05-11 12:34 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-05-11 12:34 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-05-11 12:34 - 2016-04-06 23:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-05-11 12:34 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll 2016-05-11 12:34 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-05-11 12:34 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-05-11 12:34 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-05-11 12:34 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll 2016-05-11 12:34 - 2016-04-06 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-05-11 12:34 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-05-11 12:34 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-05-11 12:34 - 2016-04-06 18:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-05-11 12:34 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-05-11 12:34 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-05-11 12:34 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-05-11 12:33 - 2016-04-11 08:21 - 00074584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2016-05-11 12:33 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-05-11 12:33 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-05-11 12:33 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-05-11 12:33 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-05-11 12:33 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-05-11 12:33 - 2016-04-10 06:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-05-11 12:33 - 2016-04-10 01:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-05-11 12:33 - 2016-04-10 00:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-08 10:37 - 2015-05-31 19:46 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4278822728-3545199388-2729823056-1001 2016-06-08 10:35 - 2015-06-01 11:55 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-08 10:21 - 2015-06-01 11:55 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-08 10:21 - 2015-05-31 20:03 - 00000000 ___DO C:\Users\KH\OneDrive 2016-06-08 10:20 - 2015-06-01 23:17 - 00000000 __SHD C:\Users\KH\IntelGraphicsProfiles 2016-06-08 10:20 - 2014-08-25 07:25 - 00018944 _____ C:\WINDOWS\system32\VfService.trf 2016-06-08 10:20 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-08 09:03 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-06-07 17:43 - 2014-08-25 07:17 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-07 17:39 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2016-06-07 09:43 - 2015-06-01 12:20 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-06-06 20:49 - 2015-06-01 12:22 - 00000000 ____D C:\Users\KH\AppData\Local\Adobe 2016-06-06 20:49 - 2015-06-01 12:19 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-06-05 22:03 - 2014-08-25 15:54 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat 2016-06-05 22:03 - 2014-08-25 15:54 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat 2016-06-05 22:03 - 2014-03-18 11:53 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-05 21:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-06-05 20:46 - 2015-06-01 13:58 - 00000000 ____D C:\Download Programme 2016-06-03 19:04 - 2015-06-01 11:55 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-03 18:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2016-06-03 17:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-02 23:51 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-06-02 23:50 - 2015-06-01 22:20 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-06-02 23:50 - 2015-06-01 22:20 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-06-02 23:29 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-06-02 23:19 - 2015-05-31 20:33 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-06-02 23:06 - 2015-05-31 19:38 - 00000000 ____D C:\Users\KH 2016-06-02 23:03 - 2015-06-01 22:20 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2016-06-02 23:03 - 2014-03-18 11:38 - 00000000 ____D C:\WINDOWS\ShellNew 2016-06-02 23:03 - 2014-03-18 11:38 - 00000000 ____D C:\Program Files\Windows Journal 2016-06-02 23:03 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-06-02 23:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppCompat 2016-06-02 23:03 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-06-02 23:00 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-02 22:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\registration 2016-06-02 22:46 - 2015-06-01 15:11 - 00000000 ____D C:\Users\KH\Me 2016-05-13 19:47 - 2015-06-01 22:23 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-05-11 22:08 - 2015-06-01 22:32 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-05-11 22:08 - 2015-06-01 22:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-11 12:44 - 2013-08-22 16:44 - 00381448 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-05-11 12:42 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(342) 2016-05-11 12:40 - 2015-06-01 20:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-11 12:35 - 2015-06-01 20:43 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-11 11:30 - 2015-06-01 11:55 - 00004106 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 11:30 - 2015-06-01 11:55 - 00003870 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-08-25 06:43 - 2014-08-25 06:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\KH\AppData\Local\Temp\avgnt.exe C:\Users\KH\AppData\Local\Temp\libeay32.dll C:\Users\KH\AppData\Local\Temp\msvcr120.dll C:\Users\KH\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-06-05 12:32 ==================== Ende von FRST.txt ============================ Und FRST Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-06-2016
durchgeführt von KH (2016-06-08 10:50:47)
Gestartet von C:\Users\KH\Downloads\File Pony
Windows 8.1 (Update) (X64) (2015-05-31 17:38:21)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4278822728-3545199388-2729823056-500 - Administrator - Disabled)
Gast (S-1-5-21-4278822728-3545199388-2729823056-501 - Limited - Disabled)
KH (S-1-5-21-4278822728-3545199388-2729823056-1001 - Administrator - Enabled) => C:\Users\KH
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.79 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.829.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 354.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 354.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Snapform Viewer 1.7.39 (HKLM-x32\...\2841-5017-1617-4151) (Version: 1.7.39 - Ringler Informatik AG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4278822728-3545199388-2729823056-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {036B2B68-20F2-4119-9E53-FF0557BC91EB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {092895C6-B226-4A3E-A7E3-90B366BFAADF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {44411367-D51B-4C6C-8368-AEADB8063459} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {4C86DAF0-3C70-4ED9-A58F-FF51743AE6D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {5838DFD7-102E-4EDC-89E9-3982F0DD808A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {8803F75A-30E9-4AF0-87AB-05C9DB4CE6AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-01] (Google Inc.)
