| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Browser immitierte Bankseite und forderte Pineingabe - Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.09.2016, 16:19
| #1 |
 |  Browser immitierte Bankseite und forderte Pineingabe - Trojaner? Hallo, ich habe folgendes Problem, ich wollte meine Bankgeschäfte wie immer online erledigen, als plötzlich die Bankseite meinen definitv richtigen PIN mehrfach haben wollte und dann meinte, dass das Konto gesperrt sei. Meine Bank meinte dann nach einem Anruf, dass das nicht sein kann und ich meinen PC überprüfen solle, da der Techniker einen Trojaner vermutet. Da ich auch geschäftlich mit dem Laptop viel Onlinebanking mache, möchte ich, dass da nix drauf ist. Ich habe mal mit Spybot und mit Malwarebytes Scans gemacht mit folgenden Ergebnissen Code:
ATTFilter Search results from Spybot - Search & Destroy
03.09.2016 17:10:20
Scan took 00:00:00.
0 items found.
--- Spybot - Search & Destroy version: 2.6.44.134 DLL (build: 20160321) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2016-03-21 SDCleaner.exe (2.6.44.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2016-03-21 SDImmunize.exe (2.6.44.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2016-03-21 SDScan.exe (2.6.44.181)
2014-06-24 SDScript.exe (2.4.40.54)
2016-03-21 SDSettings.exe (2.6.44.141)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-09-03 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2016-03-21 DelZip192.dll (1.9.2.132)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2016-03-21 SDScanLibrary.dll (2.6.44.134)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi
2015-08-05 Includes\Adware-001.sbi
2016-08-31 Includes\Adware-C.sbi
2014-01-13 Includes\Adware.sbi
2014-01-13 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2014-11-14 Includes\Dialer-000.sbi
2014-11-14 Includes\Dialer-001.sbi
2015-07-29 Includes\Dialer-C.sbi
2014-01-13 Includes\Dialer.sbi
2014-01-13 Includes\DialerC.sbi
2014-01-09 Includes\Fraud-000.sbi
2014-01-09 Includes\Fraud-001.sbi
2014-03-31 Includes\Fraud-002.sbi
2016-07-06 Includes\Fraud-003.sbi
2012-11-14 Includes\HeavyDuty.sbi
2014-11-14 Includes\Hijackers-000.sbi
2014-11-14 Includes\Hijackers-001.sbi
2015-12-23 Includes\Hijackers-C.sbi
2014-01-13 Includes\Hijackers.sbi
2014-01-13 Includes\HijackersC.sbi
2014-01-08 Includes\iPhone-000.sbi
2014-01-08 Includes\iPhone.sbi
2016-05-27 Includes\Keyloggers-000.sbi
2016-08-31 Includes\Keyloggers-C.sbi
2014-01-13 Includes\Keyloggers.sbi
2014-01-13 Includes\KeyloggersC.sbi
2015-06-25 Includes\Malware-000.sbi
2014-11-14 Includes\Malware-001.sbi
2016-06-14 Includes\Malware-002.sbi
2015-11-19 Includes\Malware-003.sbi
2014-11-14 Includes\Malware-004.sbi
2014-11-14 Includes\Malware-005.sbi
2014-02-26 Includes\Malware-006.sbi
2014-01-09 Includes\Malware-007.sbi
2016-07-06 Includes\Malware-C.sbi
2014-01-13 Includes\Malware.sbi
2013-12-23 Includes\MalwareC.sbi
2014-11-14 Includes\PUPS-000.sbi
2014-01-15 Includes\PUPS-001.sbi
2014-01-15 Includes\PUPS-002.sbi
2016-08-31 Includes\PUPS-C.sbi
2012-11-14 Includes\PUPS.sbi
2014-01-07 Includes\PUPSC.sbi
2014-01-08 Includes\Security-000.sbi
2015-12-02 Includes\Security-C.sbi
2014-01-21 Includes\Security.sbi
2014-01-21 Includes\SecurityC.sbi
2015-11-11 Includes\Spyware-000.sbi
2015-05-06 Includes\Spyware-001.sbi
2016-08-10 Includes\Spyware-C.sbi
2014-01-21 Includes\Spyware.sbi
2014-01-21 Includes\SpywareC.sbi
2011-06-07 Includes\Tracks.sbi
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi
2014-01-15 Includes\Trojans-001.sbi
2014-11-14 Includes\Trojans-002.sbi
2016-01-20 Includes\Trojans-003.sbi
2014-01-15 Includes\Trojans-004.sbi
2014-03-19 Includes\Trojans-005.sbi
2015-03-31 Includes\Trojans-006.sbi
2014-01-15 Includes\Trojans-007.sbi
2014-07-09 Includes\Trojans-008.sbi
2014-07-09 Includes\Trojans-009.sbi
2016-08-31 Includes\Trojans-C.sbi
2014-01-15 Includes\Trojans-OG-000.sbi
2014-01-15 Includes\Trojans-TD-000.sbi
2014-01-15 Includes\Trojans-VM-000.sbi
2014-01-15 Includes\Trojans-VM-001.sbi
2014-01-15 Includes\Trojans-VM-002.sbi
2014-01-15 Includes\Trojans-VM-003.sbi
2014-01-15 Includes\Trojans-VM-004.sbi
2014-01-15 Includes\Trojans-VM-005.sbi
2014-01-15 Includes\Trojans-VM-006.sbi
2014-01-15 Includes\Trojans-VM-007.sbi
2014-01-15 Includes\Trojans-VM-008.sbi
2014-01-15 Includes\Trojans-VM-009.sbi
2014-01-15 Includes\Trojans-VM-010.sbi
2014-01-15 Includes\Trojans-VM-011.sbi
2014-01-15 Includes\Trojans-VM-012.sbi
2014-01-15 Includes\Trojans-VM-013.sbi
2014-01-15 Includes\Trojans-VM-014.sbi
2014-01-15 Includes\Trojans-VM-015.sbi
2014-01-15 Includes\Trojans-VM-016.sbi
2014-01-15 Includes\Trojans-VM-017.sbi
2014-01-15 Includes\Trojans-VM-018.sbi
2014-01-15 Includes\Trojans-VM-019.sbi
2014-01-15 Includes\Trojans-VM-020.sbi
2014-01-15 Includes\Trojans-VM-021.sbi
2014-01-15 Includes\Trojans-VM-022.sbi
2014-01-15 Includes\Trojans-VM-023.sbi
2014-01-15 Includes\Trojans-VM-024.sbi
2014-01-15 Includes\Trojans-ZB-000.sbi
2016-02-03 Includes\Trojans-ZL-000.sbi
2014-01-09 Includes\Trojans.sbi
2014-01-16 Includes\TrojansC-01.sbi
2014-01-16 Includes\TrojansC-02.sbi
2014-01-16 Includes\TrojansC-03.sbi
2014-01-16 Includes\TrojansC-04.sbi
2014-01-16 Includes\TrojansC-05.sbi
2014-01-09 Includes\TrojansC.sbi
Code:
ATTFilter [i] 16-09-03 17:02:13
[i] 16-09-03 17:02:13 Product DownloadSponsor
[+] 16-09-03 17:02:13 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\OCS\lastPID
[+] 16-09-03 17:02:13 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\OCS\PID
[+] 16-09-03 17:02:13 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\OCS\lastPID
[+] 16-09-03 17:02:13 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\OCS\PID
[i] 16-09-03 17:02:13
[i] 16-09-03 17:02:13 Product Macromedia.FlashPlayer.Cookies
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\aka-cdn-ns.adtech.de\movad.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\audienceinsights.net\pus.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.flashtalking.com\ftLocalComms.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.flashtalking.com\FT_cookie.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.movad.net\movad.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.screen9.com\picsearch_user_session.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\ced.sascdn.com\movad.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\content.adriver.ru\storage.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\csp.picsearch.com\picsearch_user_session.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-ipd.cdn.videoplaza.tv\com.videoplaza.adplayer.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-ipd.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-ipd.cdn.videoplaza.tv\se.videoplaza.kit.adplayer.adplayer.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-netpointmedia.cdn.videoplaza.tv\com.videoplaza.adplayer.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-netpointmedia.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-netpointmedia.cdn.videoplaza.tv\se.videoplaza.kit.adplayer.adplayer.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\gadcreatives.mode.com\movad.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\images-eu.ssl-images-amazon.com\mercury.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\images-na.ssl-images-amazon.com\mercury.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\imagesrv.adition.com\movad.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\mpsnare.iesnare.com\stm.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\nx-o.akamaized.net\nexxCACHE_584.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\pagead2.googlesyndication.com\movad.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\player.louisvuitton.com\analytics.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\player.ooyala.com\auth.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\player.ooyala.com\auth2.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\player.ooyala.com\auth_id.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\player.ooyala.com\ooyala_guid.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\s.ytimg.com\soundData.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\secure-uk.imrworldwide.com\_ggCvar.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\secure-uk.imrworldwide.com\_ggCvar_temp.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\secure-uk.imrworldwide.com\_ggMCvar_1.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\secureinclude.ebaystatic.com\ebayLSO.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\sfiles.edgesuite.net\analytics.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\ssl.hurra.com\restore.hurra.com.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\static.afcdn.com\com.jeroenwijering.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\static.hotelscombined.com.s3.amazonaws.com\analytics.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\static1.dmcdn.net\com.dm.player.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\tpc.googlesyndication.com\timer.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.adac.de\ADAC.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.cashback4you.de\pap20.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.cinemaxx.de\analytics.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.cmadserver.de\movad.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.helpster.de\analytics.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.jochen-schweizer.de\lsoContent.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.jochen-schweizer.de\lsoOrder.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.jochen-schweizer.de\lsoSearch.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.jochen-schweizer.de\lsoTrack.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.mtv.de\AdobeDynamicStream.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.mtv.de\analytics.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.paypalobjects.com\PayPalLSO.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.tripadvisor.de\TA.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\aa.online-metrix.net\fpc.swf\session.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\jsctool.com\d.swf\d.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\ndirect.ppro.de\vft\clickIDs.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\uc8.tv\p.swf\d.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\uc8.tv\p.swf\rh.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.cdn-net.com\s.swf\_cc.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerApp.swf\rtl.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerApp.swf\rtlbw.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerApp.swf\userinfo6.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerAppAB.swf\rtl.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerAppAB.swf\rtlbw.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerAppAB.swf\userinfo6.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.liveab.swf\rtl.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.liveab.swf\rtlbw.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.liveab.swf\userinfo6.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.swf\rtl.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.swf\rtlbw.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.swf\userinfo6.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn2.dashbida.com\prod\vpaid2-dbfp.swf\dbStore.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\embed.wistia.com\flash\embed_player_v2.0.swf\settings.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\pagead2.googlesyndication.com\pagead\imgad\_mg541446df9713960e9e006790.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\pxc1.adscale.de\banner\298238d77edf7e4577d09e2c891bad35.swf\cookie.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\rating-widget.com\js\RatingWidget.swf\RatingWidget.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.helpster.de\swf\flowplayer.commercial-3.2.18.swf\org.flowplayer.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.mtv.de\assets\g2player-27b0cea760f0850626afd149d9704c8b.swf\G2PlayerLSO.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.mtv.de\assets\g2player_2.3.0-211c8f0dd8b409900b031926b886e7cc.swf\G2PlayerLSO.sol
[+] 16-09-03 17:02:13 Moving into quarantine C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.n24.de\_swf\HomePlayer.swf\playerAdData.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\aka-cdn-ns.adtech.de\movad.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\audienceinsights.net\pus.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.flashtalking.com\ftLocalComms.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.flashtalking.com\FT_cookie.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.movad.net\movad.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.screen9.com\picsearch_user_session.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\ced.sascdn.com\movad.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\content.adriver.ru\storage.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\csp.picsearch.com\picsearch_user_session.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-ipd.cdn.videoplaza.tv\com.videoplaza.adplayer.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-ipd.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-ipd.cdn.videoplaza.tv\se.videoplaza.kit.adplayer.adplayer.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-netpointmedia.cdn.videoplaza.tv\com.videoplaza.adplayer.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-netpointmedia.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\de-netpointmedia.cdn.videoplaza.tv\se.videoplaza.kit.adplayer.adplayer.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\gadcreatives.mode.com\movad.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\images-eu.ssl-images-amazon.com\mercury.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\images-na.ssl-images-amazon.com\mercury.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\imagesrv.adition.com\movad.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\mpsnare.iesnare.com\stm.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\nx-o.akamaized.net\nexxCACHE_584.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\pagead2.googlesyndication.com\movad.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\player.louisvuitton.com\analytics.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\player.ooyala.com\auth.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\player.ooyala.com\auth2.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\player.ooyala.com\auth_id.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\player.ooyala.com\ooyala_guid.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\s.ytimg.com\soundData.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\secure-uk.imrworldwide.com\_ggCvar.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\secure-uk.imrworldwide.com\_ggCvar_temp.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\secure-uk.imrworldwide.com\_ggMCvar_1.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\secureinclude.ebaystatic.com\ebayLSO.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\sfiles.edgesuite.net\analytics.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\ssl.hurra.com\restore.hurra.com.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\static.afcdn.com\com.jeroenwijering.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\static.hotelscombined.com.s3.amazonaws.com\analytics.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\static1.dmcdn.net\com.dm.player.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\tpc.googlesyndication.com\timer.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.adac.de\ADAC.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.cashback4you.de\pap20.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.cinemaxx.de\analytics.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.cmadserver.de\movad.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.helpster.de\analytics.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.jochen-schweizer.de\lsoContent.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.jochen-schweizer.de\lsoOrder.