| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner-Fund nach Fake-Anruf Microsoft SupportWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.06.2016, 17:36
| #1 |
 |  Trojaner-Fund nach Fake-Anruf Microsoft Support Hallo, leider bin ich auch auf einen Fake-Anruf eines angeblichen Microsoft-Mitarbeiters hereingefallen (wie hier im Forum mehrmals beschrieben). War über supremocontrol verbunden, habe dann Verdacht geschöpft und Verbindung getrennt; der PC hat dann neu gebootet und ist seitdem mit einem Password belegt. Dieses hat mir der Anrufer jedoch mitgeteilt (nachdem ich versprach zu zahlen). Als ich wieder in Windows war, habe ich das Telefonat sofort beendet ohne irgendeine Zahlungsabwicklung. Soweit so gut. Nun mein Problem: habe mit Malwarebytes den Trojan.malpac.gen und Trojan.clicker gefunden (vielleicht waren sie schon vorher da). Außerdem ist mir aufgefallen, dass eine Systemwiederherstellung nicht möglich war (hat sonst immer geklappt) und die Windows Firewall ausgeschaltet ist und sich nicht einschalten lässt. Kann mir bitte jemand helfen, meinen PC wieder in Ordnung zu bringen? Hier die log files von FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016
durchgeführt von *** (Administrator) auf ***-PC (19-06-2016 14:04:30)
Gestartet von C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKVDCDVI
Geladene Profile: *** (Verfügbare Profile: *** & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-05-20] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\MountPoints2: {6d218d94-e6b2-11e1-a29a-d02788354e28} - J:\iStudio.exe
HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Packard Bell.scr [456224 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips SA4MIN Gere-Manager.lnk [2013-08-14]
ShortcutTarget: Philips SA4MIN Gere-Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA4MIN Device Manager\main.exe (KeenHigh Tech.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CC97B91A-ACDB-4873-AD39-434F914E29A3}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.directbox.com/
HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001 -> DefaultScope {1086232F-1D24-4FD8-9A43-3A636A2C81BD} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001 -> {1086232F-1D24-4FD8-9A43-3A636A2C81BD} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-18] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5164800 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1078544 2016-04-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 SamsungUPDUtilSvc; C:\Windows\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-19 14:04 - 2016-06-19 14:04 - 00000000 ____D C:\FRST
2016-06-18 17:44 - 2016-06-18 17:46 - 00001218 _____ C:\Users\***\Desktop\Malwarebytes lf.txt
2016-06-17 21:28 - 2016-06-17 21:28 - 00000000 ____D C:\Users\***\AppData\Roaming\AVG
2016-06-17 21:27 - 2016-06-17 21:27 - 00000948 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-06-17 21:27 - 2016-06-17 21:27 - 00000000 ____D C:\Users\***\AppData\Roaming\TuneUp Software
2016-06-17 21:27 - 2016-06-17 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-17 21:26 - 2016-06-17 21:26 - 00000000 ___HD C:\$AVG
2016-06-17 20:46 - 2016-06-19 13:44 - 00000000 ____D C:\ProgramData\MFAData
2016-06-17 20:46 - 2016-06-17 20:46 - 00000000 ____D C:\Users\***\AppData\Local\MFAData
2016-06-17 20:45 - 2016-06-17 21:06 - 00000000 ____D C:\Program Files (x86)\AVG
2016-06-17 20:12 - 2016-06-17 21:28 - 00000000 ____D C:\Users\***\AppData\Local\Avg
2016-06-17 20:12 - 2016-06-17 21:26 - 00000000 ____D C:\ProgramData\Avg
2016-06-17 20:12 - 2016-06-17 20:45 - 00000000 ____D C:\Users\***\AppData\Local\AvgSetupLog
2016-06-17 19:08 - 2016-05-18 18:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-17 19:08 - 2016-05-18 18:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-17 19:08 - 2016-05-12 19:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-17 19:08 - 2016-05-12 19:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-17 19:08 - 2016-05-12 19:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-17 19:08 - 2016-05-12 19:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-17 19:08 - 2016-05-12 19:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-17 19:08 - 2016-05-12 19:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-17 19:08 - 2016-05-12 19:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-17 19:08 - 2016-05-12 19:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-17 19:08 - 2016-05-12 17:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-17 19:08 - 2016-05-12 17:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-17 19:08 - 2016-05-12 16:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-17 19:08 - 2016-05-12 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-17 19:08 - 2016-05-12 16:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-17 19:08 - 2016-05-12 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-17 19:08 - 2016-05-12 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-17 19:08 - 2016-05-12 16:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-17 19:08 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-17 19:08 - 2016-05-12 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-17 19:08 - 2016-05-12 16:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-17 19:08 - 2016-05-12 15:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-17 19:08 - 2016-05-12 15:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-17 19:08 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-17 19:07 - 2016-06-06 18:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-17 19:07 - 2016-06-06 18:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-17 19:07 - 2016-06-03 15:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-17 19:07 - 2016-05-27 15:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-17 19:07 - 2016-05-27 15:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-17 19:07 - 2016-05-27 15:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-17 19:07 - 2016-05-27 15:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-17 19:07 - 2016-05-24 01:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-17 19:07 - 2016-05-24 00:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-17 19:07 - 2016-05-22 15:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-17 19:07 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-17 19:07 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-17 19:07 - 2016-05-21 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-17 19:07 - 2016-05-21 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-17 19:07 - 2016-05-21 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-17 19:07 - 2016-05-21 00:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-17 19:07 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-17 19:07 - 2016-05-21 00:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-17 19:07 - 2016-05-21 00:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-17 19:07 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-17 19:07 - 2016-05-21 00:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-17 19:07 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-17 19:07 - 2016-05-21 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-17 19:07 - 2016-05-20 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-17 19:07 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-17 19:07 - 2016-05-20 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-17 19:07 - 2016-05-20 23:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-17 19:07 - 2016-05-20 23:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-17 19:07 - 2016-05-20 23:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-17 19:07 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-17 19:07 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-17 19:07 - 2016-05-20 23:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-17 19:07 - 2016-05-20 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-17 19:07 - 2016-05-20 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-17 19:07 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-17 19:07 - 2016-05-20 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-17 19:07 - 2016-05-20 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-17 19:07 - 2016-05-20 23:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-17 19:07 - 2016-05-20 23:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-17 19:07 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-17 19:07 - 2016-05-20 23:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-17 19:07 - 2016-05-20 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-17 19:07 - 2016-05-20 23:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-17 19:07 - 2016-05-20 23:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-17 19:07 - 2016-05-20 23:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-17 19:07 - 2016-05-20 23:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-17 19:07 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-17 19:07 - 2016-05-20 23:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-17 19:07 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-17 19:07 - 2016-05-20 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-17 19:07 - 2016-05-20 23:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-17 19:07 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-17 19:07 - 2016-05-20 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-17 19:07 - 2016-05-20 23:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-17 19:07 - 2016-05-20 23:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-17 19:07 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-17 19:07 - 2016-05-20 23:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-17 19:07 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-17 19:07 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-17 19:07 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-17 19:07 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-17 19:07 - 2016-05-20 23:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-17 19:07 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-17 19:07 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-17 19:07 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-17 19:07 - 2016-05-20 23:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-17 19:07 - 2016-05-20 23:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-17 19:07 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-17 19:07 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-17 19:07 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-17 19:07 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-17 19:07 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-17 19:07 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-17 19:07 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-17 19:07 - 2016-05-14 00:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-17 19:07 - 2016-05-14 00:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-17 19:07 - 2016-05-14 00:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-17 19:07 - 2016-05-14 00:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-17 19:07 - 2016-05-14 00:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-17 19:07 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-17 19:07 - 2016-05-13 23:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-17 19:07 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-17 19:07 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-17 19:07 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-17 19:07 - 2016-05-12 19:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-17 19:07 - 2016-05-12 19:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-17 19:07 - 2016-05-12 19:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-17 19:07 - 2016-05-12 19:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-17 19:07 - 2016-05-12 19:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-17 19:07 - 2016-05-12 19:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-17 19:07 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-17 19:07 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-17 19:07 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-17 19:07 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-17 19:07 - 2016-05-12 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-17 19:07 - 2016-05-11 19:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-17 19:07 - 2016-05-11 19:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-17 19:07 - 2016-05-11 19:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-17 19:07 - 2016-05-11 19:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-17 19:07 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-17 19:07 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-17 19:07 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-17 19:07 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-17 19:07 - 2016-05-11 17:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-17 19:07 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-17 19:07 - 2016-05-11 16:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-17 19:07 - 2016-04-14 18:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-17 19:07 - 2016-04-14 18:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-17 19:07 - 2016-04-14 18:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-17 19:07 - 2016-04-14 18:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-17 19:07 - 2016-04-14 18:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-17 19:07 - 2016-04-14 18:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-17 19:07 - 2016-04-14 17:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-17 19:07 - 2016-04-14 17:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-17 19:07 - 2016-04-14 17:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-17 19:07 - 2016-04-14 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-17 19:07 - 2016-04-14 17:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-17 19:07 - 2016-04-14 17:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-17 19:07 - 2016-04-09 08:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-17 19:07 - 2016-04-09 08:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-17 19:07 - 2016-04-09 08:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-17 19:07 - 2016-04-09 08:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-17 19:07 - 2016-04-09 07:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-17 19:07 - 2016-04-09 07:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-17 19:07 - 2016-03-09 21:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-17 19:07 - 2016-03-09 20:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-17 19:04 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160617-190425.backup
2016-06-17 19:01 - 2016-06-17 19:01 - 00018253 _____ C:\Users\***\Desktop\Scan Results.160617-1901.txt