Task: {8E5CDC88-F1DF-4255-8004-9FF66DBFC915} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-01] (Google Inc.)
Task: {9FE95601-DF6D-42AA-8701-CB78304777FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-08-25 06:39 - 2015-10-15 05:59 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-31 20:33 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-25 07:22 - 2012-04-25 04:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-08-25 07:25 - 2014-08-25 07:25 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-08-25 07:25 - 2014-08-25 07:25 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-08-25 15:31 - 2015-08-09 04:50 - 00404376 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-06-03 19:04 - 2016-06-01 08:38 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libglesv2.dll
2016-06-03 19:04 - 2016-06-01 08:38 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libegl.dll
2015-08-09 04:52 - 2015-08-09 04:52 - 17973744 _____ () C:\WINDOWS\SYSTEM32\igd11dxva64.dll
2016-02-24 00:32 - 2016-02-24 00:32 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-08-25 06:42 - 2013-09-04 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4278822728-3545199388-2729823056-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 80.69.100.205 - 80.69.100.213
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D37D03F8-49F6-4665-B0F1-9558211D75AC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5A4D4100-B973-406A-9253-C3D79A851C13}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C47E6A96-3C5F-4184-AE80-78D3864F57DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B928A7C1-DB7D-4AED-9729-74468CB8A898}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{87A419C3-461D-41FC-88B9-DD52C1CDCB3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{751FB353-FDB0-4746-8256-FD54BFCC346F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE51D775-A726-4681-B00D-DD67CF6D2E07}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F47B0B6A-B2D8-40DC-AB43-8ADD4EB78EBF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B897F9BD-7472-4695-B4B7-1DA9BB01305E}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{89337636-45A9-4FD0-A047-ADFD3F30FAC5}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{6D737568-5306-4C01-9A5D-E6A731680935}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C3CD2676-3B0D-4D4F-9310-0E505AC6EF4E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
27-05-2016 21:28:06 Windows Update
02-06-2016 02:55:31 Wiederherstellungsvorgang
05-06-2016 20:54:52 JRT Pre-Junkware Removal
05-06-2016 20:59:48 JRT Pre-Junkware Removal
05-06-2016 22:24:38 JRT Pre-Junkware Removal
06-06-2016 20:04:50 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/08/2016 02:53:08 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (06/07/2016 06:26:47 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (06/07/2016 09:37:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 10:52:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 10:48:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 10:48:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 08:52:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 08:52:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/06/2016 12:06:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (06/05/2016 10:33:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Systemfehler:
=============
Error: (06/08/2016 10:20:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Fehlercode: 126
Error: (06/08/2016 10:19:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/08/2016 10:19:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/08/2016 10:19:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/08/2016 10:19:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/08/2016 10:19:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VeriFaceSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/08/2016 10:19:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nalpeiron Licensing Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/08/2016 10:19:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/08/2016 10:19:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/08/2016 10:19:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 8116.27 MB
Verfügbarer physikalischer RAM: 6137.44 MB
Summe virtueller Speicher: 9588.27 MB
Verfügbarer virtueller Speicher: 7203.2 MB
==================== Laufwerke ================================
Drive c: (Windows8_OS) (Fixed) (Total:423.61 GB) (Free:354.61 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.89 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0AB09FFE)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
08.06.2016, 11:14
| #7 |
| /// Malwareteam | Yahoo Targo12 Probleme Sehr ergiebig.. Das Problem ist nur in Chrome? beschreibe bitte so genau wie möglich, wann es auftritt.