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.jochen-schweizer.de\lsoSearch.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.jochen-schweizer.de\lsoTrack.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.mtv.de\AdobeDynamicStream.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.mtv.de\analytics.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.paypalobjects.com\PayPalLSO.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.tripadvisor.de\TA.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\aa.online-metrix.net\fpc.swf\session.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\jsctool.com\d.swf\d.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\ndirect.ppro.de\vft\clickIDs.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\uc8.tv\p.swf\d.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\uc8.tv\p.swf\rh.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.cdn-net.com\s.swf\_cc.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerApp.swf\rtl.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerApp.swf\rtlbw.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerApp.swf\userinfo6.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerAppAB.swf\rtl.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerAppAB.swf\rtlbw.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\PlayerAppAB.swf\userinfo6.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.liveab.swf\rtl.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.liveab.swf\rtlbw.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.liveab.swf\userinfo6.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.swf\rtl.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.swf\rtlbw.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn.static-fra.de\now\vodplayer.swf\userinfo6.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\cdn2.dashbida.com\prod\vpaid2-dbfp.swf\dbStore.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\embed.wistia.com\flash\embed_player_v2.0.swf\settings.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\pagead2.googlesyndication.com\pagead\imgad\_mg541446df9713960e9e006790.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\pxc1.adscale.de\banner\298238d77edf7e4577d09e2c891bad35.swf\cookie.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\rating-widget.com\js\RatingWidget.swf\RatingWidget.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.helpster.de\swf\flowplayer.commercial-3.2.18.swf\org.flowplayer.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.mtv.de\assets\g2player-27b0cea760f0850626afd149d9704c8b.swf\G2PlayerLSO.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.mtv.de\assets\g2player_2.3.0-211c8f0dd8b409900b031926b886e7cc.swf\G2PlayerLSO.sol
[+] 16-09-03 17:02:13 Successfully cleaned C:\Users\Carolina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZMX2CYQD\www.n24.de\_swf\HomePlayer.swf\playerAdData.sol
[i] 16-09-03 17:02:13
[i] 16-09-03 17:02:13 Product 7-Zip
[+] 16-09-03 17:02:13 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\7-ZIP\FM\FolderHistory
[+] 16-09-03 17:02:13 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\7-ZIP\FM\PanelPath0
[+] 16-09-03 17:02:13 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\7-ZIP\FM\FolderHistory
[+] 16-09-03 17:02:13 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\7-ZIP\FM\PanelPath0
[i] 16-09-03 17:02:13
[i] 16-09-03 17:02:13 Product Internet Explorer
[+] 16-09-03 17:02:13 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Internet Explorer\TypedURLs
[+] 16-09-03 17:02:13 Moving into quarantine HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-09-03 17:02:13 Moving into quarantine HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-09-03 17:02:13 Moving into quarantine HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-09-03 17:02:13 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-09-03 17:02:13 Moving into quarantine HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Internet Explorer\TypedURLs
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 16-09-03 17:02:14
[i] 16-09-03 17:02:14 Product MS Management Console
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Microsoft Management Console\Recent File List
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Microsoft Management Console\Recent File List
[i] 16-09-03 17:02:14
[i] 16-09-03 17:02:14 Product MS Media Player
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[i] 16-09-03 17:02:14
[i] 16-09-03 17:02:14 Product MS DirectDraw
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 16-09-03 17:02:14
[i] 16-09-03 17:02:14 Product MS Paint
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i] 16-09-03 17:02:14
[i] 16-09-03 17:02:14 Product Windows.OpenWith
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
[i] 16-09-03 17:02:14
[i] 16-09-03 17:02:14 Product Windows Explorer
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i] 16-09-03 17:02:14
[i] 16-09-03 17:02:14 Product Windows Media SDK
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+] 16-09-03 17:02:14 Moving into quarantine HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+] 16-09-03 17:02:14 Successfully cleaned HKEY_USERS\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[i] 16-09-03 17:02:14
[i] 16-09-03 17:02:14 Product Cookie
[+] 16-09-03 17:02:14 Moving into quarantine Internet Explorer (Benutzer) (Carolina)Cookies
[+] 16-09-03 17:02:14 Successfully cleaned Internet Explorer (Benutzer) (Carolina)Cookies
[i] 16-09-03 17:02:14
[i] 16-09-03 17:02:14 Product Cache
[+] 16-09-03 17:02:14 Moving into quarantine Internet Explorer (Benutzer) (Carolina)Cache
[+] 16-09-03 17:02:14 Successfully cleaned Internet Explorer (Benutzer) (Carolina)Cache
[i] 16-09-03 17:02:14
[i] 16-09-03 17:02:14 Product Verlauf
[+] 16-09-03 17:02:14 Moving into quarantine Internet Explorer (Benutzer) (Carolina)History
[+] 16-09-03 17:02:14 Successfully cleaned Internet Explorer (Benutzer) (Carolina)History
[i] 16-09-03 17:02:14
[i] 16-09-03 17:02:14 Summary
[i] 16-09-03 17:02:14 Errors while cleaning 0
[i] 16-09-03 17:02:14 Files moved into quarantine 103
[i] 16-09-03 17:02:14 Files successfully cleaned 103
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 03.09.2016 Suchlaufzeit: 13:46 Protokolldatei: avvsdvsdvsda.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.09.03.04 Rootkit-Datenbank: v2016.08.15.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Carolina Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 325913 Abgelaufene Zeit: 18 Min., 9 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.CrossRider, HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\WINDOWS_IE_AC_001\SOFTWARE\Crossrider, In Quarantäne, [635d87e6c8d277bfb8e2815a42c17888], Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 17 PUP.Optional.FileViewPro, C:\Users\Carolina\AppData\Local\FileViewPro, In Quarantäne, [ccf4d598a4f6e94df38a3f9c669e25db], PUP.Optional.FileViewPro, C:\Users\Carolina\AppData\Local\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm, In Quarantäne, [ccf4d598a4f6e94df38a3f9c669e25db], PUP.Optional.FileViewPro, C:\Users\Carolina\AppData\Local\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.1.0.0, In Quarantäne, [ccf4d598a4f6e94df38a3f9c669e25db], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\7z, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Code, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Code\Extended, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Cursors, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\fr, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\it, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Raw, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Wps, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], Dateien: 169 Trojan.Agent, C:\Windows\System32\sspiclid.exe, In Quarantäne, [02be5518881220162dbf681c16ebe51b], PUP.Optional.FileViewPro, C:\Users\Carolina\AppData\Local\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.1.0.0\user.config, In Quarantäne, [ccf4d598a4f6e94df38a3f9c669e25db], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Aspose.Slides.lic, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Be.Windows.Forms.HexBox.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Declarations.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Data.v12.1.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Data.v12.1.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Office.v12.1.Core.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Office.v12.1.Core.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Printing.v12.1.Core.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Printing.v12.1.Core.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.RichEdit.v12.1.Core.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Utils.v12.1.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Utils.v12.1.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraBars.v12.1.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraBars.v12.1.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraEditors.v12.1.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraEditors.v12.1.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraGrid.v12.1.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraGrid.v12.1.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraPrinting.v12.1.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraPrinting.v12.1.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v12.1.Design.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v12.1.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v12.1.Extensions.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v12.1.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\EULA_FileViewPro.rtf, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Facebook.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Facebook.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Facebook.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Facebook.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Licensing.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Licensing.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Localization.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Localization.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Strings.3.resources, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Document.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Document.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Media.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Media.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Message.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.RichEdit.v12.1.Core.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v12.1.Printing.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.exe.config, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Message.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.vshost.exe.config, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ICSharpCode.TextEditor.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Microsoft.CSharp.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.Data.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Mime.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Mime.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Pdf.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Pdf.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Torrent.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Torrent.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Wpd.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Wpd.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Wps.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Wps.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Xps.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Xps.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.vshost.exe, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Common.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Common.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.vshost.exe.manifest, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ICSharpCode.SharpZipLib.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ImageView.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ImageView.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Implementation.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Interop.WIA.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\IsLicense50.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\LibVlcWrapper.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\licenses.licx, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\new_icon.ico, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\NLog.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\O2S.Components.PDFRender4NET.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\O2S.Components.PDFRender4NET.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\O2S.Components.PDFView4NET.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\O2S.Components.PDFView4NET.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.Base.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.Core.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.Effects.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.Resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.SystemLayer.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Plugins.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\QlmControls.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\QlmLicenseLib.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\SDL.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\SevenZipSharp.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\SimplePsd.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\SocialExplorer.FastDBF.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\SocialExplorer.FastDBF.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Svg.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Svg.pdb, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\swscale-0.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\System.Windows.Forms.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\TorrentParser.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\unassoc.bat, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\unins000.dat, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\unins000.msg, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\7z\7z.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Code\Extended\Patch-Mode.xshd, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Code\Extended\Python-Mode.xshd, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Code\Extended\SQL-Mode.xshd, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Cursors\PanToolCursor.cur, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.Data.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.Printing.v12.1.Core.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.RichEdit.v12.1.Core.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.Utils.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.XtraBars.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.XtraEditors.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.XtraGrid.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.XtraPrinting.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.Data.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.Printing.v12.1.Core.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.RichEdit.v12.1.Core.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.Utils.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.XtraBars.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.XtraEditors.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.XtraGrid.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.XtraPrinting.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.Data.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.Printing.v12.1.Core.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.RichEdit.v12.1.Core.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.Utils.