2016-06-17 18:03 - 2016-06-17 21:27 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-17 18:03 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-06-17 17:57 - 2016-06-17 19:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-17 17:57 - 2016-06-17 18:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-17 17:57 - 2016-06-17 17:57 - 00001407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-17 17:57 - 2016-06-17 17:57 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-17 17:57 - 2016-06-17 17:57 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-06-17 17:57 - 2016-06-17 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-17 17:57 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-06-17 17:26 - 2016-06-18 17:49 - 00002734 _____ C:\Users\***\Desktop\AdwCleaner[C1].txt
2016-06-17 17:19 - 2016-06-17 17:23 - 00000000 ____D C:\AdwCleaner
2016-06-17 17:08 - 2016-06-19 12:22 - 00000000 ____D C:\Users\***\Documents\lf
2016-06-11 20:57 - 2016-06-18 17:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-11 20:57 - 2016-06-11 20:57 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-06-11 20:57 - 2016-06-11 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-06-11 20:57 - 2016-06-11 20:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-06-11 20:57 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-11 20:57 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-11 20:57 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-08 20:06 - 2016-06-08 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-05 23:15 - 2016-06-05 23:15 - 00000000 ____D C:\Windows\de
2016-06-05 22:35 - 2016-06-05 22:35 - 00001317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-06-05 22:25 - 2016-06-05 22:25 - 00001386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-06-05 22:15 - 2016-06-05 22:15 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-06-05 20:55 - 2016-06-05 20:55 - 00000000 ____D C:\Windows\PCHEALTH
2016-06-05 20:35 - 2016-06-05 22:05 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-06-05 15:00 - 2016-06-05 20:24 - 00000000 ____D C:\Users\***\Documents\Reiseplanung So2017
2016-06-04 20:26 - 2016-06-04 20:26 - 00000020 _____ C:\Windows\(û0
2016-06-03 20:35 - 2016-06-04 18:02 - 04167610 _____ C:\Users\***\Documents\USA 2017.pptx
2016-06-02 20:49 - 2016-06-02 20:50 - 00000000 ___SD C:\Windows\system32\GWX
2016-06-02 20:49 - 2016-06-02 20:49 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-06-02 19:05 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-06-02 19:05 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-06-02 19:05 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-06-02 19:05 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-06-02 19:05 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-06-02 19:05 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-06-02 19:05 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-06-02 19:05 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-06-02 18:48 - 2016-06-02 18:48 - 00000020 _____ C:\Windows\ðùÐ
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-19 13:47 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-19 13:47 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-19 11:52 - 2011-03-23 15:12 - 00000000 ____D C:\Users\***\AppData\Roaming\SoftGrid Client
2016-06-19 11:49 - 2010-11-30 15:43 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-19 11:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-18 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-18 17:41 - 2015-03-21 10:26 - 00000000 ____D C:\Program Files (x86)\Avira
2016-06-18 17:38 - 2015-03-21 10:26 - 00000000 ____D C:\ProgramData\Avira
2016-06-18 17:37 - 2015-03-21 10:32 - 00000000 ____D C:\Users\***\AppData\Roaming\Avira
2016-06-18 17:32 - 2009-07-14 06:45 - 00331232 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-18 17:29 - 2014-12-12 15:32 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-17 17:08 - 2012-10-17 14:37 - 00000000 ____D C:\Users\***\Documents\David IT
2016-06-13 19:31 - 2011-03-23 11:09 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-12 09:57 - 2015-02-03 21:33 - 00000000 ____D C:\Users\***\AppData\Local\ElevatedDiagnostics
2016-06-12 09:43 - 2016-04-04 19:39 - 00000000 ____D C:\Users\***\Documents\Rebecca Werken
2016-06-08 20:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2016-06-05 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-05 19:54 - 2012-04-15 14:26 - 00000000 ____D C:\Users\***\AppData\Local\Windows Live
2016-05-29 09:31 - 2015-09-18 20:41 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-29 09:27 - 2015-09-18 20:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-09-13 11:04 - 2015-09-13 11:04 - 0000017 _____ () C:\Users\***\AppData\Local\resmon.resmoncfg
Einige Dateien in TEMP:
====================
C:\Users\***\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-06-18 18:25
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-06-2016
durchgeführt von *** (2016-06-19 14:05:08)
Gestartet von C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKVDCDVI
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-23 09:00:39)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3577244915-1859113761-1499644197-500 - Administrator - Disabled)
*** (S-1-5-21-3577244915-1859113761-1499644197-1001 - Administrator - Enabled) => C:\Users\***
Gast (S-1-5-21-3577244915-1859113761-1499644197-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3577244915-1859113761-1499644197-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-3577244915-1859113761-1499644197-1003 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Any Video Converter 5.7.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
AVG (Version: 16.81.7639 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4604 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.81.7639 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
dm Fotowelt (HKLM-x32\...\dm Fotowelt) (Version: - )
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: - )
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FMW 1 (Version: 1.82.3 - AVG Technologies) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.11.34.1015 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.34.1015 - DVDVideoSoft Ltd.)
GoGear SA4MIN Device Manager (HKLM-x32\...\{2BCBBBDB-33B9-3688-8863-9B33BDBBBCB2}) (Version: 0.1 - Philips)
GoGear SA4MIN Device Manager (x32 Version: 0.1 - Philips) Hidden
GPL Ghostscript 9.01 (HKLM-x32\...\GPL Ghostscript 9.01) (Version: - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Packard Bell)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{abec8e45-298a-4b96-b714-36d6a68f2e2a}) (Version: - Nero AG)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5915 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Packard Bell Game Console (x32 Version: - WildTangent) Hidden
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0825.2010 - Packard Bell )
Packard Bell Software Suite SE (HKLM-x32\...\Packard Bell Software Suite SE) (Version: 2.01.3003 - Packard Bell)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PirateVille (HKLM-x32\...\PirateVille) (Version: - )
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.06.10 - Samsung Electronics Co., Ltd.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.45.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-3400 Series (HKLM-x32\...\Samsung SCX-3400 Series) (Version: 1.08 (07.05.2012) - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3005 - Packard Bell)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {402B54DB-63C8-4AAC-8BD7-81BECE817FEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {43E7B04C-1C41-4019-84E4-F3A93E96ED53} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {5FA847AA-8B5C-41A4-89F9-701B8BEA0B0B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {CF84E5C2-6C36-41FA-9CAD-7B8F1BFE0307} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {E1C900AF-8A7B-44F4-9CD3-921236C201B8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2012-11-18 18:02 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-29 10:24 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-05-02 05:40 - 2011-05-02 05:40 - 00034304 _____ () C:\Windows\System32\ssm1mlm.dll
2015-02-06 18:14 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\usp02l.dll
2015-09-18 20:22 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-06 18:15 - 2014-11-26 13:07 - 00118576 _____ () C:\Windows\SysWOW64\SecUPDUtilSvc.exe
2010-12-17 19:13 - 2010-12-17 19:13 - 00438784 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 19:13 - 2010-12-17 19:13 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2010-08-04 14:40 - 2010-08-04 14:40 - 00611872 _____ () C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
2010-08-25 14:27 - 2009-12-09 11:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2010-08-04 11:47 - 2010-08-04 11:47 - 00144896 _____ () C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyHook.dll
2016-06-17 17:57 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-17 17:57 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-17 17:57 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-17 20:45 - 2015-04-07 15:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7904 mehr Seiten.
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7904 mehr Seiten.
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
mpsdrv => Firewall Dienst läuft nicht.
MpsSvc => Firewall Dienst läuft nicht.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{722BC948-2EF8-49F0-B9A8-5CBD287C0EF6}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{AC152D6A-73B0-4538-A9F8-07831E842106}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{266601AE-DB06-4991-AC54-7F182F1DFBE4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{14CD670F-D1E7-4C32-BCC1-67115DC17382}] => (Allow) LPort=2869
FirewallRules: [{6F0F1AA0-4FE2-460B-8886-CF73C6A68240}] => (Allow) LPort=1900
FirewallRules: [{95AA2C02-2AD9-48C8-A20F-874E9FF323D5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{69A09224-2BEC-44A5-AFE5-B682EA2F0805}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CA934816-1487-48E8-97B5-0F16CB5E79BF}] => (Allow) C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SEIUMP3\PDFConverterSetup.exe
FirewallRules: [{15118DFE-A3DC-4D8D-AE40-4B07E7FFC714}] => (Allow) C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SEIUMP3\PDFConverterSetup.exe
FirewallRules: [{215A30AB-F335-4D8F-B1DD-AC48EE6983C5}] => (Allow) C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEX9YZH4\PDFConverterSetup.exe
FirewallRules: [{CDF4730A-83B3-435E-9648-3CEACC4B6AAE}] => (Allow) C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEX9YZH4\PDFConverterSetup.exe
FirewallRules: [TCP Query User{0DD99F35-497B-467F-A3D4-BE1FD8719338}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{B4E974E4-AE29-4975-B469-6501A16A8E31}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{CFB34E93-3320-4847-9896-D19A106D8490}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{5B6D186A-9033-45A7-8414-C6352FABC76C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{83D82222-A777-4496-9EFE-AC8B905C8054}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{094532C8-EF79-4284-BDFF-9CB378837823}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0531345A-AA76-429A-9567-06318F7F8EFA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{1BC9B9BB-7831-4E60-8368-B1CB471DE3D4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{10AC30F9-69DA-414E-B53B-363FC566B660}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{BEFBBBCF-A109-42D8-9641-5B01E934DA9A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{7AA7B9A3-91C5-4D67-9BB0-F2D1CA3786B5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{2416D482-ACB1-437C-8918-22BCDDF9C9D4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{67F40395-AF54-4BCA-A3C5-5AD38B50EF64}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{D9903398-499E-4F2A-85CE-81F55C1337E6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{5AE30094-0364-4CB4-A40C-7C83AA9F0CA4}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{4522672F-5847-4530-B2B2-5F7F51E50B38}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{BC76AB21-ADE0-4293-9533-F3258B4A2B0D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{ECAD59BC-3A28-4BA0-8776-DE0E502E59A1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{790F803B-59A9-4DFC-B11E-FA9D0E31C16A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{D8C9844D-B3D8-4D69-AB1A-D10ACA08BE30}] => (Allow) C:\Users\***\AppData\Local\Microsoft\OneDrive\OneDrive.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
09-04-2016 08:36:59 Geplanter Prüfpunkt
13-04-2016 20:22:14 Windows Update
23-04-2016 13:49:39 Geplanter Prüfpunkt
01-05-2016 13:48:32 Geplanter Prüfpunkt
05-05-2016 09:59:00 Windows Update
06-05-2016 20:35:00 Windows Update
10-05-2016 21:23:56 Windows Update
11-05-2016 19:53:48 Windows Update
11-05-2016 20:38:56 Windows Update
29-05-2016 10:12:21 Geplanter Prüfpunkt
29-05-2016 13:38:21 Windows Update
02-06-2016 18:30:00 Windows Modules Installer
02-06-2016 18:46:07 DirectX wurde installiert
02-06-2016 18:46:32 DirectX wurde installiert
02-06-2016 19:02:29 Windows Live Essentials
02-06-2016 19:03:47 DirectX wurde installiert
02-06-2016 19:04:11 DirectX wurde installiert
02-06-2016 19:05:02 DirectX wurde installiert
02-06-2016 19:06:12 WLSetup
02-06-2016 20:49:30 Windows Update
04-06-2016 20:14:49 DirectX wurde installiert
04-06-2016 20:15:08 DirectX wurde installiert
19-06-2016 12:20:36 Geplanter Prüfpunkt
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Windows-Firewallautorisierungstreiber
Description: Windows-Firewallautorisierungstreiber
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: discache
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: NVIDIA GeForce GT 420
Description: NVIDIA GeForce GT 420
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Hauptplatinenressourcen
Description: Hauptplatinenressourcen
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/19/2016 01:41:55 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)
Error: (06/19/2016 01:41:55 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)
Error: (06/19/2016 01:41:55 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)
Error: (06/19/2016 01:41:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)
Error: (06/19/2016 12:22:43 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)
Error: (06/19/2016 12:22:43 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)
Error: (06/19/2016 12:22:43 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)
Error: (06/19/2016 12:22:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)
Error: (06/19/2016 11:52:56 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)
Error: (06/19/2016 11:52:56 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)
Systemfehler:
=============
Error: (06/19/2016 01:41:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 8 Mal passiert.
Error: (06/19/2016 01:41:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2 = Das System kann die angegebene Datei nicht finden.