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
08.06.2016, 15:11
| #8 |
| | Yahoo Targo12 Probleme Rafael, Das Problem tritt nur auf im Zusammenspiel von Browser und Yahoo Abfragen. In meinem Fall trifft dieses zu für Chrome auf zwei unabhängigen PCs mit unterschiedlichen Windows-Versionen - hier 8.1 Wann tritt es auf? In der Regel zu Beginn einer Session, danach "random". Wobei tritt es auf? Bei einer simplen Yahoo Finance Abfrage. Beispiel: "https://de.finance.yahoo.com/kurse/ko,hpq,hpe". - Achtung: Bei anderen Nutzern tritt das Gleiche bei Yahoo Mail auf (Siehe Beginn des Threads mit Verweis auf andere Threads). Was passiert? Beispiel aus BrowserLog / History: (1) 8:28 PM - KO,TXN,HPQ,HPE | Aktienkurse | Kursvergleich Portfolios | YAHOO! Finanzen de.finance.yahoo.com (2) 8:28 PM - Loading... - main.targo12.com (3) 8:32 PM - System Warning - main.targo12.com D.h. nach Aufruf der Yahoo Abfrage wird die Seite angetriggert und dann auf "main.targo.com" weitergeleitet - danach Seite mit "Security Warning" (Screen Shots sind in den anderen Threads hierzu zu finden) Des weiteren: Gehe ich mit dem Cursor auf den Browser Verlauf sehe ich nach der Yahoo Aktien Abfrage dann unten in der Bildschirmzeile : "Loading...main.targo12.com - main.targo12.com/?utm_medium=4e10aefcea64e87c3ae3e3ff3cb93311915828e0&utm_campaign=maya-de danach dann "Systemwarnung" (im Browser Verlauf): main.targo12.com/?utm_term=12743369140&clickverify=1&utm_content=fdc2c69a9caf9cad93919891a6909395ba8eb8ccd0dbd9dbdbddd5d5b6c2dad1efede1e7ebeb11 Wie oben beschrieben habe ich zwei weitere Anmerkungen die hoffentlich helfen das Problem zu identifizieren: 1. Ich habe in den Browser Settings (Google/Chrome) die Settings für Java Script auf " Do not allow any site to run Java Scripts" geändert. Das scheint (?) das Problem zu lösen - gibt aber Probleme bei dem Aufsuchen anderer Seiten (i.e. auch für Yahoo oder alles was Java Script benötigt...) 2. Ohne diese Einstellung ("Do not allow any site to run Java Scripts") erscheinen auch Werbe Pop Ups hier im Forum!!! Beispiel: PC Cleaner Kostenlos - mit URL Verweis auf "SparkTrust.com" - in der Bildschirmzeile unten dazu https://www.googleadservices.com/pagead/aclk?sa=... Downloads irgendwelcher Art haben in der betroffenen Zeit nicht stattgefunden - ausser MS Windows Updates und Avira Updates - Avira habe ich erst einmal deinstalliert... Was ist das Problem???? Browser, Yahoo, Beide ,... Auf jeden Fall ist das ein weitverbreitetes Problem - siehe die vielen anderen Threads hierzu und die rel hohe Anzahl an Klicks... Vielen Dank für weitere Hilfe, Ideen, ... |
|
08.06.2016, 15:18
| #9 |
| /// Malwareteam | Yahoo Targo12 Probleme Download von  ZOEK (by Smeenk)
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... Geändert von burningice (08.06.2016 um 15:25 Uhr) |
|
08.06.2016, 17:08
| #10 |
| | Yahoo Targo12 Probleme Anbei zoek-results.log: Code:
ATTFilter Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by KH on 08.06.2016 at 17:44:42,15. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\KH\Downloads\File Pony\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 08.06.2016 17:46:43 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~3\Office2013 deleted successfully C:\Users\KH\AppData\Local\EmieSiteList deleted successfully C:\Users\KH\AppData\Local\EmieUserList deleted successfully C:\Users\KH\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe C:\WINDOWS\SysWOW64\NLSSRV32.EXE C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE C:\Program Files (x86)\USB Camera\VM331STI.EXE C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Users\KH\Downloads\File Pony\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\KH\AppData\Roaming\Mozilla\Firefox\Profiles\JNv6vNnE.default\prefs.js: Added to C:\Users\KH\AppData\Roaming\Mozilla\Firefox\Profiles\JNv6vNnE.