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.XtraBars.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.XtraEditors.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.XtraGrid.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.XtraPrinting.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\ar.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\cs.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\da.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\de.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\el.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\en-US.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\en.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\es.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\fi.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\fr.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\hi.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\hu.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\it.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\ja.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\ko.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\nl.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\no.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\pl.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\pt-br.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\pt-pt.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\ro.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\ru.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\sv.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\tr.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\zh-cn.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\zh-tw.xml, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Raw\dcraw.exe, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.Data.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.Printing.v12.1.Core.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.RichEdit.v12.1.Core.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.Utils.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.XtraBars.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.XtraEditors.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.XtraGrid.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.XtraPrinting.v12.1.resources.dll, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Wps\wps2html.exe, In Quarantäne, [9927e489f7a3979f4c339f3c6e965ba5], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
03.09.2016, 16:39
| #2 |
| /// TB-Ausbilder   | Browser immitierte Bankseite und forderte Pineingabe - Trojaner? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
03.09.2016, 20:54
| #3 |
| | Browser immitierte Bankseite und forderte Pineingabe - Trojaner?Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von Carolina (Administrator) auf CAROLINA (03-09-2016 21:43:38)
Gestartet von C:\Users\Carolina\Desktop
Geladene Profile: Carolina (Verfügbare Profile: Carolina)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Dropbox, Inc.) C:\Users\Carolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
konnte nicht auf den Prozess zugreifen -> firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{604FCFE8-4252-7D4E-9CBB-C95E3FF55FD7}\YSearchUtilSVC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Run: [Dropbox Update] => C:\Users\Carolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\MountPoints2: {a6852633-d385-11e3-be89-6036dda75de5} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
Startup: C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{58BF2E8F-2EA9-4F17-AF2E-78712D3E35C0}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
URLSearchHook: HKLM-x32 -> Standard = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\S-1-5-21-985286299-975283114-1846765778-1001 -> {E29367D3-A777-43D0-B942-BF09BA6AF55C} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-04-20] (IObit)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Kein Name -> {41564952-412D-5637-4300-7A786E7484D7} -> Keine Datei
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-03] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-985286299-975283114-1846765778-1001 -> Kein Name - {41564952-412D-5637-4300-7A786E7484D7} - Keine Datei
Toolbar: HKU\S-1-5-21-985286299-975283114-1846765778-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
FireFox:
========
FF ProfilePath: C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\5e2e3eil.default-1414797382018
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Extension: (Firefox Hotfix) - C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\5e2e3eil.default-1414797382018\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\5e2e3eil.default-1414797382018\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-09-03]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon [2016-07-05]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-22] (IObit)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NS.exe [289080 2016-08-16] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{604FCFE8-4252-7D4E-9CBB-C95E3FF55FD7}\YSearchUtilSvc.exe [182736 2016-05-16] (Yahoo Inc.)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-15] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20160826.008\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607010.020\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20160902.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1607010.020\SRTSP64.SYS [773360 2016-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1607010.020\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607010.020\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607010.020\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160706.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160706.008\EX64.SYS [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-09-03 21:43 - 2016-09-03 21:44 - 00018844 _____ C:\Users\Carolina\Desktop\FRST.txt
2016-09-03 21:43 - 2016-09-03 21:43 - 00000000 ____D C:\FRST
2016-09-03 21:42 - 2016-09-03 21:42 - 02397696 _____ (Farbar) C:\Users\Carolina\Desktop\FRST64.exe
2016-09-03 14:26 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-09-03 14:24 - 2016-09-03 17:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-03 14:24 - 2016-09-03 14:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-03 14:24 - 2016-09-03 14:24 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-03 14:24 - 2016-09-03 14:24 - 00001391 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-09-03 14:24 - 2016-09-03 14:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-09-03 14:24 - 2016-09-03 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-03 14:24 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-09-03 14:17 - 2016-09-03 14:20 - 12846600 _____ (Safer-Networking Ltd. ) C:\Users\Carolina\Downloads\spybot-2.4.40(1).exe.part
2016-09-03 13:46 - 2016-09-03 13:46 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Carolina\Downloads\spybot-2.4.40.exe
2016-09-03 13:44 - 2016-09-03 13:44 - 22851472 _____ (Malwarebytes ) C:\Users\Carolina\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-02 16:29 - 2016-09-03 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-02 12:24 - 2016-09-02 12:24 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-28 23:19 - 2016-08-28 23:20 - 00038471 _____ C:\Users\Carolina\Desktop\Müller online Fotoservice.pdf
2016-08-24 21:34 - 2016-08-24 21:35 - 00000000 ____D C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-24 14:02 - 2016-08-24 14:02 - 00003216 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-08-24 14:02 - 2016-08-24 14:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2016-08-19 18:11 - 2016-08-19 18:11 - 00000000 ____D C:\Users\Carolina\Documents\Mathematische_Ausarbeitungen_BSF11_und_BSF12_%28teilweise_BSF13%29
2016-08-19 18:09 - 2016-08-19 18:09 - 00000000 ____D C:\Users\Carolina\Documents\Stegreifaufgaben_BSF11_un_BSF12
2016-08-19 17:56 - 2016-08-19 17:56 - 00000000 ____D C:\Users\Carolina\Documents\Schulaufgabe
2016-08-13 18:21 - 2016-07-08 16:18 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-13 18:20 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-13 18:20 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-13 18:20 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-08-13 18:20 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-08-13 18:20 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-13 18:20 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-08-13 18:20 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-08-13 18:20 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-13 18:20 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-08-13 18:20 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-13 18:20 - 2016-08-02 07:46 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-08-13 18:20 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-08-13 18:20 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-08-13 18:20 - 2016-08-02 07:39 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-13 18:20 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-13 18:20 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-13 18:20 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-13 18:20 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-13 18:20 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-13 18:20 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-13 18:20 - 2016-08-02 07:20 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-08-13 18:20 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-13 18:20 - 2016-08-02 07:15 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-13 18:20 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-13 18:20 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-13 18:20 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-13 18:20 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-13 18:20 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-13 18:20 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-13 18:20 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-13 18:20 - 2016-07-06 16:26 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-13 18:20 - 2016-07-06 16:26 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-08-13 18:20 - 2016-07-06 16:23 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-08-13 18:20 - 2016-07-06 16:21 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-13 18:18 - 2016-07-12 16:08 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-13 18:18 - 2016-07-09 02:09 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-08-13 18:18 - 2016-07-09 02:08 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-08-13 18:18 - 2016-07-08 16:32 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-13 18:18 - 2016-07-08 16:25 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-13 18:18 - 2016-07-08 16:22 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-13 18:18 - 2016-07-08 16:19 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-08-13 18:18 - 2016-07-08 16:17 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-08-13 18:18 - 2016-07-08 00:33 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-08-13 18:18 - 2016-07-07 23:53 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-08-13 18:18 - 2016-07-07 22:06 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-08-13 18:18 - 2016-05-19 01:18 - 00563024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-13 18:18 - 2016-05-19 01:18 - 00397232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-08-13 18:18 - 2016-05-19 01:16 - 00178016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-13 18:18 - 2016-05-19 00:28 - 00340880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-09-03 20:55 - 2014-02-16 11:49 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-03 20:49 - 2014-10-08 19:55 - 00000000 ____D C:\Users\Carolina\AppData\Roaming\Dropbox
2016-09-03 20:21 - 2014-02-16 15:29 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8268C022-4357-47A2-BFEF-A114E6961FEE}
2016-09-03 17:13 - 2014-06-25 18:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-03 14:40 - 2014-02-04 18:11 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-985286299-975283114-1846765778-1001
2016-09-03 14:26 - 2015-12-11 19:47 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-03 14:22 - 2015-07-05 19:34 - 00000000 ____D C:\ProgramData\Oracle
2016-09-03 14:22 - 2015-07-05 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-03 14:22 - 2015-07-05 19:34 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-03 14:21 - 2015-10-20 22:11 - 00000000 ____D C:\Users\Carolina\.oracle_jre_usage
2016-09-03 14:21 - 2015-07-05 19:34 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-09-03 14:20 - 2015-01-05 11:40 - 00000000 ____D C:\Users\Carolina\AppData\Local\CrashDumps
2016-09-03 14:16 - 2013-11-14 09:27 - 01686150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-03 14:16 - 2013-11-14 09:11 - 00727930 _____ C:\WINDOWS\system32\perfh007.dat
2016-09-03 14:16 - 2013-11-14 09:11 - 00151586 _____ C:\WINDOWS\system32\perfc007.dat
2016-09-03 14:16 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-09-03 14:13 - 2016-02-08 19:42 - 00000374 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-09-03 14:13 - 2014-10-08 19:58 - 00000000 ___RD C:\Users\Carolina\Dropbox
2016-09-03 14:13 - 2014-02-16 13:36 - 00000000 ___DO C:\Users\Carolina\SkyDrive
2016-09-03 14:12 - 2014-02-09 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-03 14:12 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-03 14:12 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-09-03 13:45 - 2015-10-20 22:10 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-09-03 13:45 - 2014-06-25 18:30 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-09-03 13:34 - 2015-12-11 19:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-09-02 13:25 - 2014-02-09 12:34 - 01105920 ___SH C:\Users\Carolina\Desktop\Thumbs.db
2016-09-02 12:52 - 2014-02-16 13:16 - 00000000 ____D C:\Users\Carolina
2016-09-02 12:24 - 2014-02-04 16:13 - 00159805 ____N C:\WINDOWS\Minidump\090216-30312-01.dmp
2016-09-01 09:33 - 2014-04-27 21:53 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-08-29 09:53 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-28 13:17 - 2014-04-20 20:28 - 00000000 ____D C:\ProgramData\ProductData
2016-08-24 14:02 - 2016-07-05 20:46 - 00002324 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-08-24 14:02 - 2014-12-14 14:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-08-24 14:02 - 2014-12-14 14:16 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2016-08-19 11:21 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-08-19 10:21 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-18 09:01 - 2013-08-22 16:44 - 00410080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-17 20:52 - 2014-02-08 19:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-17 20:49 - 2014-02-08 19:45 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-16 20:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-13 19:56 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-13 19:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-02-13 00:50 - 2016-02-13 00:50 - 0016796 _____ () C:\Users\Carolina\AppData\Local\recently-used.xbel
Einige Dateien in TEMP:
====================
C:\Users\Carolina\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Carolina\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-09-03 14:40
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Carolina (03-09-2016 21:44:28)
Gestartet von C:\Users\Carolina\Desktop
Windows 8.1 (Update) (X64) (2014-02-16 11:32:56)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-985286299-975283114-1846765778-500 - Administrator - Disabled)
Carolina (S-1-5-21-985286299-975283114-1846765778-1001 - Administrator - Enabled) => C:\Users\Carolina
Gast (S-1-5-21-985286299-975283114-1846765778-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-985286299-975283114-1846765778-1005 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Bandizip (HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Bandizip) (Version: 3.10 - Bandisoft.com)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.)