Error: (06/19/2016 01:41:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143 = In der Endpunktzuordnung sind keine weiteren Endpunkte verfügbar.
.
Error: (06/19/2016 12:22:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.
Error: (06/19/2016 12:22:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2 = Das System kann die angegebene Datei nicht finden.
Error: (06/19/2016 11:52:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.
Error: (06/19/2016 11:52:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2 = Das System kann die angegebene Datei nicht finden.
Error: (06/19/2016 11:52:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069 = Der Dienst konnte wegen einer fehlerhaften Anmeldung nicht gestartet werden.
Error: (06/19/2016 11:52:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330 = Anmeldung fehlgeschlagen: Das angegebene Kennwort des Kontos ist abgelaufen.
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/19/2016 11:52:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 4023.11 MB
Verfügbarer physikalischer RAM: 2189.21 MB
Summe virtueller Speicher: 8044.4 MB
Verfügbarer virtueller Speicher: 6149.04 MB
==================== Laufwerke ================================
Drive c: (Packard Bell) (Fixed) (Total:457.45 GB) (Free:337.64 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.96 GB) (Free:457.83 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B760C75B)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=458 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Habe noch Adwcleaner und Spybot S&D heruntergeladen, hier die log files: Code:
ATTFilter Search results from Spybot - Search & Destroy
17.06.2016 19:01:27
Scan took 00:24:16.
41 items found.
Babylon.Toolbar: [SBI $35D035AC] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Category=Adware
ThreatLevel=3
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Babylon.Toolbar: [SBI $2059D587] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3718D0AF-A3B8-4F5E-86F3-FAD8D02043BE}
Category=Adware
ThreatLevel=3
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Babylon.Toolbar: [SBI $2059D587] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3718D0AF-A3B8-4F5E-86F3-FAD8D02043BE}
Category=Adware
ThreatLevel=3
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Babylon.Toolbar: [SBI $9230BC9B] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{78868069-5D96-4B47-BE52-3D625EE3D7CB}
Category=Adware
ThreatLevel=3
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Babylon.Toolbar: [SBI $9230BC9B] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{78868069-5D96-4B47-BE52-3D625EE3D7CB}
Category=Adware
ThreatLevel=3
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\OCS\lastPID
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\OCS\PID
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $FF589D0C] Download directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Internet Explorer\Download Directory
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Microsoft Management Console\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (12) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cache: [SBI $49804B54] Browser: Cache (672) (Browser: Cache, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Verlauf: [SBI $49804B54] Browser: History (12) (Browser: History, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
--- Spybot - Search & Destroy version: 2.6.44.134 DLL (build: 20160321) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2016-03-21 SDCleaner.exe (2.6.44.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2016-03-21 SDImmunize.exe (2.6.44.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2016-03-21 SDScan.exe (2.6.44.181)
2014-06-24 SDScript.exe (2.4.40.54)
2016-03-21 SDSettings.exe (2.6.44.141)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-06-17 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2016-03-21 DelZip192.dll (1.9.2.132)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2016-03-21 SDScanLibrary.dll (2.6.44.134)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2016-06-14 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2015-12-23 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2016-06-08 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2016-05-25 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2016-06-14 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2016-05-11 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2016-06-14 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Code:
ATTFilter # AdwCleaner v5.200 - Bericht erstellt am 17/06/2016 um 17:23:22
# Aktualisiert am 14/06/2016 von ToolsLib
# Datenbank : 2016-06-17.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : *** - ***-PC
# Gestartet von : C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKVDCDVI\adwcleaner_5.200.exe
# Option : Löschen
# Unterstützung : https://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB
[-] Ordner gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
[-] Ordner gelöscht : C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers
[-] Ordner gelöscht : C:\Users\***\AppData\Roaming\MPC
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Wert gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Wert gelöscht : HKU\S-1-5-21-3577244915-1859113761-1499644197-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [2516 Bytes] - [17/06/2016 17:23:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [2557 Bytes] - [17/06/2016 17:20:46]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2662 Bytes] ##########
|
|
19.06.2016, 20:37
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Trojaner-Fund nach Fake-Anruf Microsoft Support Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
19.06.2016, 21:46
| #3 |
| | Trojaner-Fund nach Fake-Anruf Microsoft Support Hallo Jürgen,
__________________der TDSSKiller hat zum Glück nichts gefunden, hier die Logfile Code:
ATTFilter 22:31:30.0982 0x17d8 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
22:31:50.0029 0x17d8 ============================================================
22:31:50.0029 0x17d8 Current date / time: 2016/06/19 22:31:50.0029
22:31:50.0029 0x17d8 SystemInfo:
22:31:50.0029 0x17d8
22:31:50.0029 0x17d8 OS Version: 6.1.7601 ServicePack: 1.0
22:31:50.0029 0x17d8 Product type: Workstation
22:31:50.0029 0x17d8 ComputerName: ***-PC
22:31:50.0029 0x17d8 UserName: ***
22:31:50.0029 0x17d8 Windows directory: C:\Windows
22:31:50.0029 0x17d8 System windows directory: C:\Windows
22:31:50.0029 0x17d8 Running under WOW64
22:31:50.0029 0x17d8 Processor architecture: Intel x64
22:31:50.0029 0x17d8 Number of processors: 4
22:31:50.0029 0x17d8 Page size: 0x1000
22:31:50.0029 0x17d8 Boot type: Normal boot
22:31:50.0029 0x17d8 ============================================================
22:31:50.0341 0x17d8 KLMD registered as C:\Windows\system32\drivers\42872403.sys
22:31:50.0794 0x17d8 System UUID: {F32F1F0E-4E3C-3B15-2604-C9978DEF4263}
22:31:51.0215 0x17d8 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:31:51.0231 0x17d8 ============================================================
22:31:51.0231 0x17d8 \Device\Harddisk0\DR0:
22:31:51.0231 0x17d8 MBR partitions:
22:31:51.0231 0x17d8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
22:31:51.0231 0x17d8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x392E7000
22:31:51.0231 0x17d8 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B319800, BlocksNum 0x393EC800
22:31:51.0231 0x17d8 ============================================================
22:31:51.0246 0x17d8 C: <-> \Device\Harddisk0\DR0\Partition2
22:31:51.0293 0x17d8 D: <-> \Device\Harddisk0\DR0\Partition3
22:31:51.0293 0x17d8 ============================================================
22:31:51.0293 0x17d8 Initialize success
22:31:51.0293 0x17d8 ============================================================
22:33:00.0838 0x15c8 ============================================================
22:33:00.0838 0x15c8 Scan started
22:33:00.0838 0x15c8 Mode: Manual; SigCheck; TDLFS;
22:33:00.0838 0x15c8 ============================================================
22:33:00.0838 0x15c8 KSN ping started
22:33:03.0194 0x15c8 KSN ping finished: true
22:33:03.0740 0x15c8 ================ Scan system memory ========================
22:33:03.0740 0x15c8 System memory - ok
22:33:03.0740 0x15c8 ================ Scan services =============================
22:33:03.0989 0x15c8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:33:04.0052 0x15c8 1394ohci - ok
22:33:04.0067 0x15c8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:33:04.0083 0x15c8 ACPI - ok
22:33:04.0114 0x15c8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:33:04.0145 0x15c8 AcpiPmi - ok
22:33:04.0208 0x15c8 [ 34400005DE52842C4D6D4EE978B4D7CE, E7C3121812284B9FE6A12910C67C98354BAF5DB74865A5B4E0C2E64852BDB50A ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
22:33:04.0208 0x15c8 AdobeActiveFileMonitor8.0 - ok
22:33:04.0301 0x15c8 [ 11A52CF7B265631DEEB24C6149309EFF, CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:33:04.0317 0x15c8 AdobeARMservice - ok
22:33:04.0410 0x15c8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:33:04.0426 0x15c8 adp94xx - ok
22:33:04.0457 0x15c8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:33:04.0473 0x15c8 adpahci - ok
22:33:04.0488 0x15c8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:33:04.0488 0x15c8 adpu320 - ok
22:33:04.0520 0x15c8 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:33:04.0551 0x15c8 AeLookupSvc - ok
22:33:04.0598 0x15c8 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
22:33:04.0660 0x15c8 AFD - ok
22:33:04.0676 0x15c8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
22:33:04.0691 0x15c8 agp440 - ok
22:33:04.0722 0x15c8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
22:33:04.0738 0x15c8 ALG - ok
22:33:04.0769 0x15c8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
22:33:04.0800 0x15c8 aliide - ok
22:33:04.0816 0x15c8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
22:33:04.0847 0x15c8 amdide - ok
22:33:04.0847 0x15c8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:33:04.0863 0x15c8 AmdK8 - ok
22:33:04.0878 0x15c8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:33:04.0894 0x15c8 AmdPPM - ok
22:33:04.0925 0x15c8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:33:04.0941 0x15c8 amdsata - ok
22:33:04.0956 0x15c8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:33:04.0972 0x15c8 amdsbs - ok
22:33:04.0988 0x15c8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:33:05.0003 0x15c8 amdxata - ok
22:33:05.0019 0x15c8 [ 6474F8823C7188D2DA579F01FB6CED6B, 81D4E9D026CA60FB8840D520D151B8C2F4745A75DF90A4D6C80641F1A23AB605 ] AppID C:\Windows\system32\drivers\appid.sys
22:33:05.0034 0x15c8 AppID - ok
22:33:05.0050 0x15c8 [ 8F58BA1F7772D6D7CE45F03309608001, CDB109E0DD241042C058F7D81A1BDEBC34435CB2DC4A7A7A3692193DD5806097 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:33:05.0066 0x15c8 AppIDSvc - ok
22:33:05.0081 0x15c8 [ B62867835B41BCD839D9896AB4D7DF09, 98036D0202DB6171E90485898175833AC44873A85E6453EBE928E433B364CE07 ] Appinfo C:\Windows\System32\appinfo.dll
22:33:05.0097 0x15c8 Appinfo - ok
22:33:05.0128 0x15c8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:33:05.0128 0x15c8 arc - ok