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found C:\Users\Public\Pokki deleted C:\PROGRA~3\eBay deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\KH\AppData\Roaming\Mozilla\Firefox\Profiles\JNv6vNnE.default\extensions\abs@avira.com deleted ==== System Specs ====================== Operating System: Microsoft Windows 8.1 6.3.9600 64-Bit Manufacturer: LENOVO - Model: 20250 Install Date: 31.05.2015 19:38:21 Last Boot: 08.06.2016 10:20:12 Processor: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz Number of Processors: 4 Work Station Bootmode: Normal boot Total RAM: 8116 MB (free 5877 MB - 72) Computername: DABLUES Domain: WORKGROUP User: KH (Administrator account) Local Disk: C:\ - NTFS - 423 GB (free 352 GB) Local Disk: D:\ - NTFS - 24 GB (free 22 GB) CD \ DVD Drive: E:\ Bootdevice: \Device\HarddiskVolume2 Windows update: Country: Deutschland Language: DEU ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 51.0.2704.79 Internet Explorer Version: 11.0.9600.18321 Google Chrome version: 51.0.2704.79 Adobe Reader version: 15.16.20045.188096 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\KH\AppData\Local\Temp ==== 2016-06-05 18:54:15 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\KH\AppData\Local\Temp\jrt\nfo\nircmdc.exe 2016-06-05 16:24:08 560EDC0912BDB68290930E2542823A24 135760 ------w- C:\Users\KH\AppData\Local\Temp\ehdrv.sys 2016-06-02 21:42:50 28488DC29B7A8B00A26575C269478B12 34904 ----a-w- C:\Users\KH\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-05-25 17:50:27 FE77083AB129B2023CF3B465C9625641 453288 ------w- C:\WINDOWS\Sysnative\MpSigStub.exe ====== C:\WINDOWS\Sysnative\drivers ===== 2016-06-07 16:10:02 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2016-06-07 16:09:46 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys 2016-06-07 16:09:46 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2016-06-07 16:09:46 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys 2016-05-25 14:22:41 D67ED4AB59D1EF66B05AD1A81AC28B26 402432 ----a-w- C:\WINDOWS\Sysnative\drivers\rdbss.sys 2016-05-25 14:22:40 C3755FCF9A0B5C6FE8ED9E873B85D3CE 205824 ----a-w- C:\WINDOWS\Sysnative\drivers\ndiswan.sys 2016-05-25 14:22:40 438EA7A2D8D4F9B8AFB64748ACA70BA8 114528 ----a-w- C:\WINDOWS\Sysnative\drivers\mup.sys 2016-05-25 14:22:39 5DB4AFA10A488EC4DDB3DA09B0425BE5 551256 ----a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys 2016-05-11 10:34:44 FE219A7107C4BC3BBC35D6CDC281612C 201728 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys 2016-05-11 10:34:44 D7C9BC4D37BF08C7DD436A0A5F321668 284672 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys 2016-05-11 10:34:44 6A48941C527C8C51051A1514C5B23A31 561960 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-05-11 10:34:44 5DCD41F62F71519D2A46D41F60C69B0C 401920 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2016-05-11 10:33:37 F74B839FA0F4E6060CA1DA6B8DA17941 1549144 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-05-11 10:33:37 436E1A724E7E683F6B612D3D58F04241 74584 ----a-w- C:\WINDOWS\Sysnative\drivers\volmgr.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2016-06-05 19:01:27 -------- d-----w- C:\PROGRA~2\VS Revo Group 2016-06-05 16:22:10 -------- d-----w- C:\PROGRA~2\ESET ======= C: ===== ====== C:\Users\KH\AppData\Roaming ====== 2016-06-06 20:55:17 -------- d-----w- C:\Users\KH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2016-06-05 19:53:48 -------- d-----w- C:\Users\KH\AppData\Roaming\Avira 2016-06-05 19:41:26 -------- d-----w- C:\Users\KH\AppData\Local\ElevatedDiagnostics 2016-06-02 08:35:21 -------- d-----w- C:\Users\KH\AppData\Local\Programs 2016-05-25 17:57:26 -------- d-----w- C:\Users\KH\AppData\Roaming\Mozilla ====== C:\Users\KH ====== 2016-06-05 19:56:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira ====== C: exe-files == 2016-06-07 22:46:06 FDA44910DEB1A460BE4AC5D56D61D837 5 ----a-w- C:\Users\KH\AppData\Local\Microsoft\Windows\INetCache\IE\5O8S49G9\FRST64[1].exe 