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 1.1.0.0 - Solvusoft Corporation)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.82.0 - International GeoGebra Institute)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Norton Security (HKLM-x32\...\NS) (Version: 22.7.1.32 - Symantec Corporation)
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.39045 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Carolina\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {08047DF3-1B2D-44DC-A14A-6474149F9564} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E6F0863-8C69-47B0-9A0B-20372BBE8D4C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {28EF32BD-CAB1-4E63-8952-7FFA1592D417} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {747939DD-B643-4F26-8856-D8CCFE25ADA3} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {8079A0BD-E6E9-4057-8F82-0830AD0A1B7D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {AE5579F1-7971-453D-9E88-6BC6AAE1C063} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {CC126947-852B-4624-B8A9-2C7971C24B51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {CC24FD9C-6C68-4AAC-B37E-235A274FF93B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {DDCF6622-B13A-4A26-9DBE-42B727B0612C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-17] (Microsoft Corporation)
Task: {EF05F4BA-F4F2-415B-AB55-8B922AC7C4EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-985286299-975283114-1846765778-1001Core1d0c1fb4e728405.job => C:\Users\Carolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Carolina\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1919035336_de-de.lnk -> hxxp://paint.net
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-27 21:57 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-04-20 20:28 - 2014-04-20 20:28 - 00611648 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-07-12 07:19 - 2016-07-12 04:07 - 00035792 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-08-24 21:34 - 2016-07-12 04:07 - 00145864 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-08-24 21:34 - 2016-07-12 04:07 - 00019408 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-08-24 21:34 - 2016-07-12 04:07 - 00116688 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-07-12 07:19 - 2016-07-12 04:07 - 00100296 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-07-12 07:19 - 2016-07-12 04:07 - 00018888 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\select.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00019760 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-07-12 07:19 - 2016-07-12 04:07 - 00694224 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00020816 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-07-12 07:19 - 2016-07-12 04:07 - 00123856 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 01682760 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00020808 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-08-13 13:53 - 2016-08-24 01:17 - 00021312 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00052024 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00105928 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-13 13:53 - 2016-08-24 01:17 - 00025424 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00038696 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-08-24 21:34 - 2016-07-12 04:07 - 00392144 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-08-24 21:34 - 2016-07-12 04:09 - 00020936 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00024528 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00114640 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00381752 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00124880 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00024016 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00175560 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00030160 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00043472 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00048592 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00026456 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00057808 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00024016 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00246592 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00028616 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00020800 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00019776 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00020800 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-07-12 07:19 - 2016-07-12 04:07 - 00144848 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-08-13 13:53 - 2016-07-12 04:08 - 00241104 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00020280 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00023376 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00350152 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00022352 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00024392 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-08-24 21:34 - 2016-07-12 04:09 - 00036296 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\librsync.dll
2016-08-24 21:34 - 2016-08-24 01:17 - 00084280 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-08-24 21:34 - 2016-08-24 01:17 - 01826096 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-07-12 07:19 - 2016-07-12 04:07 - 00083912 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\sip.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 03929392 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 01972016 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00531248 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00132912 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00224056 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00207672 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-13 13:53 - 2016-08-24 01:17 - 00020288 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00060880 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-13 13:53 - 2016-08-24 01:17 - 00024904 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00546096 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00357680 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00168248 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00042808 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-01-10 15:33 - 2015-11-18 14:04 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2016-01-10 15:33 - 2015-11-18 14:04 - 00052256 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2016-09-03 14:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-09-03 14:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-09-03 14:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-09-03 14:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-09-03 14:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-985286299-975283114-1846765778-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Carolina\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FD2D0CBE-2ACA-4AAC-8C5D-1B886A96EDA7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2DEE37ED-7C7F-4540-97CB-36AD955CF87B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{F0B9CEFB-F3BF-4F2A-B3E4-B402FD767BDF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E76C26C5-2BD1-433C-A368-E25B2159FA1C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{50BDE0CF-E37A-4593-A1D7-8BAC9A913096}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{121B0D97-D676-4213-8767-EA7CB6692538}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{8A3FB726-2F3F-4803-B61C-921845D80F11}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{97BF3BBB-63FD-4C8F-83EE-4B947F143D6F}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{BBA7191A-9D55-4B21-B94D-BC2B6BA85B5A}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{25F9C33E-5CF0-4EFE-B554-CEDCDAE83445}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A73631B-3944-451B-85BE-5E60202642AF}] => (Allow) LPort=2869
FirewallRules: [{67A66FAB-516C-4A78-B394-E86FAA5B327F}] => (Allow) LPort=1900
FirewallRules: [{8D3461A7-1C02-492C-ADCF-13CB6B24A7B5}] => (Allow) C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6CDC17CD-C5A7-4807-A61B-BF5CB68D3A3C}] => (Allow) C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{CD614C83-5B07-4FCE-9CC3-ED70796B3E21}C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{43C48600-5632-4AC0-BC0A-224EA33825B8}C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B07A1A75-3DF1-42BC-ADEA-ABFC444EBD8F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68DC9D0E-2780-44B5-9DEE-A72BB78C9BD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EF72481-AD33-49DF-BC7F-B5787FACD404}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6B53120D-2DA3-4EF7-91A2-48E131A20EB0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1165420B-AB4D-4AA5-BB45-F1F184D5B73E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C3824513-55AD-44C5-B0AC-A01E11CE2D0D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{947ADD07-0DD8-4463-8A85-46F7AED753ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{24BE4FB8-0FAB-421C-8328-C661F52ADDD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46C0F00D-5D25-4258-A60E-70C866E9C705}] => (Allow) %systemroot%\system32\alg.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
19-08-2016 10:18:20 Windows Update
22-08-2016 22:07:03 Windows Update
30-08-2016 14:13:55 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/03/2016 05:11:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (09/03/2016 02:20:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 48.0.2.6079 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1014
Startzeit: 01d205dc8eb1792b
Endzeit: 34
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: c94d91ed-71d0-11e6-bf77-6036dda75de5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/03/2016 02:20:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 48.0.2.6079, Zeitstempel: 0x57bd3628
Name des fehlerhaften Moduls: mozglue.dll, Version: 48.0.2.6079, Zeitstempel: 0x57bd2857
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000efe5
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0x01d205dc93442b17
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: cd1a0fbf-71d0-11e6-bf77-6036dda75de5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/03/2016 02:13:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/03/2016 02:13:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/03/2016 02:12:45 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (09/03/2016 07:53:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e84
Startzeit: 01d205a6b69c817a
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: b2fb4304-719a-11e6-bf76-6036dda75de5
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (09/03/2016 07:48:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/03/2016 07:48:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/02/2016 01:25:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Systemfehler:
=============
Error: (09/03/2016 03:08:19 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.
Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x200000003c33a. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".
Error: (09/03/2016 02:12:37 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.
Error: (09/03/2016 08:21:09 AM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.
Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x200000003c33a. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".
Error: (09/03/2016 07:47:23 AM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.
Error: (09/02/2016 12:39:41 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.
Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x200000003c33a. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".
Error: (09/02/2016 12:24:57 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.