22:33:05.0144 0x15c8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:33:05.0144 0x15c8 arcsas - ok
22:33:05.0253 0x15c8 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:33:05.0284 0x15c8 aspnet_state - ok
22:33:05.0300 0x15c8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:33:05.0346 0x15c8 AsyncMac - ok
22:33:05.0378 0x15c8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
22:33:05.0393 0x15c8 atapi - ok
22:33:05.0580 0x15c8 [ 3EFD964D52221360AF0673CD61C2F4F5, 76D636CAF2E4FEDAAC6B0D958865A901340CF836EE4FCE59F1D5291E3BEC9F1E ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
22:33:05.0705 0x15c8 atikmdag - ok
22:33:05.0752 0x15c8 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:33:05.0783 0x15c8 AudioEndpointBuilder - ok
22:33:05.0814 0x15c8 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:33:05.0830 0x15c8 AudioSrv - ok
22:33:05.0924 0x15c8 [ 4ADA37B33B052515D8D9170408E6628B, 3563490568EE6B5C4EE716074DA59E43B51618614401E6E2864095CB49FC3028 ] AvgAMPS C:\Program Files (x86)\AVG\Av\avgamps.exe
22:33:05.0955 0x15c8 AvgAMPS - ok
22:33:06.0017 0x15c8 [ 3BF8CE64524E6249469F4EE69EBD10F9, B01CE4290235AA487126483B1CA233868605A3765FA47932278558BDE227E62C ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
22:33:06.0033 0x15c8 Avgdiska - ok
22:33:06.0189 0x15c8 [ E3956404CF31D0BC69C45033971AE1F9, F4048B0F8743A6567ECE4428CB60BE740C4B1CDAF1F30664768B55855E4D61EF ] AVGIDSAgent C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
22:33:06.0314 0x15c8 AVGIDSAgent - ok
22:33:06.0360 0x15c8 [ 40A057A0EE883F700968B658356E1A6F, 882060AB4B8498CEE061D55A08DD82EB54F7934810D931AA02FDE3C6B0EF40D7 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:33:06.0376 0x15c8 AVGIDSDriver - ok
22:33:06.0407 0x15c8 [ D54A730B8DA065C33901737446D7C006, 5054DE9BD322D8D794AC69A8F2FA91C6FA0D82CB67047796114DB958AB7A9771 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
22:33:06.0423 0x15c8 AVGIDSHA - ok
22:33:06.0454 0x15c8 [ EF29083E562CF4283503A550DA31EA80, F7B257E0962F5CBE3A3C54A1F7159D0DA6D7DF6E7DFFBD873BDE44713569C96A ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
22:33:06.0470 0x15c8 Avgldx64 - ok
22:33:06.0501 0x15c8 [ 301E95F388C93D3C73EE35E3693C6A97, 512BA2905EDCC900B12037701A120EE527A14894BF562610F3CF57A65D20FCD5 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
22:33:06.0532 0x15c8 Avgloga - ok
22:33:06.0548 0x15c8 [ 0E1CAF2EF339C9C3C3AFD574541A661F, 85AAA367134826A41EB84F549AE27AE9A3B0AA5BA1EA23C07B352B2B84E20E81 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
22:33:06.0563 0x15c8 Avgmfx64 - ok
22:33:06.0610 0x15c8 [ 6F5CD5907DA028D61E7D2F39557370E4, 6B2046F30219DF0F8F7B9250DECFA1D4DAFFEEBC899E3C38228D5809A2A1107E ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
22:33:06.0626 0x15c8 Avgrkx64 - ok
22:33:06.0688 0x15c8 [ A106D879B42E60FD33E8E3B7E3FFEA19, CAADA9D3E5507652923ADC8278F76FFE3BD5C4CA23F90D5EC5976915B0260F2A ] avgsvc C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
22:33:06.0719 0x15c8 avgsvc - ok
22:33:06.0766 0x15c8 [ 66B4C2719D60DF8164D226756F3113BB, 94E6DEA8A931B17F9344AA96F53BF8F6D274DB31200D0DEEA02BC162B9A241B7 ] avguniva C:\Windows\system32\DRIVERS\avguniva.sys
22:33:06.0766 0x15c8 avguniva - ok
22:33:06.0828 0x15c8 [ B66D7B5AC9A227117ADF4FEBB40636BB, 2CB5F73327BF4896D503A31AA297841BF894CCC9CA90466379D54A0938CC847B ] avgwd C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
22:33:06.0844 0x15c8 avgwd - ok
22:33:06.0906 0x15c8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:33:06.0938 0x15c8 AxInstSV - ok
22:33:06.0969 0x15c8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:33:07.0000 0x15c8 b06bdrv - ok
22:33:07.0000 0x15c8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:33:07.0031 0x15c8 b57nd60a - ok
22:33:07.0078 0x15c8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
22:33:07.0094 0x15c8 BDESVC - ok
22:33:07.0109 0x15c8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
22:33:07.0140 0x15c8 Beep - ok
22:33:07.0203 0x15c8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
22:33:07.0265 0x15c8 BFE - ok
22:33:07.0312 0x15c8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
22:33:07.0390 0x15c8 BITS - ok
22:33:07.0406 0x15c8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:33:07.0421 0x15c8 blbdrive - ok
22:33:07.0468 0x15c8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:33:07.0484 0x15c8 bowser - ok
22:33:07.0515 0x15c8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:33:07.0530 0x15c8 BrFiltLo - ok
22:33:07.0530 0x15c8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:33:07.0546 0x15c8 BrFiltUp - ok
22:33:07.0577 0x15c8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
22:33:07.0608 0x15c8 Browser - ok
22:33:07.0640 0x15c8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:33:07.0671 0x15c8 Brserid - ok
22:33:07.0686 0x15c8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:33:07.0702 0x15c8 BrSerWdm - ok
22:33:07.0702 0x15c8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:33:07.0718 0x15c8 BrUsbMdm - ok
22:33:07.0733 0x15c8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:33:07.0749 0x15c8 BrUsbSer - ok
22:33:07.0764 0x15c8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:33:07.0780 0x15c8 BTHMODEM - ok
22:33:07.0780 0x15c8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
22:33:07.0811 0x15c8 bthserv - ok
22:33:07.0842 0x15c8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:33:07.0874 0x15c8 cdfs - ok
22:33:07.0920 0x15c8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:33:07.0952 0x15c8 cdrom - ok
22:33:07.0967 0x15c8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
22:33:07.0998 0x15c8 CertPropSvc - ok
22:33:08.0030 0x15c8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:33:08.0045 0x15c8 circlass - ok
22:33:08.0076 0x15c8 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
22:33:08.0108 0x15c8 CLFS - ok
22:33:08.0295 0x15c8 [ 14E5789984C4817C430A48B94519CE0B, 34C53D6E31FAF6AF10ADEECAF3CCFFD97813441033C0CFC3B830273C148EEC3A ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
22:33:08.0357 0x15c8 ClickToRunSvc - ok
22:33:08.0420 0x15c8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:33:08.0451 0x15c8 clr_optimization_v2.0.50727_32 - ok
22:33:08.0482 0x15c8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:33:08.0513 0x15c8 clr_optimization_v2.0.50727_64 - ok
22:33:08.0560 0x15c8 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:33:08.0576 0x15c8 clr_optimization_v4.0.30319_32 - ok
22:33:08.0591 0x15c8 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:33:08.0607 0x15c8 clr_optimization_v4.0.30319_64 - ok
22:33:08.0622 0x15c8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:33:08.0638 0x15c8 CmBatt - ok
22:33:08.0654 0x15c8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:33:08.0654 0x15c8 cmdide - ok
22:33:08.0700 0x15c8 [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG C:\Windows\system32\Drivers\cng.sys
22:33:08.0732 0x15c8 CNG - ok
22:33:08.0747 0x15c8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:33:08.0747 0x15c8 Compbatt - ok
22:33:08.0778 0x15c8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:33:08.0794 0x15c8 CompositeBus - ok
22:33:08.0794 0x15c8 COMSysApp - ok
22:33:08.0810 0x15c8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:33:08.0825 0x15c8 crcdisk - ok
22:33:08.0841 0x15c8 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:33:08.0856 0x15c8 CryptSvc - ok
22:33:08.0981 0x15c8 [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:33:09.0028 0x15c8 cvhsvc - ok
22:33:09.0059 0x15c8 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch C:\Windows\system32\rpcss.dll
22:33:09.0090 0x15c8 DcomLaunch - ok
22:33:09.0106 0x15c8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
22:33:09.0153 0x15c8 defragsvc - ok
22:33:09.0200 0x15c8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:33:09.0231 0x15c8 DfsC - ok
22:33:09.0262 0x15c8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:33:09.0309 0x15c8 Dhcp - ok
22:33:09.0418 0x15c8 [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll
22:33:09.0465 0x15c8 DiagTrack - ok
22:33:09.0480 0x15c8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
22:33:09.0512 0x15c8 discache - ok
22:33:09.0543 0x15c8 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys
22:33:09.0558 0x15c8 Disk - ok
22:33:09.0590 0x15c8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:33:09.0621 0x15c8 Dnscache - ok
22:33:09.0636 0x15c8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
22:33:09.0683 0x15c8 dot3svc - ok
22:33:09.0699 0x15c8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
22:33:09.0730 0x15c8 DPS - ok
22:33:09.0777 0x15c8 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:33:09.0777 0x15c8 drmkaud - ok
22:33:09.0824 0x15c8 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:33:09.0870 0x15c8 DXGKrnl - ok
22:33:09.0902 0x15c8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
22:33:09.0933 0x15c8 EapHost - ok
22:33:10.0026 0x15c8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:33:10.0151 0x15c8 ebdrv - ok
22:33:10.0182 0x15c8 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] EFS C:\Windows\System32\lsass.exe
22:33:10.0214 0x15c8 EFS - ok
22:33:10.0307 0x15c8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:33:10.0385 0x15c8 ehRecvr - ok
22:33:10.0401 0x15c8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
22:33:10.0416 0x15c8 ehSched - ok
22:33:10.0432 0x15c8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:33:10.0463 0x15c8 elxstor - ok
22:33:10.0494 0x15c8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:33:10.0510 0x15c8 ErrDev - ok
22:33:10.0557 0x15c8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
22:33:10.0604 0x15c8 EventSystem - ok
22:33:10.0619 0x15c8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
22:33:10.0650 0x15c8 exfat - ok
22:33:10.0682 0x15c8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:33:10.0713 0x15c8 fastfat - ok
22:33:10.0760 0x15c8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
22:33:10.0791 0x15c8 Fax - ok
22:33:10.0791 0x15c8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:33:10.0806 0x15c8 fdc - ok
22:33:10.0806 0x15c8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
22:33:10.0838 0x15c8 fdPHost - ok
22:33:10.0838 0x15c8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
22:33:10.0869 0x15c8 FDResPub - ok
22:33:10.0900 0x15c8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:33:10.0916 0x15c8 FileInfo - ok
22:33:10.0931 0x15c8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:33:10.0962 0x15c8 Filetrace - ok
22:33:11.0009 0x15c8 [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:33:11.0025 0x15c8 FLEXnet Licensing Service - ok
22:33:11.0040 0x15c8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:33:11.0056 0x15c8 flpydisk - ok
22:33:11.0087 0x15c8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:33:11.0103 0x15c8 FltMgr - ok
22:33:11.0165 0x15c8 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
22:33:11.0228 0x15c8 FontCache - ok
22:33:11.0274 0x15c8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:33:11.0274 0x15c8 FontCache3.0.0.0 - ok
22:33:11.0290 0x15c8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:33:11.0306 0x15c8 FsDepends - ok