2016-06-07 22:46:06 2AC71A8D1D52CE9748FB3930523F719F 2385408 ----a-w- C:\Users\KH\AppData\Local\Microsoft\Windows\INetCache\IE\O5YINH3A\FRST64[1].exe 2016-06-07 22:06:24 3AFFE716670C3505AD2BDBB87E9194A2 8032624 ----a-w- C:\Users\KH\AppData\Local\NVIDIA\NvBackend\Packages\00008bd1\DAO.20828755.exe 2016-06-07 16:56:38 D09615AB62E6D4B3C76E4BFD58192214 346552 ----a-w- C:\Users\KH\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2016-06-07 16:56:36 C299D64C12DA8B67349239AD287FF772 403896 ----a-w- C:\Users\KH\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2016-06-07 16:07:39 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\KH\Downloads\File Pony\mbam-setup-2.2.1.1043.exe 2016-06-07 15:58:12 6A6CC4CF4450DE78BF061FCA7B68BC88 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4278822728-3545199388-2729823056-1001\$IUYVJP7.exe 2016-06-07 07:56:37 8F089F7AC9E909C4704AF58EAA179196 3677248 ----a-w- C:\$Recycle.Bin\S-1-5-21-4278822728-3545199388-2729823056-1001\$RUYVJP7.exe 2016-06-06 20:55:18 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe 2016-06-06 20:09:37 8AF92D125EFC48D4A4F0140777AA2FD4 4727984 ----a-w- C:\Users\KH\Downloads\File Pony\tdsskiller.exe 2016-06-06 17:49:21 AFD96C0B3B7A9879A3CACA67915374AE 1859224 ----a-w- C:\Users\KH\Downloads\File Pony\mbae-setup-1.08.1.1196.exe 2016-06-05 22:06:12 D5E300486F6EC156838423A549653AEE 2384896 ----a-w- C:\$Recycle.Bin\S-1-5-21-4278822728-3545199388-2729823056-1001\$R8EAEMC\FRST64.exe 2016-06-05 22:06:12 2AC71A8D1D52CE9748FB3930523F719F 2385408 ----a-w- C:\Users\KH\Downloads\File Pony\FRST64.exe 2016-06-05 18:54:15 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\KH\AppData\Local\Temp\jrt\nfo\nircmdc.exe 2016-06-05 18:17:30 D0EB45DEF6549458A9E3A23A953A036F 1610816 ----a-w- C:\Users\KH\Downloads\File Pony\JRT.exe 2016-06-05 18:15:41 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\KH\Downloads\File Pony\revosetup95.exe 2016-06-05 16:22:15 F0B5FAE0268D84B1CE6EA3B98D4D69EB 331464 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe 2016-06-05 16:22:15 E78517BD20C282FBCA150D2B3ACCC760 2870984 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe 2016-06-05 16:22:15 B23901621E5BD2EF1AAC3E6E6CB9E7FF 422600 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 2016-06-05 16:22:15 4B0F506ACF0A8AE6D6B3E4CF6778B722 122568 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe 2016-06-05 16:22:15 21B9AB1916917F9476B767F605345E62 532168 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe 2016-06-05 16:21:10 87A629D7463BCEB2A02CA143EB2DEFF8 2870984 ----a-w- C:\Users\KH\Downloads\File Pony\esetsmartinstaller_deu.exe 2016-06-05 12:00:48 8F089F7AC9E909C4704AF58EAA179196 3677248 ----a-w- C:\Users\KH\Downloads\File Pony\adwcleaner_5.119.exe 2016-06-03 17:03:46 FC101BEA66C27EA19B88F1619C04EE54 52687264 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\51.0.2704.79\51.0.2704.79_chrome_installer_win64.exe 2016-06-03 16:40:44 20F4653048B4185DC63D1651451F6436 23568984 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\51.0.2704.79\51.0.2704.79_50.0.2661.102_chrome_updater.exe 2016-06-02 22:06:43 6A50282084AEF862BE90DF9FBF8D1563 1541624 ----a-w- C:\Users\KH\AppData\Local\Google\Chrome\User Data\SwReporter\7.58.0\software_reporter_tool.exe 2016-06-02 22:03:12 C26E57CA09C23D72E662E38C048B205D 8141944 ----a-w- C:\Users\KH\AppData\Local\NVIDIA\NvBackend\Packages\00008b8d\DAO.20814170.exe 2016-06-02 22:03:08 BAFC43BC5F053339E05611B52948BC51 634952 ----a-w- C:\Users\KH\AppData\Local\NVIDIA\NvBackend\Packages\00008b8b\CoProc update.20813724.exe 2016-06-02 21:50:20 FA34E3A8FF05F69B2EDEA72438E7FFFF 454144 ----a-w- C:\Windows\SysWOW64\GWX\GWX.exe 2016-06-02 21:50:20 DAE5C698C08E4FDFB052D4A2B05FAF2B 358400 ----a-w- C:\Windows\System32\GWX\GWXDetector.exe 2016-06-02 21:50:20 A93954A96CC7B19F88C8211A88E5949A 421488 ----a-w- C:\Windows\System32\GWX\GWXUXWorker.exe 2016-06-02 