Error: (09/02/2016 12:25:01 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Der Computer wurde nach einem schwerwiegenden Fehler neu gestartet. Der Fehlercode war: 0x0000007a (0x0000000000000004, 0x0000000000000000, 0xffffe000cfe90b60, 0x00000000098f6000). Ein volles Abbild wurde gespeichert in: C:\WINDOWS\Minidump\090216-30312-01.dmp. Berichts-ID: 090216-30312-01.
Error: (09/02/2016 12:25:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 02.09.2016 um 12:03:53 unerwartet heruntergefahren.
Error: (09/02/2016 08:32:27 AM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.
Error: (08/29/2016 11:30:55 AM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.
Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x200000003c33a. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 8061.27 MB
Verfügbarer physikalischer RAM: 5620.61 MB
Summe virtueller Speicher: 16253.27 MB
Verfügbarer virtueller Speicher: 12218 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:931 GB) (Free:845.11 GB) NTFS
Drive e: (INTENSO) (Fixed) (Total:931.28 GB) (Free:711.2 GB) FAT32
Drive f: (Carolina Schule) (Fixed) (Total:931.48 GB) (Free:912.93 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 1809107F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 104EC38C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
03.09.2016, 20:56
| #4 |
| | Browser immitierte Bankseite und forderte Pineingabe - Trojaner? [CODE] Code:
ATTFilter 21:47:19.0276 0x1c20 TDSS rootkit removing tool 3.1.0.11 Aug 5 2016 12:13:31
21:47:19.0276 0x1c20 UEFI system
21:47:26.0400 0x1c20 ============================================================
21:47:26.0400 0x1c20 Current date / time: 2016/09/03 21:47:26.0400
21:47:26.0400 0x1c20 SystemInfo:
21:47:26.0400 0x1c20
21:47:26.0400 0x1c20 OS Version: 6.3.9600 ServicePack: 0.0
21:47:26.0400 0x1c20 Product type: Workstation
21:47:26.0400 0x1c20 ComputerName: CAROLINA
21:47:26.0401 0x1c20 UserName: Carolina
21:47:26.0401 0x1c20 Windows directory: C:\WINDOWS
21:47:26.0401 0x1c20 System windows directory: C:\WINDOWS
21:47:26.0401 0x1c20 Running under WOW64
21:47:26.0401 0x1c20 Processor architecture: Intel x64
21:47:26.0401 0x1c20 Number of processors: 4
21:47:26.0401 0x1c20 Page size: 0x1000
21:47:26.0401 0x1c20 Boot type: Normal boot
21:47:26.0401 0x1c20 CodeIntegrityOptions = 0x00000001
21:47:26.0401 0x1c20 ============================================================
21:47:33.0381 0x1c20 KLMD registered as C:\WINDOWS\system32\drivers\14260960.sys
21:47:33.0381 0x1c20 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18378, osProperties = 0x19
21:47:40.0321 0x1c20 System UUID: {7910A48F-5D80-09C6-05B9-1572B5604910}
21:47:47.0321 0x1c20 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:47:47.0324 0x1c20 Drive \Device\Harddisk1\DR4 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:47:47.0325 0x1c20 Drive \Device\Harddisk2\DR3 - Size: 0xE8DED00000 ( 931.48 Gb ), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:47:47.0327 0x1c20 ============================================================
21:47:47.0327 0x1c20 \Device\Harddisk0\DR0:
21:47:47.0327 0x1c20 GPT partitions:
21:47:47.0328 0x1c20 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B539C20F-64F0-41BE-AD01-08275D7BA5DB}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
21:47:47.0328 0x1c20 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1B54E7D8-815E-47C3-89CA-5BD3EA7C770B}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x31800
21:47:47.0328 0x1c20 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {5704DD12-B1A3-49C1-BD34-3EC98E2E4E44}, Name: Microsoft reserved partition, StartLBA 0xC8000, BlocksNum 0x40000
21:47:47.0328 0x1c20 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E9A9535A-5E9C-44FD-ADE3-0783842E9ED2}, Name: Basic data partition, StartLBA 0x108000, BlocksNum 0x745FE800
21:47:47.0328 0x1c20 MBR partitions:
21:47:47.0328 0x1c20 \Device\Harddisk1\DR4:
21:47:47.0328 0x1c20 MBR partitions:
21:47:47.0328 0x1c20 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x747051C1
21:47:47.0328 0x1c20 \Device\Harddisk2\DR3:
21:47:47.0329 0x1c20 MBR partitions:
21:47:47.0329 0x1c20 \Device\Harddisk2\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
21:47:47.0329 0x1c20 ============================================================
21:47:47.0350 0x1c20 C: <-> \Device\Harddisk0\DR0\Partition4
21:47:47.0350 0x1c20 E: <-> \Device\Harddisk1\DR4\Partition1
21:47:47.0816 0x1c20 F: <-> \Device\Harddisk2\DR3\Partition1
21:47:47.0816 0x1c20 ============================================================
21:47:47.0816 0x1c20 Initialize success
21:47:47.0816 0x1c20 ============================================================
21:49:46.0540 0x1c24 ============================================================
21:49:46.0540 0x1c24 Scan started
21:49:46.0540 0x1c24 Mode: Manual; SigCheck; TDLFS;
21:49:46.0540 0x1c24 ============================================================
21:49:46.0540 0x1c24 KSN ping started
21:49:46.0633 0x1c24 KSN ping finished: true
21:49:48.0843 0x1c24 ================ Scan system memory ========================
21:49:48.0843 0x1c24 System memory - ok
21:49:48.0844 0x1c24 ================ Scan services =============================
21:49:49.0224 0x1c24 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
21:49:49.0288 0x1c24 1394ohci - ok
21:49:49.0311 0x1c24 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
21:49:49.0324 0x1c24 3ware - ok
21:49:49.0361 0x1c24 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
21:49:49.0385 0x1c24 ACPI - ok
21:49:49.0418 0x1c24 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
21:49:49.0431 0x1c24 acpiex - ok
21:49:49.0444 0x1c24 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
21:49:49.0455 0x1c24 acpipagr - ok
21:49:49.0486 0x1c24 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
21:49:49.0498 0x1c24 AcpiPmi - ok
21:49:49.0510 0x1c24 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
21:49:49.0522 0x1c24 acpitime - ok
21:49:49.0608 0x1c24 [ 68E7DEA59FDEF410BAF29FDB5B7A6EEF, B808FCF0C30B465A1330E47947B84FC722A3B4C46260E261C54B1EED725A288F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:49:49.0634 0x1c24 AdobeARMservice - ok
21:49:49.0749 0x1c24 [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:49:49.0783 0x1c24 AdobeFlashPlayerUpdateSvc - ok
21:49:49.0834 0x1c24 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
21:49:49.0862 0x1c24 ADP80XX - ok
21:49:49.0891 0x1c24 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
21:49:49.0919 0x1c24 AeLookupSvc - ok
21:49:49.0945 0x1c24 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\WINDOWS\system32\drivers\afd.sys
21:49:49.0969 0x1c24 AFD - ok
21:49:49.0999 0x1c24 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
21:49:50.0023 0x1c24 agp440 - ok
21:49:50.0056 0x1c24 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
21:49:50.0070 0x1c24 ahcache - ok
21:49:50.0096 0x1c24 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
21:49:50.0109 0x1c24 ALG - ok
21:49:50.0138 0x1c24 [ B85B5F067E29A94D598E3C35CC76EE2B, 4D6890FCF677637C6FB1E73E212D9208DB2B72432E4155557290892C21895F59 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
21:49:50.0164 0x1c24 AMD External Events Utility - ok
21:49:50.0188 0x1c24 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
21:49:50.0200 0x1c24 AmdK8 - ok
21:49:50.0556 0x1c24 [ 8E5F9BD597E596ABC7D0CBBF1F5DD229, 2F7A64B3C6F555D13DB151C77816889090DE4CEA0A62EC7B1618748C10F589B4 ] amdkmdag C:\WINDOWS\system32\DRIVERS\atikmdag.sys
21:49:50.0824 0x1c24 amdkmdag - ok
21:49:50.0863 0x1c24 [ C80088CF1D9BE6391051D080EE20BB40, 3CFA490DAAB6E4E8B96497C58308D30A87086A7B1B3F2C542004FEDEDCC2A17F ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
21:49:50.0887 0x1c24 amdkmdap - ok
21:49:50.0917 0x1c24 [ 8A375CB3B6D1A56A2AEEE72A5F1D0926, 03D6EA77B141675B719E66DA09D1DACC7137B19F9918C303DD6870B3F36ADEBB ] amdkmpfd C:\WINDOWS\system32\drivers\amdkmpfd.sys
21:49:50.0930 0x1c24 amdkmpfd - ok
21:49:50.0949 0x1c24 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
21:49:50.0975 0x1c24 AmdPPM - ok
21:49:50.0988 0x1c24 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
21:49:51.0000 0x1c24 amdsata - ok
21:49:51.0028 0x1c24 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
21:49:51.0044 0x1c24 amdsbs - ok
21:49:51.0057 0x1c24 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
21:49:51.0068 0x1c24 amdxata - ok
21:49:51.0090 0x1c24 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
21:49:51.0103 0x1c24 AppID - ok
21:49:51.0128 0x1c24 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
21:49:51.0140 0x1c24 AppIDSvc - ok
21:49:51.0164 0x1c24 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
21:49:51.0179 0x1c24 Appinfo - ok
21:49:51.0203 0x1c24 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
21:49:51.0226 0x1c24 AppReadiness - ok
21:49:51.0284 0x1c24 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
21:49:51.0324 0x1c24 AppXSvc - ok
21:49:51.0351 0x1c24 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
21:49:51.0364 0x1c24 arcsas - ok
21:49:51.0376 0x1c24 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
21:49:51.0386 0x1c24 atapi - ok
21:49:51.0407 0x1c24 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
21:49:51.0423 0x1c24 AudioEndpointBuilder - ok
21:49:51.0468 0x1c24 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
21:49:51.0497 0x1c24 Audiosrv - ok
21:49:51.0519 0x1c24 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
21:49:51.0532 0x1c24 AxInstSV - ok
21:49:51.0579 0x1c24 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
21:49:51.0603 0x1c24 b06bdrv - ok
21:49:51.0624 0x1c24 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
21:49:51.0636 0x1c24 BasicDisplay - ok
21:49:51.0663 0x1c24 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
21:49:51.0675 0x1c24 BasicRender - ok
21:49:51.0695 0x1c24 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
21:49:51.0703 0x1c24 bcmfn2 - ok
21:49:51.0731 0x1c24 [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
21:49:51.0765 0x1c24 BDESVC - ok
21:49:51.0791 0x1c24 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:49:51.0803 0x1c24 Beep - ok
21:49:51.0850 0x1c24 [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE C:\WINDOWS\System32\bfe.dll
21:49:51.0899 0x1c24 BFE - ok
21:49:52.0046 0x1c24 [ D96D4638A7DC68640FF916F6A4C7D509, E700F76066F2F731AF9C111E06A3FB1537ACC6B4AD8076D411F1762C94EB8A0E ] BHDrvx64 C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20160826.008\BHDrvx64.sys
21:49:52.0091 0x1c24 BHDrvx64 - ok
21:49:52.0133 0x1c24 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
21:49:52.0164 0x1c24 BITS - ok
21:49:52.0178 0x1c24 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
21:49:52.0191 0x1c24 bowser - ok
21:49:52.0217 0x1c24 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
21:49:52.0234 0x1c24 BrokerInfrastructure - ok
21:49:52.0264 0x1c24 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
21:49:52.0277 0x1c24 Browser - ok
21:49:52.0297 0x1c24 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
21:49:52.0310 0x1c24 BthAvrcpTg - ok
21:49:52.0344 0x1c24 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
21:49:52.0357 0x1c24 BthEnum - ok
21:49:52.0385 0x1c24 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
21:49:52.0397 0x1c24 BthHFEnum - ok
21:49:52.0405 0x1c24 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
21:49:52.0417 0x1c24 bthhfhid - ok
21:49:52.0443 0x1c24 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
21:49:52.0460 0x1c24 BthHFSrv - ok
21:49:52.0474 0x1c24 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
21:49:52.0487 0x1c24 BTHMODEM - ok
21:49:52.0511 0x1c24 [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
21:49:52.0524 0x1c24 BthPan - ok
21:49:52.0569 0x1c24 [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
21:49:52.0604 0x1c24 BTHPORT - ok
21:49:52.0628 0x1c24 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
21:49:52.0641 0x1c24 bthserv - ok