22:33:11.0337 0x15c8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:33:11.0337 0x15c8 Fs_Rec - ok
22:33:11.0384 0x15c8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:33:11.0399 0x15c8 fvevol - ok
22:33:11.0399 0x15c8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:33:11.0415 0x15c8 gagp30kx - ok
22:33:11.0477 0x15c8 [ CE16683CFD11FE70BDE435DDA5EA1FCA, 43D850361F2B5C9389F7FABC3C62BD1517349C03834F436579DD01CFD09919F4 ] GameConsoleService C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
22:33:11.0493 0x15c8 GameConsoleService - ok
22:33:11.0524 0x15c8 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll
22:33:11.0571 0x15c8 gpsvc - ok
22:33:11.0602 0x15c8 [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
22:33:11.0618 0x15c8 GREGService - ok
22:33:11.0633 0x15c8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:33:11.0633 0x15c8 hcw85cir - ok
22:33:11.0680 0x15c8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:33:11.0711 0x15c8 HdAudAddService - ok
22:33:11.0742 0x15c8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:33:11.0758 0x15c8 HDAudBus - ok
22:33:11.0774 0x15c8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:33:11.0789 0x15c8 HidBatt - ok
22:33:11.0805 0x15c8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:33:11.0820 0x15c8 HidBth - ok
22:33:11.0836 0x15c8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:33:11.0852 0x15c8 HidIr - ok
22:33:11.0883 0x15c8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
22:33:11.0914 0x15c8 hidserv - ok
22:33:11.0961 0x15c8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:33:11.0976 0x15c8 HidUsb - ok
22:33:12.0008 0x15c8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:33:12.0039 0x15c8 hkmsvc - ok
22:33:12.0070 0x15c8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:33:12.0086 0x15c8 HomeGroupListener - ok
22:33:12.0101 0x15c8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:33:12.0117 0x15c8 HomeGroupProvider - ok
22:33:12.0132 0x15c8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:33:12.0132 0x15c8 HpSAMD - ok
22:33:12.0195 0x15c8 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:33:12.0242 0x15c8 HTTP - ok
22:33:12.0273 0x15c8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:33:12.0273 0x15c8 hwpolicy - ok
22:33:12.0320 0x15c8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:33:12.0320 0x15c8 i8042prt - ok
22:33:12.0382 0x15c8 [ 660BF3255A1EB18ED803FD2FBA6AE400, 74A77E9828D62F2821D398EAA84BB15BF093EAD1BD5A7824362ED3D1A063C509 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:33:12.0398 0x15c8 IAANTMON - ok
22:33:12.0429 0x15c8 [ BF5442DC14608D18949DC83DE37E667A, 3E46E3AD4FA63738F32A9AA51AFFECD93F96955BFDF8FD9288071AF58608E52E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:33:12.0444 0x15c8 iaStor - ok
22:33:12.0491 0x15c8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:33:12.0507 0x15c8 iaStorV - ok
22:33:12.0554 0x15c8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:33:12.0585 0x15c8 idsvc - ok
22:33:12.0647 0x15c8 IEEtwCollectorService - ok
22:33:12.0678 0x15c8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:33:12.0694 0x15c8 iirsp - ok
22:33:12.0756 0x15c8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
22:33:12.0803 0x15c8 IKEEXT - ok
22:33:12.0928 0x15c8 [ 2E3B99E8C23BE2BF32EBE1DB5261F275, F78C556A5152568301E8F8A2B02B154D802448D5402AB916AF8F59A95FDF479D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:33:13.0037 0x15c8 IntcAzAudAddService - ok
22:33:13.0100 0x15c8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
22:33:13.0115 0x15c8 intelide - ok
22:33:13.0131 0x15c8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:33:13.0146 0x15c8 intelppm - ok
22:33:13.0162 0x15c8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:33:13.0193 0x15c8 IPBusEnum - ok
22:33:13.0224 0x15c8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:33:13.0256 0x15c8 IpFilterDriver - ok
22:33:13.0287 0x15c8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:33:13.0318 0x15c8 iphlpsvc - ok
22:33:13.0334 0x15c8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:33:13.0349 0x15c8 IPMIDRV - ok
22:33:13.0365 0x15c8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:33:13.0396 0x15c8 IPNAT - ok
22:33:13.0427 0x15c8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:33:13.0443 0x15c8 IRENUM - ok
22:33:13.0458 0x15c8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:33:13.0458 0x15c8 isapnp - ok
22:33:13.0505 0x15c8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:33:13.0521 0x15c8 iScsiPrt - ok
22:33:13.0536 0x15c8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:33:13.0552 0x15c8 kbdclass - ok
22:33:13.0583 0x15c8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:33:13.0599 0x15c8 kbdhid - ok
22:33:13.0614 0x15c8 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] KeyIso C:\Windows\system32\lsass.exe
22:33:13.0630 0x15c8 KeyIso - ok
22:33:13.0661 0x15c8 [ 3974E5264A0481600370C5BEED061DDF, 6365DC2B3ECAF462F98481103F47B7550688D1A3AE96C88FDBCB3ED3BBB76EB6 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:33:13.0661 0x15c8 KSecDD - ok
22:33:13.0677 0x15c8 [ 6E85615A86FE86E76DAE49BF9F227483, 825F9906910C33A36D04D805402A8C0C8E09232407E077B85282E3208A9BFC25 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:33:13.0692 0x15c8 KSecPkg - ok
22:33:13.0708 0x15c8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:33:13.0739 0x15c8 ksthunk - ok
22:33:13.0770 0x15c8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
22:33:13.0817 0x15c8 KtmRm - ok
22:33:13.0833 0x15c8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:33:13.0864 0x15c8 LanmanServer - ok
22:33:13.0880 0x15c8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:33:13.0911 0x15c8 LanmanWorkstation - ok
22:33:13.0942 0x15c8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:33:13.0973 0x15c8 lltdio - ok
22:33:14.0004 0x15c8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:33:14.0051 0x15c8 lltdsvc - ok
22:33:14.0051 0x15c8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:33:14.0082 0x15c8 lmhosts - ok
22:33:14.0114 0x15c8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:33:14.0129 0x15c8 LSI_FC - ok
22:33:14.0145 0x15c8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:33:14.0145 0x15c8 LSI_SAS - ok
22:33:14.0176 0x15c8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:33:14.0176 0x15c8 LSI_SAS2 - ok
22:33:14.0223 0x15c8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:33:14.0238 0x15c8 LSI_SCSI - ok
22:33:14.0270 0x15c8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
22:33:14.0301 0x15c8 luafv - ok
22:33:14.0332 0x15c8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:33:14.0348 0x15c8 Mcx2Svc - ok
22:33:14.0363 0x15c8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:33:14.0379 0x15c8 megasas - ok
22:33:14.0394 0x15c8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:33:14.0410 0x15c8 MegaSR - ok
22:33:14.0441 0x15c8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
22:33:14.0472 0x15c8 MMCSS - ok
22:33:14.0488 0x15c8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
22:33:14.0519 0x15c8 Modem - ok
22:33:14.0566 0x15c8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:33:14.0597 0x15c8 monitor - ok
22:33:14.0613 0x15c8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:33:14.0628 0x15c8 mouclass - ok
22:33:14.0644 0x15c8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:33:14.0660 0x15c8 mouhid - ok
22:33:14.0706 0x15c8 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:33:14.0738 0x15c8 mountmgr - ok
22:33:14.0753 0x15c8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
22:33:14.0784 0x15c8 mpio - ok
22:33:14.0800 0x15c8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:33:14.0831 0x15c8 mpsdrv - ok
22:33:14.0894 0x15c8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:33:14.0940 0x15c8 MpsSvc - ok
22:33:14.0987 0x15c8 [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:33:15.0003 0x15c8 MRxDAV - ok
22:33:15.0034 0x15c8 [ 10112D850C844606419C79EE24EE6016, 1668F47ED9C31D805542646A0AD6E572C3547FF822F5BCDF1BB3F521714F8B85 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:33:15.0081 0x15c8 mrxsmb - ok
22:33:15.0096 0x15c8 [ DCC4343B422A13B42C7678998449CE8A, 9C143543DC9B21A15C5E86640464A3A78C5E820857D0A6BE05D4FBC20D0BF866 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:33:15.0128 0x15c8 mrxsmb10 - ok
22:33:15.0143 0x15c8 [ 46C4F5BEE8D98BB1688752EAD0ABB7C0, C744F39E462798DC98D1C4603758AC43DB4A7961F3BAF9E5ABA22AD905E012F8 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:33:15.0159 0x15c8 mrxsmb20 - ok
22:33:15.0190 0x15c8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
22:33:15.0190 0x15c8 msahci - ok
22:33:15.0221 0x15c8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:33:15.0237 0x15c8 msdsm - ok
22:33:15.0252 0x15c8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
22:33:15.0268 0x15c8 MSDTC - ok
22:33:15.0284 0x15c8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:33:15.0315 0x15c8 Msfs - ok
22:33:15.0330 0x15c8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:33:15.0346 0x15c8 mshidkmdf - ok
22:33:15.0393 0x15c8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:33:15.0408 0x15c8 msisadrv - ok
22:33:15.0440 0x15c8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:33:15.0486 0x15c8 MSiSCSI - ok
22:33:15.0486 0x15c8 msiserver - ok
22:33:15.0502 0x15c8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:33:15.0533 0x15c8 MSKSSRV - ok
22:33:15.0549 0x15c8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:33:15.0580 0x15c8 MSPCLOCK - ok
22:33:15.0580 0x15c8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:33:15.0611 0x15c8 MSPQM - ok
22:33:15.0642 0x15c8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:33:15.0658 0x15c8 MsRPC - ok
22:33:15.0689 0x15c8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:33:15.0705 0x15c8 mssmbios - ok
22:33:15.0705 0x15c8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:33:15.0736 0x15c8 MSTEE - ok
22:33:15.0736 0x15c8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:33:15.0752 0x15c8 MTConfig - ok
22:33:15.0752 0x15c8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
22:33:15.0767 0x15c8 Mup - ok
22:33:15.0798 0x15c8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
22:33:15.0845 0x15c8 napagent - ok
22:33:15.0861 0x15c8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:33:15.0876 0x15c8 NativeWifiP - ok
22:33:15.0954 0x15c8 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:33:16.0032 0x15c8 NDIS - ok
22:33:16.0032 0x15c8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:33:16.0064 0x15c8 NdisCap - ok
22:33:16.0095 0x15c8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:33:16.0126 0x15c8 NdisTapi - ok
22:33:16.0173 0x15c8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:33:16.0204 0x15c8 Ndisuio - ok
22:33:16.0220 0x15c8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:33:16.0251 0x15c8 NdisWan - ok
22:33:16.0282 0x15c8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:33:16.0329 0x15c8 NDProxy - ok
22:33:16.0422 0x15c8 [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
22:33:16.0469 0x15c8 Nero BackItUp Scheduler 4.0 - ok
22:33:16.0485 0x15c8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:33:16.0500 0x15c8 NetBIOS - ok