21:50:20 7003287A5032A3AF1CCF1B9A6FFAA057 534016 ----a-w- C:\Windows\System32\GWX\GWX.exe 2016-06-02 21:50:20 5A1761A6B80DFA60523A0A1850E214EC 755200 ----a-w- C:\Windows\System32\GWX\GWXConfigManager.exe 2016-06-02 21:50:20 246CE916C4EB466C436EFB2E1827C7B6 119296 ----a-w- C:\Windows\System32\GWX\GWXUX.exe 2016-06-02 21:18:20 F7D64E565C7D582A1D072058EDC040A4 48840 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\appsharinghookcontroller64.exe 2016-06-02 21:18:19 88663E7EF4CD6DED49FF6D3FF6A7A529 7988520 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\cmigrate.exe 2016-06-02 21:18:19 100A60B2782B6CFFB48C7BAF2A9A3F24 1163552 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\olicenseheartbeat.exe 2016-06-02 21:18:19 0091934DC3750E95F5E421DD37107E32 5841192 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\cmigrate.exe 2016-06-02 21:18:18 DB57494BAA98FDFE7F840A2276D89AB7 483656 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dwtrig20.exe 2016-06-02 21:18:18 A059084E2A5CC04A5AB0C4A349A072F0 559856 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\msosqm.exe 2016-06-02 21:18:18 5A035C05FC003E651F8F49084561C4BC 94048 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe 2016-06-02 21:18:18 548E5ABEBCD3097E2023A34107A8503C 851736 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dw20.exe 2016-06-02 21:18:17 4F29505A7AFD908CC3C7380890427BB7 490272 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\selfcert.exe 2016-06-02 21:18:17 455FD410067B0D73E9F6D6B9724AE3D3 537864 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\vpreview.exe 2016-06-02 21:18:17 3AEC284F42C21FEB3FEEEC45652CFA74 883416 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe 2016-06-02 21:18:17 0A15BED6D572F00AD85ACAF4EF600F61 1932480 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\winword.exe 2016-06-02 21:18:16 11F3DF00F1ABFE3D6731C92E2601EBA7 526680 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\iecontentservice.exe 2016-06-02 21:18:15 093042185BEBAAB0E57F25416452207A 21953728 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe 2016-06-02 21:18:14 8328A6719B12F120ABF4BC3146F76D83 25737408 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excel.exe 2016-06-02 21:18:13 102E48C032B94A36BC56F8C8B85D9C9E 642336 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\integrator.exe 2016-06-02 21:18:13 06DB79BACA734414B2E1A1C5FF7EA822 238328 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\clview.exe 2016-06-02 21:18:01 436EF417DCE9F22958AA833EA966D381 578912 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE === C: other files == 2016-06-07 16:10:02 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2016-06-07 16:09:46 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\Windows\System32\drivers\mwac.sys 2016-06-07 16:09:46 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys 2016-06-07 16:09:46 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2016-06-05 16:24:08 560EDC0912BDB68290930E2542823A24 135760 ------w- C:\Users\KH\AppData\Local\Temp\ehdrv.sys ==== Startup Registry Enabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0" "331BigDog"="C:\Program Files (x86)\USB Camera\VM331STI.EXE" "Malwarebytes Anti-Exploit"="C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "OnekeyStudio"="C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe -start" "Energy Manager"="C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe" "Lenovo Utility"="C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2015-05-31 22:16:12 1130 ----a-w- C:\Users\KH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01.06.2015 11:55] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01.06.2015 11:55] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\PDVDServ Task" [C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\KH\AppData\Roaming\Mozilla\Firefox\Profiles\JNv6vNnE.