21:49:52.0664 0x1c24 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
21:49:52.0677 0x1c24 BTHUSB - ok
21:49:52.0745 0x1c24 [ 03427B8FF618BE50EB5027B4E549C0D8, 3C3815FE3C847B992E794B1BB0FDB87B8D18AEC95BA9E916591CF43EB8169D15 ] ccSet_NS C:\WINDOWS\system32\drivers\NSx64\1607010.020\ccSetx64.sys
21:49:52.0771 0x1c24 ccSet_NS - ok
21:49:52.0794 0x1c24 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
21:49:52.0808 0x1c24 cdfs - ok
21:49:52.0841 0x1c24 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
21:49:52.0855 0x1c24 cdrom - ok
21:49:52.0891 0x1c24 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
21:49:52.0906 0x1c24 CertPropSvc - ok
21:49:52.0926 0x1c24 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
21:49:52.0938 0x1c24 circlass - ok
21:49:52.0968 0x1c24 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
21:49:52.0986 0x1c24 CLFS - ok
21:49:53.0013 0x1c24 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
21:49:53.0025 0x1c24 CmBatt - ok
21:49:53.0068 0x1c24 [ 5CBF8B3E27D824D2AA2A34AFB406F1D0, 955AF1307C02D2B4DEEB150F37F77B8631C0F3C450037C233E9E27D6571B0265 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
21:49:53.0092 0x1c24 CNG - ok
21:49:53.0107 0x1c24 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
21:49:53.0119 0x1c24 CompositeBus - ok
21:49:53.0123 0x1c24 COMSysApp - ok
21:49:53.0141 0x1c24 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
21:49:53.0155 0x1c24 condrv - ok
21:49:53.0240 0x1c24 [ 15FBADDC84ED202E59A4F1B201CC692C, A50092155B18DAD51049A72503002F08C1BB2DFDA239C4D3555360C163F2F782 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
21:49:53.0254 0x1c24 cphs - ok
21:49:53.0288 0x1c24 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
21:49:53.0302 0x1c24 CryptSvc - ok
21:49:53.0321 0x1c24 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
21:49:53.0332 0x1c24 dam - ok
21:49:53.0374 0x1c24 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:49:53.0403 0x1c24 DcomLaunch - ok
21:49:53.0441 0x1c24 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
21:49:53.0463 0x1c24 defragsvc - ok
21:49:53.0494 0x1c24 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
21:49:53.0514 0x1c24 DeviceAssociationService - ok
21:49:53.0538 0x1c24 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
21:49:53.0554 0x1c24 DeviceInstall - ok
21:49:53.0577 0x1c24 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
21:49:53.0590 0x1c24 Dfsc - ok
21:49:53.0604 0x1c24 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:49:53.0615 0x1c24 dg_ssudbus - ok
21:49:53.0654 0x1c24 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
21:49:53.0672 0x1c24 Dhcp - ok
21:49:53.0745 0x1c24 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
21:49:53.0788 0x1c24 DiagTrack - ok
21:49:53.0808 0x1c24 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
21:49:53.0821 0x1c24 disk - ok
21:49:53.0839 0x1c24 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
21:49:53.0850 0x1c24 dmvsc - ok
21:49:53.0877 0x1c24 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:49:53.0895 0x1c24 Dnscache - ok
21:49:53.0920 0x1c24 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
21:49:53.0937 0x1c24 dot3svc - ok
21:49:53.0965 0x1c24 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
21:49:53.0981 0x1c24 DPS - ok
21:49:54.0009 0x1c24 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:49:54.0020 0x1c24 drmkaud - ok
21:49:54.0039 0x1c24 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
21:49:54.0055 0x1c24 DsmSvc - ok
21:49:54.0139 0x1c24 [ F74B839FA0F4E6060CA1DA6B8DA17941, EF493E1F55FCD6A8C32B3D5D5809B7EFCCC9829E9A347522D1E6FE080D41BF37 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
21:49:54.0185 0x1c24 DXGKrnl - ok
21:49:54.0213 0x1c24 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
21:49:54.0241 0x1c24 Eaphost - ok
21:49:54.0375 0x1c24 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
21:49:54.0460 0x1c24 ebdrv - ok
21:49:54.0528 0x1c24 [ E5C10FCFA331D2BA13B211D0454FEA38, 9363545317C655EED282BA1FE7C71B26E2C3599F35E42E7496F413961303A24D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:49:54.0556 0x1c24 eeCtrl - ok
21:49:54.0580 0x1c24 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
21:49:54.0593 0x1c24 EFS - ok
21:49:54.0611 0x1c24 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
21:49:54.0623 0x1c24 EhStorClass - ok
21:49:54.0639 0x1c24 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
21:49:54.0651 0x1c24 EhStorTcgDrv - ok
21:49:54.0673 0x1c24 [ 2BD3F1059975CE90F8D968DADD790DFF, 9FD4FA7DB54B0E1E4A48863435F728220978A271D2A28BB3E9E112C1A59B1D4C ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:49:54.0684 0x1c24 EraserUtilRebootDrv - ok
21:49:54.0698 0x1c24 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
21:49:54.0709 0x1c24 ErrDev - ok
21:49:54.0778 0x1c24 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
21:49:54.0808 0x1c24 EventSystem - ok
21:49:54.0840 0x1c24 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
21:49:54.0865 0x1c24 exfat - ok
21:49:54.0886 0x1c24 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
21:49:54.0901 0x1c24 fastfat - ok
21:49:54.0939 0x1c24 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
21:49:54.0963 0x1c24 Fax - ok
21:49:54.0973 0x1c24 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
21:49:54.0986 0x1c24 fdc - ok
21:49:55.0003 0x1c24 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
21:49:55.0016 0x1c24 fdPHost - ok
21:49:55.0037 0x1c24 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
21:49:55.0051 0x1c24 FDResPub - ok
21:49:55.0079 0x1c24 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
21:49:55.0093 0x1c24 fhsvc - ok
21:49:55.0117 0x1c24 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
21:49:55.0129 0x1c24 FileInfo - ok
21:49:55.0160 0x1c24 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
21:49:55.0176 0x1c24 Filetrace - ok
21:49:55.0191 0x1c24 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
21:49:55.0204 0x1c24 flpydisk - ok
21:49:55.0229 0x1c24 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:49:55.0247 0x1c24 FltMgr - ok
21:49:55.0295 0x1c24 [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache C:\WINDOWS\system32\FntCache.dll
21:49:55.0334 0x1c24 FontCache - ok
21:49:55.0358 0x1c24 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
21:49:55.0369 0x1c24 FsDepends - ok
21:49:55.0392 0x1c24 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:49:55.0419 0x1c24 Fs_Rec - ok
21:49:55.0462 0x1c24 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
21:49:55.0497 0x1c24 fvevol - ok
21:49:55.0529 0x1c24 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
21:49:55.0541 0x1c24 FxPPM - ok
21:49:55.0555 0x1c24 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
21:49:55.0567 0x1c24 gagp30kx - ok
21:49:55.0597 0x1c24 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
21:49:55.0608 0x1c24 gencounter - ok
21:49:55.0633 0x1c24 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
21:49:55.0646 0x1c24 GPIOClx0101 - ok
21:49:55.0708 0x1c24 [ 9678FD4747A4F2E2318245EE6099482E, C76AE30E8BA77DC330F9CFE5ECEA58FAE0995396742923B564A2257DE24D7B32 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
21:49:55.0746 0x1c24 gpsvc - ok
21:49:55.0836 0x1c24 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
21:49:55.0858 0x1c24 HdAudAddService - ok
21:49:55.0880 0x1c24 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
21:49:55.0892 0x1c24 HDAudBus - ok
21:49:55.0908 0x1c24 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
21:49:55.0920 0x1c24 HidBatt - ok
21:49:55.0955 0x1c24 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
21:49:55.0967 0x1c24 HidBth - ok
21:49:55.0980 0x1c24 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
21:49:55.0993 0x1c24 hidi2c - ok
21:49:56.0004 0x1c24 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
21:49:56.0017 0x1c24 HidIr - ok
21:49:56.0048 0x1c24 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
21:49:56.0060 0x1c24 hidserv - ok
21:49:56.0083 0x1c24 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
21:49:56.0095 0x1c24 HidUsb - ok
21:49:56.0128 0x1c24 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
21:49:56.0207 0x1c24 hkmsvc - ok
21:49:56.0277 0x1c24 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
21:49:56.0304 0x1c24 HomeGroupListener - ok
21:49:56.0343 0x1c24 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
21:49:56.0363 0x1c24 HomeGroupProvider - ok
21:49:56.0419 0x1c24 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
21:49:56.0446 0x1c24 HpSAMD - ok
21:49:56.0494 0x1c24 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
21:49:56.0527 0x1c24 HTTP - ok
21:49:56.0549 0x1c24 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
21:49:56.0559 0x1c24 hwpolicy - ok
21:49:56.0574 0x1c24 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
21:49:56.0585 0x1c24 hyperkbd - ok
21:49:56.0597 0x1c24 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
21:49:56.0609 0x1c24 HyperVideo - ok
21:49:56.0639 0x1c24 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
21:49:56.0653 0x1c24 i8042prt - ok
21:49:56.0668 0x1c24 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
21:49:56.0677 0x1c24 iaLPSSi_GPIO - ok
21:49:56.0692 0x1c24 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
21:49:56.0702 0x1c24 iaLPSSi_I2C - ok
21:49:56.0744 0x1c24 [ 459016E8A4FA6426EDB5A9456A6E5E58, 92B73EE5559ABD8783EC5AF8A2B6EBDE0D937745B4BEDBEA6DF06DD8606AE56C ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
21:49:56.0765 0x1c24 iaStorA - ok
21:49:56.0805 0x1c24 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
21:49:56.0827 0x1c24 iaStorAV - ok
21:49:56.0849 0x1c24 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
21:49:56.0868 0x1c24 iaStorV - ok
21:49:56.0984 0x1c24 [ DB2B8F970C2EA337C78C92B04C2E84D1, A5D2275AEA687A84BE2B6A355B11446F59A3DD549C4C6F0FCE337A9BF8C34049 ] IDSVia64 C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20160902.001\IDSvia64.sys
21:49:57.0009 0x1c24 IDSVia64 - ok
21:49:57.0013 0x1c24 IEEtwCollectorService - ok
21:49:57.0148 0x1c24 [ C38AFE18A40ADF005647090DD3AC24F3, 302810C31B005DD4C9143233AB5B4F332C62AD866A7C7AB0E8F8F81AE1766B11 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
21:49:57.0233 0x1c24 igfx - ok
21:49:57.0250 0x1c24 [ 7A510A9AFC7955DEE63F8DC243E31292, 13906F6212F4C116BE224F2A8AFFF089ACFED8F543E26FC6208FF38463366173 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
21:49:57.0264 0x1c24 igfxCUIService1.0.0.0 - ok
21:49:57.0329 0x1c24 [ CE1EE31FFF730CA975A5535D8A71AF61, A1808EB92EC2444F9309C93F5724A7A374F4B983862829BF9B076C8D3B2427DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
21:49:57.0353 0x1c24 IJPLMSVC - ok
21:49:57.0432 0x1c24 [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT C:\WINDOWS\System32\ikeext.dll
21:49:57.0465 0x1c24 IKEEXT - ok
21:49:57.0490 0x1c24 [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
21:49:57.0499 0x1c24 intaud_WaveExtensible - ok
21:49:57.0523 0x1c24 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
21:49:57.0533 0x1c24 intelide - ok
21:49:57.0563 0x1c24 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
21:49:57.0574 0x1c24 intelpep - ok
21:49:57.0589 0x1c24 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
21:49:57.0603 0x1c24 intelppm - ok
21:49:57.0628 0x1c24 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:49:57.0643 0x1c24 IpFilterDriver - ok
21:49:57.0703 0x1c24 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
21:49:57.0733 0x1c24 iphlpsvc - ok
21:49:57.0760 0x1c24 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
21:49:57.0789 0x1c24 IPMIDRV - ok
21:49:57.0814 0x1c24 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
21:49:57.0827 0x1c24 IPNAT - ok
21:49:57.0844 0x1c24 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
21:49:57.0858 0x1c24 IRENUM - ok
21:49:57.0877 0x1c24 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
21:49:57.0887 0x1c24 isapnp - ok