22:33:16.0532 0x15c8 [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:33:16.0563 0x15c8 NetBT - ok
22:33:16.0578 0x15c8 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] Netlogon C:\Windows\system32\lsass.exe
22:33:16.0578 0x15c8 Netlogon - ok
22:33:16.0610 0x15c8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
22:33:16.0641 0x15c8 Netman - ok
22:33:16.0688 0x15c8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:16.0703 0x15c8 NetMsmqActivator - ok
22:33:16.0734 0x15c8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:16.0734 0x15c8 NetPipeActivator - ok
22:33:16.0766 0x15c8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
22:33:16.0812 0x15c8 netprofm - ok
22:33:16.0828 0x15c8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:16.0844 0x15c8 NetTcpActivator - ok
22:33:16.0859 0x15c8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:16.0859 0x15c8 NetTcpPortSharing - ok
22:33:16.0875 0x15c8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:33:16.0890 0x15c8 nfrd960 - ok
22:33:16.0922 0x15c8 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:33:16.0953 0x15c8 NlaSvc - ok
22:33:16.0953 0x15c8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:33:16.0984 0x15c8 Npfs - ok
22:33:17.0000 0x15c8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
22:33:17.0031 0x15c8 nsi - ok
22:33:17.0046 0x15c8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:33:17.0062 0x15c8 nsiproxy - ok
22:33:17.0156 0x15c8 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:33:17.0218 0x15c8 Ntfs - ok
22:33:17.0234 0x15c8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
22:33:17.0265 0x15c8 Null - ok
22:33:17.0312 0x15c8 [ E20ABD5B229760158F753CA90B97E090, 9970A8ECFA13647B4F2032CB3C21C48458B5ED137254E3FB9C9B93E4A0EBD709 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:33:17.0343 0x15c8 NVHDA - ok
22:33:17.0655 0x15c8 [ FCBA1C22727939E7CFF9EB08FE9692AB, 081FBF38EA17746C5CF2260AD32B62385D4A075476E30CBB9A2AA080F8AA0CA4 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:33:18.0014 0x15c8 nvlddmkm - ok
22:33:18.0060 0x15c8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:33:18.0076 0x15c8 nvraid - ok
22:33:18.0123 0x15c8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:33:18.0138 0x15c8 nvstor - ok
22:33:18.0185 0x15c8 [ 10C232F6CFFD51D2332898AE7AE0FF23, 92E5452D8467852C22D702ACAFB5DBFD312A8F72A4353B8D0A9C18AEFCE4B2B2 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:33:18.0216 0x15c8 nvsvc - ok
22:33:18.0294 0x15c8 [ 4789E020D2617046862D1790FC235FF6, FCFD56DF2CADA830E7B2D4B91D5A9D2FE783B1396CBA124000765168FA5B6574 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:33:18.0357 0x15c8 nvUpdatusService - ok
22:33:18.0372 0x15c8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:33:18.0388 0x15c8 nv_agp - ok
22:33:18.0419 0x15c8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:33:18.0435 0x15c8 ohci1394 - ok
22:33:18.0466 0x15c8 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:33:18.0482 0x15c8 ose - ok
22:33:18.0684 0x15c8 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:33:18.0856 0x15c8 osppsvc - ok
22:33:18.0887 0x15c8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:33:18.0918 0x15c8 p2pimsvc - ok
22:33:18.0934 0x15c8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
22:33:18.0965 0x15c8 p2psvc - ok
22:33:18.0981 0x15c8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:33:18.0996 0x15c8 Parport - ok
22:33:19.0028 0x15c8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:33:19.0043 0x15c8 partmgr - ok
22:33:19.0059 0x15c8 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:33:19.0090 0x15c8 PcaSvc - ok
22:33:19.0106 0x15c8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
22:33:19.0121 0x15c8 pci - ok
22:33:19.0152 0x15c8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
22:33:19.0152 0x15c8 pciide - ok
22:33:19.0168 0x15c8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:33:19.0184 0x15c8 pcmcia - ok
22:33:19.0199 0x15c8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
22:33:19.0215 0x15c8 pcw - ok
22:33:19.0246 0x15c8 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:33:19.0262 0x15c8 PEAUTH - ok
22:33:19.0340 0x15c8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:33:19.0371 0x15c8 PerfHost - ok
22:33:19.0433 0x15c8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
22:33:19.0511 0x15c8 pla - ok
22:33:19.0574 0x15c8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:33:19.0589 0x15c8 PlugPlay - ok
22:33:19.0605 0x15c8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:33:19.0620 0x15c8 PNRPAutoReg - ok
22:33:19.0620 0x15c8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:33:19.0636 0x15c8 PNRPsvc - ok
22:33:19.0698 0x15c8 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:33:19.0730 0x15c8 PolicyAgent - ok
22:33:19.0745 0x15c8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
22:33:19.0776 0x15c8 Power - ok
22:33:19.0823 0x15c8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:33:19.0870 0x15c8 PptpMiniport - ok
22:33:19.0886 0x15c8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:33:19.0901 0x15c8 Processor - ok
22:33:19.0917 0x15c8 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
22:33:19.0948 0x15c8 ProfSvc - ok
22:33:19.0948 0x15c8 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:33:19.0964 0x15c8 ProtectedStorage - ok
22:33:20.0010 0x15c8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:33:20.0042 0x15c8 Psched - ok
22:33:20.0073 0x15c8 [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:33:20.0073 0x15c8 PxHlpa64 - ok
22:33:20.0135 0x15c8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:33:20.0198 0x15c8 ql2300 - ok
22:33:20.0213 0x15c8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:33:20.0229 0x15c8 ql40xx - ok
22:33:20.0260 0x15c8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
22:33:20.0276 0x15c8 QWAVE - ok
22:33:20.0291 0x15c8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:33:20.0307 0x15c8 QWAVEdrv - ok
22:33:20.0322 0x15c8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:33:20.0354 0x15c8 RasAcd - ok
22:33:20.0369 0x15c8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:33:20.0400 0x15c8 RasAgileVpn - ok
22:33:20.0416 0x15c8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
22:33:20.0447 0x15c8 RasAuto - ok
22:33:20.0478 0x15c8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:33:20.0510 0x15c8 Rasl2tp - ok
22:33:20.0541 0x15c8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
22:33:20.0588 0x15c8 RasMan - ok
22:33:20.0603 0x15c8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:33:20.0634 0x15c8 RasPppoe - ok
22:33:20.0634 0x15c8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:33:20.0666 0x15c8 RasSstp - ok
22:33:20.0697 0x15c8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:33:20.0744 0x15c8 rdbss - ok
22:33:20.0775 0x15c8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:33:20.0790 0x15c8 rdpbus - ok
22:33:20.0806 0x15c8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:33:20.0837 0x15c8 RDPCDD - ok
22:33:20.0837 0x15c8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:33:20.0868 0x15c8 RDPENCDD - ok
22:33:20.0868 0x15c8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:33:20.0900 0x15c8 RDPREFMP - ok
22:33:20.0931 0x15c8 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:33:20.0946 0x15c8 RDPWD - ok
22:33:20.0993 0x15c8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:33:20.0993 0x15c8 rdyboost - ok
22:33:21.0024 0x15c8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:33:21.0056 0x15c8 RemoteAccess - ok
22:33:21.0056 0x15c8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:33:21.0102 0x15c8 RemoteRegistry - ok
22:33:21.0118 0x15c8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:33:21.0149 0x15c8 RpcEptMapper - ok
22:33:21.0180 0x15c8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
22:33:21.0180 0x15c8 RpcLocator - ok
22:33:21.0212 0x15c8 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs C:\Windows\system32\rpcss.dll
22:33:21.0243 0x15c8 RpcSs - ok
22:33:21.0243 0x15c8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:33:21.0274 0x15c8 rspndr - ok
22:33:21.0321 0x15c8 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A, 9F6CFBE7E64A63E0AFEF546C4B8D889657B2055CE80279EA1B63EB5650E730F8 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:33:21.0336 0x15c8 RTL8167 - ok
22:33:21.0352 0x15c8 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] SamSs C:\Windows\system32\lsass.exe
22:33:21.0368 0x15c8 SamSs - ok
22:33:21.0399 0x15c8 [ B7A4102FCA57F022CF69E3E1EAD61421, 75B70A96925E855E07AE3A364D9CA7A433A7FEB4185891F4124BA64D490C24F3 ] SamsungUPDUtilSvc C:\Windows\SysWOW64\SecUPDUtilSvc.exe
22:33:21.0414 0x15c8 SamsungUPDUtilSvc - ok
22:33:21.0446 0x15c8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:33:21.0461 0x15c8 sbp2port - ok
22:33:21.0492 0x15c8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:33:21.0524 0x15c8 SCardSvr - ok
22:33:21.0539 0x15c8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:33:21.0570 0x15c8 scfilter - ok
22:33:21.0602 0x15c8 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
22:33:21.0664 0x15c8 Schedule - ok
22:33:21.0664 0x15c8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:33:21.0695 0x15c8 SCPolicySvc - ok
22:33:21.0711 0x15c8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:33:21.0726 0x15c8 SDRSVC - ok
22:33:21.0851 0x15c8 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
22:33:21.0898 0x15c8 SDScannerService - ok
22:33:21.0960 0x15c8 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:33:22.0007 0x15c8 SDUpdateService - ok
22:33:22.0038 0x15c8 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:33:22.0038 0x15c8 SDWSCService - ok
22:33:22.0070 0x15c8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:33:22.0085 0x15c8 secdrv - ok
22:33:22.0101 0x15c8 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
22:33:22.0116 0x15c8 seclogon - ok
22:33:22.0132 0x15c8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
22:33:22.0163 0x15c8 SENS - ok
22:33:22.0179 0x15c8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:33:22.0194 0x15c8 SensrSvc - ok
22:33:22.0210 0x15c8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:33:22.0226 0x15c8 Serenum - ok
22:33:22.0241 0x15c8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:33:22.0257 0x15c8 Serial - ok
22:33:22.0272 0x15c8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:33:22.0288 0x15c8 sermouse - ok
22:33:22.0319 0x15c8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
22:33:22.0350 0x15c8 SessionEnv - ok
22:33:22.0382 0x15c8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:33:22.0397 0x15c8 sffdisk - ok
22:33:22.0413 0x15c8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:33:22.0428 0x15c8 sffp_mmc - ok
22:33:22.0428 0x15c8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:33:22.0444 0x15c8 sffp_sd - ok
22:33:22.0460 0x15c8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:33:22.0460 0x15c8 sfloppy - ok
22:33:22.0506 0x15c8 [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:33:22.0538 0x15c8 Sftfs - ok
22:33:22.0600 0x15c8 [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:33:22.0631 0x15c8 sftlist - ok