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions flliilndjeohchalpbbcdekjklbdgfkk - No path found[] Google Slides - KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - KH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{04F3434D-A396-4E75-A569-C36DBE04CCC2}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04F3434D-A396-4E75-A569-C36DBE04CCC2}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="hxxp://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" O4 - HKLM\..\Run: [331BigDog] "C:\Program Files (x86)\USB Camera\VM331STI.EXE" O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe O4 - Startup: An OneNote senden.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Avira Service Host (Avira.ServiceHost) - Unknown owner - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (file missing) O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\SysWOW64\NLSSRV32.EXE O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\KH\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\KH\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\KH\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\KH\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\KH\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=151 folders=37 19844900 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\KH\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\KH\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 08.06.2016 at 18:01:07,71 ====================== |
|
08.06.2016, 17:29
| #11 |
| /// Malwareteam | Yahoo Targo12 Probleme Und tritt das Problem wieder auf? Natürlich JavaScript aktiv lassen
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
08.06.2016, 17:41
| #12 |
| | Yahoo Targo12 Probleme Browser Einstellungen sind jetzt erst einmal etwas "verschoben" :-) Anmerkung: Google Chrome wollte eine Erweiterung laden - von Avira. Habe ich nicht zugelassen. Avira ist deinstalliert ... !?!? Habe zwei Test Abfragen durchgeführt - bis hierher keine weitere Meldung. Hmmmm ... What next ??.. |
|
08.06.2016, 18:14
| #13 |
| /// Malwareteam | Yahoo Targo12 Probleme Also JavaScript aktiv und keine Feststellung mehr? Schön weiter testen ESET Online Scanner
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
08.06.2016, 19:51
| #14 |
| | Yahoo Targo12 Probleme Rafael, Anbei ESET Online Scanner Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b57e07511489be4693ce262526ef7baa
# end=init
# utc_time=2016-06-08 05:24:19
# local_time=2016-06-08 07:24:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 29733
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b57e07511489be4693ce262526ef7baa
# end=updated
# utc_time=2016-06-08 05:27:39
# local_time=2016-06-08 07:27:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b57e07511489be4693ce262526ef7baa
# engine=29733
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-06-08 06:45:54
# local_time=2016-06-08 08:45:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5496 29201124 0 0
# scanned=247573
# found=0
# cleaned=0
# scan_time=4695
|
|
08.06.2016, 20:35
| #15 |
| | Yahoo Targo12 Probleme Nach all den Aktivitäten ist das Problem leider noch nicht gelöst. Habe gerade eine Abfrage über Yahoo gestartet - https://de.finance.yahoo.com/kurse/ko,txn,hpq,hpe - und das Resultat ist das MAIN.TARGO12.COM Problem. Habe Screenshots gemacht :    Ich denke es ist an der Zeit die ganzen Threads hierzu zu bündeln und nicht einzeln weiter wie gehabt zu bearbeiten. Hier gibt es entweder eine grössere Bedrohung seit Anfang Juni oder es ist ein perfider Nonsense. Ich bin gespannt auf die weiteren Ideen und Massnahmen, Vielen Dank bis hierhin Rafael - leider ohne Erfolg DaBlues |
|
| Themen zu Yahoo Targo12 Probleme |
| .com, adware, avg, avira, beseitigung, browser, cursor, foren, leitet, log, mail, mbam, pcs, problem, probleme, seite, seiten, spiele, system, targo12, unerwünschte seiten, verlauf, warning, wichtig, win, yahoo |
Linear-Darstellung