21:49:57.0930 0x1c24 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
21:49:57.0946 0x1c24 iScsiPrt - ok
21:49:57.0967 0x1c24 [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
21:49:57.0975 0x1c24 iwdbus - ok
21:49:58.0005 0x1c24 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
21:49:58.0016 0x1c24 kbdclass - ok
21:49:58.0026 0x1c24 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
21:49:58.0038 0x1c24 kbdhid - ok
21:49:58.0061 0x1c24 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
21:49:58.0075 0x1c24 kdnic - ok
21:49:58.0079 0x1c24 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
21:49:58.0090 0x1c24 KeyIso - ok
21:49:58.0115 0x1c24 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
21:49:58.0127 0x1c24 KSecDD - ok
21:49:58.0156 0x1c24 [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
21:49:58.0170 0x1c24 KSecPkg - ok
21:49:58.0177 0x1c24 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
21:49:58.0189 0x1c24 ksthunk - ok
21:49:58.0221 0x1c24 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
21:49:58.0240 0x1c24 KtmRm - ok
21:49:58.0268 0x1c24 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
21:49:58.0286 0x1c24 LanmanServer - ok
21:49:58.0342 0x1c24 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
21:49:58.0371 0x1c24 LanmanWorkstation - ok
21:49:58.0407 0x1c24 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
21:49:58.0428 0x1c24 lfsvc - ok
21:49:58.0573 0x1c24 [ 337FA50FFDED5E2BC94B36BF625AB681, BC77CCED8F2B52D26C7A2D7960FB5C1690F5D7E41013644C9226A85C9FF4FA2C ] LiveUpdateSvc C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
21:49:58.0637 0x1c24 LiveUpdateSvc - ok
21:49:58.0665 0x1c24 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
21:49:58.0680 0x1c24 lltdio - ok
21:49:58.0719 0x1c24 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
21:49:58.0738 0x1c24 lltdsvc - ok
21:49:58.0758 0x1c24 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
21:49:58.0770 0x1c24 lmhosts - ok
21:49:58.0790 0x1c24 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
21:49:58.0803 0x1c24 LSI_SAS - ok
21:49:58.0815 0x1c24 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
21:49:58.0829 0x1c24 LSI_SAS2 - ok
21:49:58.0842 0x1c24 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
21:49:58.0853 0x1c24 LSI_SAS3 - ok
21:49:58.0872 0x1c24 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
21:49:58.0883 0x1c24 LSI_SSS - ok
21:49:58.0924 0x1c24 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
21:49:58.0952 0x1c24 LSM - ok
21:49:58.0979 0x1c24 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
21:49:58.0992 0x1c24 luafv - ok
21:49:59.0012 0x1c24 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
21:49:59.0023 0x1c24 megasas - ok
21:49:59.0044 0x1c24 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
21:49:59.0068 0x1c24 megasr - ok
21:49:59.0100 0x1c24 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
21:49:59.0109 0x1c24 MEIx64 - ok
21:49:59.0130 0x1c24 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
21:49:59.0144 0x1c24 MMCSS - ok
21:49:59.0174 0x1c24 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
21:49:59.0189 0x1c24 Modem - ok
21:49:59.0206 0x1c24 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
21:49:59.0218 0x1c24 monitor - ok
21:49:59.0230 0x1c24 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
21:49:59.0241 0x1c24 mouclass - ok
21:49:59.0258 0x1c24 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
21:49:59.0269 0x1c24 mouhid - ok
21:49:59.0297 0x1c24 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
21:49:59.0310 0x1c24 mountmgr - ok
21:49:59.0344 0x1c24 [ A82AA5481A845F4AC0E5EE83904FBFED, 2E1640BCA51B1957815465E4DEE895FCD87C93EA80DDD3A80B5647B23D16FB67 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:49:59.0356 0x1c24 MozillaMaintenance - ok
21:49:59.0384 0x1c24 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
21:49:59.0396 0x1c24 mpsdrv - ok
21:49:59.0433 0x1c24 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
21:49:59.0463 0x1c24 MpsSvc - ok
21:49:59.0490 0x1c24 [ D2AC8F07995CE6CD18848C129435B481, 839B04116B49A757950E049150F6AADE41335914CC699ED73BE886BECAC39D36 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
21:49:59.0504 0x1c24 MRxDAV - ok
21:49:59.0528 0x1c24 [ 5DCD41F62F71519D2A46D41F60C69B0C, A9C2F8B8F82BDBF48F34D5837ED27CE251C75232A07AF26F7B796D2A106795A0 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:49:59.0548 0x1c24 mrxsmb - ok
21:49:59.0570 0x1c24 [ D7C9BC4D37BF08C7DD436A0A5F321668, 30A5AF211BEC89E26134CDAE3E60D0D9F0AE2748F56E9D09B07431206AD381C6 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
21:49:59.0588 0x1c24 mrxsmb10 - ok
21:49:59.0618 0x1c24 [ 4065615E836BF8C61AF6278EB2A9D1D6, B9A0E40DEC36D1A228EC4EF48CCD9BE6C726E53D17F38280AA74C068E7887621 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
21:49:59.0633 0x1c24 mrxsmb20 - ok
21:49:59.0655 0x1c24 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
21:49:59.0669 0x1c24 MsBridge - ok
21:49:59.0702 0x1c24 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:49:59.0716 0x1c24 MSDTC - ok
21:49:59.0751 0x1c24 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:49:59.0782 0x1c24 Msfs - ok
21:49:59.0802 0x1c24 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
21:49:59.0812 0x1c24 msgpiowin32 - ok
21:49:59.0831 0x1c24 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
21:49:59.0843 0x1c24 mshidkmdf - ok
21:49:59.0853 0x1c24 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
21:49:59.0865 0x1c24 mshidumdf - ok
21:49:59.0874 0x1c24 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
21:49:59.0885 0x1c24 msisadrv - ok
21:49:59.0913 0x1c24 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
21:49:59.0927 0x1c24 MSiSCSI - ok
21:49:59.0931 0x1c24 msiserver - ok
21:49:59.0956 0x1c24 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:49:59.0968 0x1c24 MSKSSRV - ok
21:49:59.0995 0x1c24 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
21:50:00.0008 0x1c24 MsLldp - ok
21:50:00.0027 0x1c24 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:50:00.0039 0x1c24 MSPCLOCK - ok
21:50:00.0049 0x1c24 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:50:00.0074 0x1c24 MSPQM - ok
21:50:00.0098 0x1c24 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
21:50:00.0118 0x1c24 MsRPC - ok
21:50:00.0129 0x1c24 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
21:50:00.0140 0x1c24 mssmbios - ok
21:50:00.0152 0x1c24 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:50:00.0164 0x1c24 MSTEE - ok
21:50:00.0185 0x1c24 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
21:50:00.0197 0x1c24 MTConfig - ok
21:50:00.0212 0x1c24 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
21:50:00.0223 0x1c24 Mup - ok
21:50:00.0237 0x1c24 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
21:50:00.0249 0x1c24 mvumis - ok
21:50:00.0284 0x1c24 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
21:50:00.0306 0x1c24 napagent - ok
21:50:00.0336 0x1c24 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
21:50:00.0356 0x1c24 NativeWifiP - ok
21:50:00.0383 0x1c24 NAVENG - ok
21:50:00.0385 0x1c24 NAVEX15 - ok
21:50:00.0426 0x1c24 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
21:50:00.0463 0x1c24 NcaSvc - ok
21:50:00.0493 0x1c24 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
21:50:00.0508 0x1c24 NcbService - ok
21:50:00.0530 0x1c24 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
21:50:00.0543 0x1c24 NcdAutoSetup - ok
21:50:00.0592 0x1c24 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
21:50:00.0630 0x1c24 NDIS - ok
21:50:00.0659 0x1c24 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
21:50:00.0672 0x1c24 NdisCap - ok
21:50:00.0695 0x1c24 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
21:50:00.0709 0x1c24 NdisImPlatform - ok
21:50:00.0723 0x1c24 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:50:00.0734 0x1c24 NdisTapi - ok
21:50:00.0752 0x1c24 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:50:00.0765 0x1c24 Ndisuio - ok
21:50:00.0788 0x1c24 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
21:50:00.0801 0x1c24 NdisVirtualBus - ok
21:50:00.0819 0x1c24 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:50:00.0837 0x1c24 NdisWan - ok
21:50:00.0855 0x1c24 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:50:00.0873 0x1c24 NdisWanLegacy - ok
21:50:00.0906 0x1c24 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:50:00.0927 0x1c24 NDProxy - ok
21:50:00.0963 0x1c24 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
21:50:00.0978 0x1c24 Ndu - ok
21:50:01.0010 0x1c24 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:50:01.0022 0x1c24 NetBIOS - ok
21:50:01.0052 0x1c24 [ 9DC17B7D9D84C37C102D379FCC7D4942, D522022ED4395686837E96F57EE29F8065FB749D1195B60D2A406FB33F696C09 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:50:01.0069 0x1c24 NetBT - ok
21:50:01.0079 0x1c24 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
21:50:01.0091 0x1c24 Netlogon - ok
21:50:01.0119 0x1c24 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
21:50:01.0137 0x1c24 Netman - ok
21:50:01.0172 0x1c24 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
21:50:01.0196 0x1c24 netprofm - ok
21:50:01.0285 0x1c24 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:50:01.0363 0x1c24 NetTcpPortSharing - ok
21:50:01.0385 0x1c24 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
21:50:01.0398 0x1c24 netvsc - ok
21:50:01.0521 0x1c24 [ 75B9B86878CC159FBC40C4F9202ADBE3, 80D9176112BAFB42E6568E723781E5C03BD5472AB382496C1BD784DB9B2FB6E6 ] NETwNe64 C:\WINDOWS\system32\DRIVERS\NETwew00.sys
21:50:01.0597 0x1c24 NETwNe64 - ok
21:50:01.0635 0x1c24 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
21:50:01.0654 0x1c24 NlaSvc - ok
21:50:01.0682 0x1c24 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:50:01.0706 0x1c24 Npfs - ok
21:50:01.0725 0x1c24 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
21:50:01.0737 0x1c24 npsvctrig - ok
21:50:01.0797 0x1c24 [ 510589251AC1265DF9EFAF5EF2E4FA03, 6762059A8DCF0662625A944C6F3A798EE6B2AC01925A97D18EA9EFECA1CB8504 ] NS C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NS.exe
21:50:01.0821 0x1c24 NS - ok
21:50:01.0853 0x1c24 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
21:50:01.0867 0x1c24 nsi - ok
21:50:01.0892 0x1c24 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
21:50:01.0905 0x1c24 nsiproxy - ok
21:50:01.0973 0x1c24 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:50:02.0056 0x1c24 Ntfs - ok
21:50:02.0079 0x1c24 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
21:50:02.0092 0x1c24 Null - ok
21:50:02.0105 0x1c24 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
21:50:02.0118 0x1c24 nvraid - ok
21:50:02.0136 0x1c24 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
21:50:02.0150 0x1c24 nvstor - ok
21:50:02.0170 0x1c24 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
21:50:02.0183 0x1c24 nv_agp - ok
21:50:02.0213 0x1c24 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:50:02.0225 0x1c24 ose - ok
21:50:02.0444 0x1c24 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:50:02.0553 0x1c24 osppsvc - ok
21:50:02.0615 0x1c24 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
21:50:02.0634 0x1c24 p2pimsvc - ok
21:50:02.0663 0x1c24 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
21:50:02.0684 0x1c24 p2psvc - ok
21:50:02.0700 0x1c24 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
21:50:02.0713 0x1c24 Parport - ok
21:50:02.0728 0x1c24 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
21:50:02.0740 0x1c24 partmgr - ok
21:50:02.0776 0x1c24 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
21:50:02.0797 0x1c24 PcaSvc - ok
21:50:02.0826 0x1c24 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
21:50:02.0842 0x1c24 pci - ok
21:50:02.0865 0x1c24 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
21:50:02.0875 0x1c24 pciide - ok
21:50:02.0890 0x1c24 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