22:33:22.0678 0x15c8 [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:33:22.0709 0x15c8 Sftplay - ok
22:33:22.0725 0x15c8 [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:33:22.0740 0x15c8 Sftredir - ok
22:33:22.0756 0x15c8 [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:33:22.0756 0x15c8 Sftvol - ok
22:33:22.0803 0x15c8 [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:33:22.0818 0x15c8 sftvsa - ok
22:33:22.0850 0x15c8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:33:22.0881 0x15c8 SharedAccess - ok
22:33:22.0912 0x15c8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:33:22.0943 0x15c8 ShellHWDetection - ok
22:33:22.0959 0x15c8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:33:22.0959 0x15c8 SiSRaid2 - ok
22:33:22.0974 0x15c8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:33:22.0974 0x15c8 SiSRaid4 - ok
22:33:22.0990 0x15c8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:33:23.0037 0x15c8 Smb - ok
22:33:23.0052 0x15c8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:33:23.0052 0x15c8 SNMPTRAP - ok
22:33:23.0068 0x15c8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
22:33:23.0084 0x15c8 spldr - ok
22:33:23.0115 0x15c8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
22:33:23.0146 0x15c8 Spooler - ok
22:33:23.0271 0x15c8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
22:33:23.0411 0x15c8 sppsvc - ok
22:33:23.0427 0x15c8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:33:23.0458 0x15c8 sppuinotify - ok
22:33:23.0505 0x15c8 [ F2F4B895296EE3ECCE781CC2A296A5D1, 126321EDDA8141A42DBE7C90675948433063E6D5B6DEFD805AA0797C95A461EE ] srv C:\Windows\system32\DRIVERS\srv.sys
22:33:23.0552 0x15c8 srv - ok
22:33:23.0567 0x15c8 [ FD0008BEDD2723170CCA7D61837DFD52, F9F576FA7B84CAB5180B9080D62B8A00B3E5D5BC73199B11C63193742529227D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:33:23.0583 0x15c8 srv2 - ok
22:33:23.0614 0x15c8 [ 63B5845D9379262083655D5C6AB8DFC5, 1813D2FC41ADCDAC6E3A522373B9DB934CC27B89E7185E0E4FC26E30CDAF1523 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:33:23.0630 0x15c8 srvnet - ok
22:33:23.0645 0x15c8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:33:23.0692 0x15c8 SSDPSRV - ok
22:33:23.0754 0x15c8 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
22:33:23.0770 0x15c8 SSPORT - ok
22:33:23.0786 0x15c8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:33:23.0817 0x15c8 SstpSvc - ok
22:33:23.0895 0x15c8 [ 5A19667A580B1CE886EAF968B9743F45, 0A9EBE4057A0A6EF4732623794C2416A6BD8B87356DA46652BD92762505F57C7 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:33:23.0910 0x15c8 Stereo Service - ok
22:33:23.0926 0x15c8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:33:23.0942 0x15c8 stexstor - ok
22:33:24.0004 0x15c8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
22:33:24.0066 0x15c8 stisvc - ok
22:33:24.0098 0x15c8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
22:33:24.0113 0x15c8 swenum - ok
22:33:24.0129 0x15c8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
22:33:24.0160 0x15c8 swprv - ok
22:33:24.0238 0x15c8 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
22:33:24.0300 0x15c8 SysMain - ok
22:33:24.0347 0x15c8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:33:24.0363 0x15c8 TabletInputService - ok
22:33:24.0378 0x15c8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
22:33:24.0410 0x15c8 TapiSrv - ok
22:33:24.0503 0x15c8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:33:24.0581 0x15c8 Tcpip - ok
22:33:24.0612 0x15c8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:33:24.0659 0x15c8 TCPIP6 - ok
22:33:24.0675 0x15c8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:33:24.0690 0x15c8 tcpipreg - ok
22:33:24.0706 0x15c8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:33:24.0722 0x15c8 TDPIPE - ok
22:33:24.0753 0x15c8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:33:24.0768 0x15c8 TDTCP - ok
22:33:24.0800 0x15c8 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:33:24.0815 0x15c8 tdx - ok
22:33:24.0831 0x15c8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
22:33:24.0831 0x15c8 TermDD - ok
22:33:24.0893 0x15c8 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
22:33:24.0909 0x15c8 TermService - ok
22:33:24.0924 0x15c8 TFsExDisk - ok
22:33:24.0940 0x15c8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
22:33:24.0956 0x15c8 Themes - ok
22:33:24.0971 0x15c8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
22:33:25.0002 0x15c8 THREADORDER - ok
22:33:25.0018 0x15c8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
22:33:25.0049 0x15c8 TrkWks - ok
22:33:25.0096 0x15c8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:33:25.0127 0x15c8 TrustedInstaller - ok
22:33:25.0158 0x15c8 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:33:25.0174 0x15c8 tssecsrv - ok
22:33:25.0205 0x15c8 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:33:25.0236 0x15c8 TsUsbFlt - ok
22:33:25.0283 0x15c8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:33:25.0330 0x15c8 tunnel - ok
22:33:25.0346 0x15c8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:33:25.0361 0x15c8 uagp35 - ok
22:33:25.0392 0x15c8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:33:25.0439 0x15c8 udfs - ok
22:33:25.0455 0x15c8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:33:25.0470 0x15c8 UI0Detect - ok
22:33:25.0486 0x15c8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:33:25.0502 0x15c8 uliagpkx - ok
22:33:25.0548 0x15c8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
22:33:25.0564 0x15c8 umbus - ok
22:33:25.0564 0x15c8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:33:25.0580 0x15c8 UmPass - ok
22:33:25.0642 0x15c8 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
22:33:25.0658 0x15c8 Updater Service - ok
22:33:25.0673 0x15c8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
22:33:25.0704 0x15c8 upnphost - ok
22:33:25.0736 0x15c8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:33:25.0751 0x15c8 usbccgp - ok
22:33:25.0782 0x15c8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:33:25.0798 0x15c8 usbcir - ok
22:33:25.0845 0x15c8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:33:25.0860 0x15c8 usbehci - ok
22:33:25.0876 0x15c8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:33:25.0892 0x15c8 usbhub - ok
22:33:25.0923 0x15c8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:33:25.0923 0x15c8 usbohci - ok
22:33:25.0938 0x15c8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:33:25.0954 0x15c8 usbprint - ok
22:33:26.0001 0x15c8 [ B5E6C4F280EBF0B16F74A5B415F2E0DF, 4B1F7C95F267A29FC8AE4F285E2B19200C7E3F8505B1E75797A7A9EDE4CD1EDE ] USBS3S4Detection C:\OEM\USBDECTION\USBS3S4Detection.exe
22:33:26.0016 0x15c8 USBS3S4Detection - ok
22:33:26.0016 0x15c8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:33:26.0032 0x15c8 usbscan - ok
22:33:26.0063 0x15c8 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:33:26.0094 0x15c8 USBSTOR - ok
22:33:26.0126 0x15c8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:33:26.0141 0x15c8 usbuhci - ok
22:33:26.0157 0x15c8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
22:33:26.0188 0x15c8 UxSms - ok
22:33:26.0219 0x15c8 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] VaultSvc C:\Windows\system32\lsass.exe
22:33:26.0235 0x15c8 VaultSvc - ok
22:33:26.0266 0x15c8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:33:26.0282 0x15c8 vdrvroot - ok
22:33:26.0328 0x15c8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
22:33:26.0360 0x15c8 vds - ok
22:33:26.0375 0x15c8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:33:26.0391 0x15c8 vga - ok
22:33:26.0391 0x15c8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:33:26.0422 0x15c8 VgaSave - ok
22:33:26.0453 0x15c8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:33:26.0469 0x15c8 vhdmp - ok
22:33:26.0500 0x15c8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
22:33:26.0516 0x15c8 viaide - ok
22:33:26.0516 0x15c8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:33:26.0531 0x15c8 volmgr - ok
22:33:26.0562 0x15c8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:33:26.0578 0x15c8 volmgrx - ok
22:33:26.0625 0x15c8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:33:26.0640 0x15c8 volsnap - ok
22:33:26.0656 0x15c8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:33:26.0656 0x15c8 vsmraid - ok
22:33:26.0734 0x15c8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
22:33:26.0796 0x15c8 VSS - ok
22:33:26.0812 0x15c8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:33:26.0843 0x15c8 vwifibus - ok
22:33:26.0874 0x15c8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
22:33:26.0921 0x15c8 W32Time - ok
22:33:26.0937 0x15c8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:33:26.0937 0x15c8 WacomPen - ok
22:33:26.0968 0x15c8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:33:26.0999 0x15c8 WANARP - ok
22:33:26.0999 0x15c8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:33:27.0030 0x15c8 Wanarpv6 - ok
22:33:27.0155 0x15c8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:33:27.0202 0x15c8 WatAdminSvc - ok
22:33:27.0264 0x15c8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
22:33:27.0327 0x15c8 wbengine - ok
22:33:27.0358 0x15c8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:33:27.0374 0x15c8 WbioSrvc - ok
22:33:27.0405 0x15c8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:33:27.0420 0x15c8 wcncsvc - ok
22:33:27.0436 0x15c8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:33:27.0452 0x15c8 WcsPlugInService - ok
22:33:27.0467 0x15c8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:33:27.0483 0x15c8 Wd - ok
22:33:27.0514 0x15c8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:33:27.0545 0x15c8 Wdf01000 - ok
22:33:27.0561 0x15c8 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:33:27.0576 0x15c8 WdiServiceHost - ok
22:33:27.0592 0x15c8 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:33:27.0608 0x15c8 WdiSystemHost - ok
22:33:27.0654 0x15c8 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
22:33:27.0701 0x15c8 WebClient - ok
22:33:27.0717 0x15c8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:33:27.0748 0x15c8 Wecsvc - ok
22:33:27.0764 0x15c8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:33:27.0795 0x15c8 wercplsupport - ok
22:33:27.0810 0x15c8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
22:33:27.0842 0x15c8 WerSvc - ok
22:33:27.0857 0x15c8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:33:27.0873 0x15c8 WfpLwf - ok
22:33:27.0888 0x15c8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:33:27.0904 0x15c8 WIMMount - ok
22:33:27.0920 0x15c8 WinDefend - ok
22:33:27.0935 0x15c8 WinHttpAutoProxySvc - ok
22:33:27.0982 0x15c8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:33:28.0029 0x15c8 Winmgmt - ok
22:33:28.0107 0x15c8 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
22:33:28.0185 0x15c8 WinRM - ok
22:33:28.0247 0x15c8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
22:33:28.0263 0x15c8 WinUsb - ok
22:33:28.0294 0x15c8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:33:28.0341 0x15c8 Wlansvc - ok
22:33:28.0481 0x15c8 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:33:28.0559 0x15c8 wlidsvc - ok
22:33:28.0590 0x15c8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:33:28.0606 0x15c8 WmiAcpi - ok
22:33:28.0622 0x15c8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:33:28.0637 0x15c8 wmiApSrv - ok
22:33:28.0653 0x15c8 WMPNetworkSvc - ok
22:33:28.0668 0x15c8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:33:28.0700 0x15c8 WPCSvc - ok
22:33:28.0731 0x15c8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:33:28.0746 0x15c8 WPDBusEnum - ok
22:33:28.0778 0x15c8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:33:28.0809 0x15c8 ws2ifsl - ok
22:33:28.0824 0x15c8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
22:33:28.0840 0x15c8 wscsvc - ok
22:33:28.0840 0x15c8 WSearch - ok
22:33:28.0934 0x15c8 [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv C:\Windows\system32\wuaueng.dll
22:33:29.0043 0x15c8 wuauserv - ok
22:33:29.0074 0x15c8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:33:29.0090 0x15c8 WudfPf - ok
22:33:29.0121 0x15c8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:33:29.0136 0x15c8 WUDFRd - ok
22:33:29.0168 0x15c8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:33:29.0183 0x15c8 wudfsvc - ok
22:33:29.0214 0x15c8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
22:33:29.0246 0x15c8 WwanSvc - ok
22:33:29.0246 0x15c8 ================ Scan global ===============================
22:33:29.0261 0x15c8 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
22:33:29.0277 0x15c8 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
22:33:29.0292 0x15c8 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
22:33:29.0308 0x15c8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:33:29.0339 0x15c8 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
22:33:29.0355 0x15c8 [ Global ] - ok
22:33:29.0355 0x15c8 ================ Scan MBR ==================================
22:33:29.0370 0x15c8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:33:29.0698 0x15c8 \Device\Harddisk0\DR0 - ok
22:33:29.0698 0x15c8 ================ Scan VBR ==================================
22:33:29.0714 0x15c8 [ 4234C81817DA53CEB7656305472728D5 ] \Device\Harddisk0\DR0\Partition1
22:33:29.0729 0x15c8 \Device\Harddisk0\DR0\Partition1 - ok
22:33:29.0729 0x15c8 [ 1A6FB0E753668DEF5831E795A06E76DE ] \Device\Harddisk0\DR0\Partition2
22:33:29.0776 0x15c8 \Device\Harddisk0\DR0\Partition2 - ok
22:33:29.0792 0x15c8 [ 974860D915B628EA3844BB04AED8DBB6 ] \Device\Harddisk0\DR0\Partition3
22:33:29.0792 0x15c8 \Device\Harddisk0\DR0\Partition3 - ok
22:33:29.0792 0x15c8 ================ Scan generic autorun ======================
22:33:29.0854 0x15c8 [ D1930CA970D4250D891F432419E3D6C9, C839ED92D5BCC293081E05F2B199848C37A478A361BA6C3255421A297211C915 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
22:33:29.0854 0x15c8 IAAnotif - ok
22:33:30.0150 0x15c8 [ 96922E3892E299FED3F2B82FD5DDB99F, 0F01DAC0F6B026653DE220494347212441B50340B7A8068A709BF6953D799B57 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:33:30.0447 0x15c8 RtHDVCpl - ok
22:33:30.0494 0x15c8 [ 4B5F92605D77D07041D8C05955A4B0B3, BA8E2AB779CC4FCA64DB54452E4D8543AA91305BA448E41D04132E5B760FD0E4 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
22:33:30.0509 0x15c8 CDAServer - detected UnsignedFile.Multi.Generic ( 1 )
22:33:30.0962 0x15c8 Detect skipped due to KSN trusted
22:33:30.0962 0x15c8 CDAServer - ok
22:33:31.0040 0x15c8 [ 0540C38069CD5212B241E62AC1990201, DAAD37478187B62D27FCF2D2A979C76C8B465FF4F56215BE259D18EF3CBC9E73 ] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
22:33:31.0055 0x15c8 Hotkey Utility - ok
22:33:31.0164 0x15c8 [ 47C1DE0A890613FFCFF1D67648EEDF90, 5821567D7DD99623257AEA794023EF4200E6E17FD09656B40D97C44A35C701BB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:33:31.0211 0x15c8 Adobe ARM - ok
22:33:31.0336 0x15c8 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
22:33:31.0508 0x15c8 SDTray - ok
22:33:31.0570 0x15c8 [ 4DCD34F7B2B711B6C1B1B5689732DB57, 729247A51981D0E9E5A35F136ABD414D8450E3D8F47608F59EE4B5B3AA1BEBA3 ] C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe
22:33:31.0586 0x15c8 AvgUi - ok
22:33:31.0664 0x15c8 [ 4B31AA6E26AE25CD1DE96C0EB5C8C9E8, B53D30A58575F1EDFE73A4AFEA9F9AA0AA1EF71277A0F6514A0A91D5DD65421D ] C:\Program Files (x86)\AVG\Av\avuirunnerx.exe
22:33:31.0679 0x15c8 AVG_UI - ok
22:33:31.0773 0x15c8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:33:31.0851 0x15c8 Sidebar - ok
22:33:31.0866 0x15c8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:33:31.0898 0x15c8 mctadmin - ok
22:33:31.0929 0x15c8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:33:31.0960 0x15c8 Sidebar - ok
22:33:31.0976 0x15c8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:33:31.0991 0x15c8 mctadmin - ok
22:33:32.0038 0x15c8 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
22:33:32.0054 0x15c8 SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
22:33:32.0506 0x15c8 Detect skipped due to KSN trusted
22:33:32.0506 0x15c8 SpybotPostWindows10UpgradeReInstall - ok
22:33:32.0553 0x15c8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:33:32.0584 0x15c8 Sidebar - ok
22:33:32.0584 0x15c8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:33:32.0600 0x15c8 mctadmin - ok
22:33:32.0646 0x15c8 [ 6E9DBF6B982AEA2EC6614F0B81AB2846, BEBD1E26E3C2810B19A71446A2CC5B9BD9436E802DD8CD0432DFC35BFF248593 ] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe
22:33:32.0662 0x15c8 ScrSav - ok
22:33:32.0662 0x15c8 Waiting for KSN requests completion. In queue: 91
22:33:33.0707 0x15c8 AV detected via SS2: AVG AntiVirus Free Edition, C:\Program Files (x86)\AVG\Av\avgwsc.exe ( 16.81.0.7639 ), 0x41000 ( enabled : updated )
22:33:33.0754 0x15c8 Win FW state via NFP2: disabled ( not trusted )
22:33:34.0082 0x15c8 ============================================================
22:33:34.0082 0x15c8 Scan finished
22:33:34.0082 0x15c8 ============================================================
22:33:34.0082 0x1158 Detected object count: 0
22:33:34.0082 0x1158 Actual detected object count: 0
|
|
19.06.2016, 21:52
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Trojaner-Fund nach Fake-Anruf Microsoft Support Spybot bitte deinstallieren. Schritt 1 Downloade Dir HitmanPro  auf Deinen Desktop:HitmanPro-32 Bit Version HitmanPro-64 Bit Version
Schritt 2 ESET Online Scanner
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
20.06.2016, 16:49
| #5 |
| | Trojaner-Fund nach Fake-Anruf Microsoft Support ok, hier die logs: Code:
ATTFilter
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=18a4681b5eb54d4c9af0f3a8c94cd8c3
# end=init
# utc_time=2016-06-20 01:19:17
# local_time=2016-06-20 03:19:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=41221
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 29855
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=18a4681b5eb54d4c9af0f3a8c94cd8c3
# end=updated
# utc_time=2016-06-20 02:01:57
# local_time=2016-06-20 04:01:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=18a4681b5eb54d4c9af0f3a8c94cd8c3
# engine=29855
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-06-20 03:37:35
# local_time=2016-06-20 05:37:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8778 218066905 0 0
# scanned=262023
# found=3
# cleaned=0
# scan_time=5737
sh=596D78A7F03D1DAEE86BCCE8DD7713AA60E8F9E4 ft=1 fh=8eaf1d336ac02ccc vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3577244915-1859113761-1499644197-1001\$RLCRDG1.exe"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=FC13CFD5784A7B7EB2E21B35536AEBC42AC858A7 ft=1 fh=30f3b06e57136945 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\AppData\Local\Temp\DMR\dmr_72.exe"
|
|
20.06.2016, 19:14
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Trojaner-Fund nach Fake-Anruf Microsoft Support Schritt 1 Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ --> Trojaner-Fund nach Fake-Anruf Microsoft Support |
|
20.06.2016, 19:49
| #7 |
| | Trojaner-Fund nach Fake-Anruf Microsoft Support Hier das Ergebnis: Code:
ATTFilter Farbar Service Scanner Version: 27-01-2016
Ran by *** (administrator) on 20-06-2016 at 20:44:29
Running from "C:\Users\***\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
|
|
21.06.2016, 17:32
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Trojaner-Fund nach Fake-Anruf Microsoft Support
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
21.06.2016, 18:56
| #9 |
| | Trojaner-Fund nach Fake-Anruf Microsoft Support Hallo Jürgen, in der Anleitung steht, dass vor dem download der Virenscanner deaktiviert werden soll; bedeutet das, deinstallieren? Ich habe jetzt AVG, Malwarebytes und die Programme aus deiner Anleitung auf dem PC. Wie man im abgesicherten Modus arbeitet, weiß ich leider auch nicht genau... Bitte hilf mir weiter. DANKE. |
|
21.06.2016, 19:00
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Trojaner-Fund nach Fake-Anruf Microsoft Support Das Tool vorher runterladen und dann die Reparaturen im abgesicherten Modus machen. Hier wird erklärt wie es geht. Starten des Computers im abgesicherten Modus - Windows-Hilfe
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
21.06.2016, 20:23
| #11 |
| | Trojaner-Fund nach Fake-Anruf Microsoft Support Statt dem Fenster von tweaking.com hat sich ein Fenster windows essentials 2012 mit einem Vertrag über Microsoft-Dienste geöffnet, den ich entweder annehmen oder ablehnen soll. So wie ich das verstehe wurden die Dienste gekündigt (deshalb läuft wohl auch der movie maker nicht mehr), weil eine Lizenz erloschen ist. Ich verstehe das nicht, den PC habe ich bestimmt schon 3-4 Jahre und die Lizenz ist doch bei dem Kauf dabei? Was soll ich jetzt weiter tun? Wenn ich annehme, ist das kostenlos? |
|
21.06.2016, 20:35
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Trojaner-Fund nach Fake-Anruf Microsoft Support Bitte was? Wo geht da ein Fenster auf? Bitte Screenshot posten und nichts anklicken oder bestätigen.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
21.06.2016, 21:14
| #13 |
| | Trojaner-Fund nach Fake-Anruf Microsoft Support Habe den screenshot angehängt, hoffe es klappt.Vielleicht liegt der Fehler mit den Diensten darin, dass wohlmöglich in der Registry etwas geändert wurde durch den Eingriff in meinen PC durch die tel. Fernsteuerung, habe dazu einen link gefunden: hxxp://windows-hilfe-forum.de/f4/deaktivierte-dienste-lassen-sich-unter-windows-7-nicht-mehr-aktivieren-2361/ Ich beende jetzt erstmal alles und wir machen morgen weiter. Geändert von klarinette (21.06.2016 um 21:23 Uhr) |
|
21.06.2016, 21:17
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Trojaner-Fund nach Fake-Anruf Microsoft Support Annehmen klicken
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
22.06.2016, 10:30
| #15 |
| | Trojaner-Fund nach Fake-Anruf Microsoft Support Ja, habe ich angenommen. Der download von Windows repair lässt sich nicht durchführen, es kommt immer diese Meldung: |
|
| Themen zu Trojaner-Fund nach Fake-Anruf Microsoft Support |
| anmeldung fehlgeschlagen, antivirus, computer, converter, cpu, desktop, dnsapi.dll, einstellungen, flash player, helper, helper.exe, home, installation, internet, monitor, mp3, port, problem, prozesse, realtek, registry, safer networking, scan, secur, services.exe, software, svchost.exe, udp, windows |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