21:50:02.0902 0x1c24 pcmcia - ok
21:50:02.0909 0x1c24 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
21:50:02.0922 0x1c24 pcw - ok
21:50:02.0942 0x1c24 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
21:50:02.0953 0x1c24 pdc - ok
21:50:02.0992 0x1c24 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
21:50:03.0016 0x1c24 PEAUTH - ok
21:50:03.0096 0x1c24 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
21:50:03.0109 0x1c24 PerfHost - ok
21:50:03.0171 0x1c24 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
21:50:03.0216 0x1c24 pla - ok
21:50:03.0249 0x1c24 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
21:50:03.0264 0x1c24 PlugPlay - ok
21:50:03.0286 0x1c24 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
21:50:03.0299 0x1c24 PNRPAutoReg - ok
21:50:03.0315 0x1c24 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
21:50:03.0335 0x1c24 PNRPsvc - ok
21:50:03.0392 0x1c24 [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
21:50:03.0418 0x1c24 PolicyAgent - ok
21:50:03.0444 0x1c24 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
21:50:03.0458 0x1c24 Power - ok
21:50:03.0642 0x1c24 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
21:50:03.0726 0x1c24 PrintNotify - ok
21:50:03.0765 0x1c24 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
21:50:03.0777 0x1c24 Processor - ok
21:50:03.0800 0x1c24 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
21:50:03.0817 0x1c24 ProfSvc - ok
21:50:03.0847 0x1c24 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
21:50:03.0862 0x1c24 Psched - ok
21:50:03.0889 0x1c24 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
21:50:03.0907 0x1c24 QWAVE - ok
21:50:03.0929 0x1c24 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
21:50:03.0941 0x1c24 QWAVEdrv - ok
21:50:03.0958 0x1c24 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:50:03.0969 0x1c24 RasAcd - ok
21:50:03.0992 0x1c24 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:50:04.0006 0x1c24 RasAuto - ok
21:50:04.0045 0x1c24 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:50:04.0068 0x1c24 RasMan - ok
21:50:04.0093 0x1c24 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:50:04.0124 0x1c24 RasPppoe - ok
21:50:04.0161 0x1c24 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:50:04.0180 0x1c24 rdbss - ok
21:50:04.0208 0x1c24 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
21:50:04.0221 0x1c24 rdpbus - ok
21:50:04.0239 0x1c24 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
21:50:04.0255 0x1c24 RDPDR - ok
21:50:04.0281 0x1c24 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
21:50:04.0292 0x1c24 RdpVideoMiniport - ok
21:50:04.0379 0x1c24 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
21:50:04.0402 0x1c24 rdyboost - ok
21:50:04.0448 0x1c24 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
21:50:04.0488 0x1c24 ReFS - ok
21:50:04.0517 0x1c24 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:50:04.0534 0x1c24 RemoteAccess - ok
21:50:04.0566 0x1c24 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:50:04.0583 0x1c24 RemoteRegistry - ok
21:50:04.0642 0x1c24 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
21:50:04.0669 0x1c24 RFCOMM - ok
21:50:04.0698 0x1c24 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
21:50:04.0711 0x1c24 RpcEptMapper - ok
21:50:04.0727 0x1c24 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
21:50:04.0739 0x1c24 RpcLocator - ok
21:50:04.0775 0x1c24 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:50:04.0805 0x1c24 RpcSs - ok
21:50:04.0818 0x1c24 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:50:04.0833 0x1c24 rspndr - ok
21:50:04.0862 0x1c24 [ 4E6F99CCF3F3149CEC2D576005FD3D15, AE61B930391FD7171D48D808682EA470D9CD0876A209B9CECBC8883A219B66AF ] RSUSBVSTOR C:\WINDOWS\System32\Drivers\RtsUVStor.sys
21:50:04.0876 0x1c24 RSUSBVSTOR - ok
21:50:04.0916 0x1c24 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
21:50:04.0940 0x1c24 RTL8168 - ok
21:50:04.0953 0x1c24 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
21:50:04.0964 0x1c24 s3cap - ok
21:50:04.0990 0x1c24 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
21:50:05.0002 0x1c24 SamSs - ok
21:50:05.0024 0x1c24 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
21:50:05.0037 0x1c24 sbp2port - ok
21:50:05.0070 0x1c24 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
21:50:05.0087 0x1c24 SCardSvr - ok
21:50:05.0116 0x1c24 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
21:50:05.0132 0x1c24 ScDeviceEnum - ok
21:50:05.0157 0x1c24 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
21:50:05.0170 0x1c24 scfilter - ok
21:50:05.0219 0x1c24 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:50:05.0256 0x1c24 Schedule - ok
21:50:05.0293 0x1c24 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
21:50:05.0325 0x1c24 SCPolicySvc - ok
21:50:05.0356 0x1c24 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
21:50:05.0371 0x1c24 sdbus - ok
21:50:05.0607 0x1c24 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
21:50:05.0649 0x1c24 SDScannerService - ok
21:50:05.0672 0x1c24 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
21:50:05.0683 0x1c24 sdstor - ok
21:50:05.0783 0x1c24 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
21:50:05.0831 0x1c24 SDUpdateService - ok
21:50:05.0852 0x1c24 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
21:50:05.0864 0x1c24 SDWSCService - ok
21:50:05.0913 0x1c24 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
21:50:05.0949 0x1c24 secdrv - ok
21:50:05.0968 0x1c24 [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\WINDOWS\system32\seclogon.dll
21:50:05.0982 0x1c24 seclogon - ok
21:50:06.0004 0x1c24 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
21:50:06.0018 0x1c24 SENS - ok
21:50:06.0039 0x1c24 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
21:50:06.0055 0x1c24 SensrSvc - ok
21:50:06.0077 0x1c24 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
21:50:06.0089 0x1c24 SerCx - ok
21:50:06.0114 0x1c24 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
21:50:06.0128 0x1c24 SerCx2 - ok
21:50:06.0138 0x1c24 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
21:50:06.0150 0x1c24 Serenum - ok
21:50:06.0168 0x1c24 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
21:50:06.0182 0x1c24 Serial - ok
21:50:06.0212 0x1c24 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
21:50:06.0224 0x1c24 sermouse - ok
21:50:06.0252 0x1c24 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
21:50:06.0271 0x1c24 SessionEnv - ok
21:50:06.0289 0x1c24 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
21:50:06.0301 0x1c24 sfloppy - ok
21:50:06.0325 0x1c24 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:50:06.0346 0x1c24 SharedAccess - ok
21:50:06.0374 0x1c24 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:50:06.0399 0x1c24 ShellHWDetection - ok
21:50:06.0411 0x1c24 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
21:50:06.0422 0x1c24 SiSRaid2 - ok
21:50:06.0456 0x1c24 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
21:50:06.0468 0x1c24 SiSRaid4 - ok
21:50:06.0483 0x1c24 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
21:50:06.0496 0x1c24 smphost - ok
21:50:06.0533 0x1c24 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
21:50:06.0546 0x1c24 SNMPTRAP - ok
21:50:06.0579 0x1c24 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
21:50:06.0598 0x1c24 spaceport - ok
21:50:06.0621 0x1c24 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
21:50:06.0632 0x1c24 SpbCx - ok
21:50:06.0694 0x1c24 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
21:50:06.0727 0x1c24 Spooler - ok
21:50:06.0933 0x1c24 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
21:50:07.0093 0x1c24 sppsvc - ok
21:50:07.0244 0x1c24 [ C78B63F99F9C40F6C9B06A43A25E77B0, C96437BD4E98997DEDD9C0DC2B5D02AF5A5F9F35A79E712244DDADD6E62374B9 ] SRTSP C:\WINDOWS\System32\Drivers\NSx64\1607010.020\SRTSP64.SYS
21:50:07.0267 0x1c24 SRTSP - ok
21:50:07.0292 0x1c24 [ 27382B6CF36D08783212FCF8B3691649, 83ECFBE280BBA8A4073A34F1B36D57952543F1A9B31E13EF8A40D8A2F12C2F73 ] SRTSPX C:\WINDOWS\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS
21:50:07.0302 0x1c24 SRTSPX - ok
21:50:07.0336 0x1c24 [ 69DC128CF54009A686E0F0C57E2BA0DC, 961B1F1F4CD07D85660E63DEC0AACDE1BF0DA30C0E39C497AE31BD37C5591B72 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:50:07.0355 0x1c24 srv - ok
21:50:07.0384 0x1c24 [ CED8576CD925E83ABEB14F65EA205C29, 37803AB047B5717EDBB7009F504C87B8DE110FBC5D67DFE6A9C8F04B30DD9629 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
21:50:07.0409 0x1c24 srv2 - ok
21:50:07.0421 0x1c24 [ 4396587119D8F4B72561ED24666E7567, 11754EA2668B2088363EFD2BCE4FDABC8836A6C9D78873F2A4F3517A48932ABF ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
21:50:07.0437 0x1c24 srvnet - ok
21:50:07.0466 0x1c24 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:50:07.0483 0x1c24 SSDPSRV - ok
21:50:07.0512 0x1c24 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
21:50:07.0526 0x1c24 SstpSvc - ok
21:50:07.0560 0x1c24 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:50:07.0571 0x1c24 ssudmdm - ok
21:50:07.0585 0x1c24 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
21:50:07.0596 0x1c24 stexstor - ok
21:50:07.0631 0x1c24 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
21:50:07.0657 0x1c24 stisvc - ok
21:50:07.0680 0x1c24 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
21:50:07.0692 0x1c24 storahci - ok
21:50:07.0722 0x1c24 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
21:50:07.0733 0x1c24 storflt - ok
21:50:07.0757 0x1c24 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
21:50:07.0768 0x1c24 stornvme - ok
21:50:07.0794 0x1c24 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
21:50:07.0807 0x1c24 StorSvc - ok
21:50:07.0829 0x1c24 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
21:50:07.0854 0x1c24 storvsc - ok
21:50:07.0881 0x1c24 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
21:50:07.0905 0x1c24 svsvc - ok
21:50:07.0933 0x1c24 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
21:50:07.0951 0x1c24 swenum - ok
21:50:07.0998 0x1c24 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
21:50:08.0024 0x1c24 swprv - ok
21:50:08.0081 0x1c24 [ 6ADFA39058484ADECCCF159627DC987E, FF8376D3441ABA6742773F83BF4DE46A0DB05FD9BA29902454E0E4C05ABC7E58 ] SymEFASI C:\WINDOWS\system32\drivers\NSx64\1607010.020\SYMEFASI64.SYS
21:50:08.0122 0x1c24 SymEFASI - ok
21:50:08.0139 0x1c24 [ 1DE0CBF15AC67AE0E5B456ADEFB89493, C764815313BB4332279730AA02531A448A1D32F5B6D5689FF04549406A5B5212 ] SymELAM C:\WINDOWS\system32\drivers\NSx64\1607010.020\SymELAM.sys
21:50:08.0151 0x1c24 SymELAM - ok
21:50:08.0192 0x1c24 [ F612740A892E8F9E789A85DD92B51150, 67F43FC6CE7A2238DA875657F2223787829316B410EB9A1481C4DF92258C7804 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
21:50:08.0218 0x1c24 SymEvent - ok
21:50:08.0240 0x1c24 [ 9458A37D3A38597FBF62F97E05B3170A, 22724BBCC4426978B656F614B68FB1A80E0E14B56128122A29DAB33266C0E88C ] SymIRON C:\WINDOWS\system32\drivers\NSx64\1607010.020\Ironx64.SYS
21:50:08.0254 0x1c24 SymIRON - ok
21:50:08.0274 0x1c24 [ 5A185256AE1689912B5EC53F69D53820, D692B735AF2764CE29C6182A5C496994AD3A9EF9D5FB600EE9CE8B664F39D0FA ] SymNetS C:\WINDOWS\System32\Drivers\NSx64\1607010.020\SYMNETS.SYS
21:50:08.0295 0x1c24 SymNetS - ok
21:50:08.0345 0x1c24 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
21:50:08.0383 0x1c24 SysMain - ok
21:50:08.0416 0x1c24 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
21:50:08.0434 0x1c24 SystemEventsBroker - ok
21:50:08.0467 0x1c24 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
21:50:08.0482 0x1c24 TabletInputService - ok
21:50:08.0519 0x1c24 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:50:08.0537 0x1c24 TapiSrv - ok
21:50:08.0638 0x1c24 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
21:50:08.0704 0x1c24 Tcpip - ok
21:50:08.0796 0x1c24 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:50:08.0862 0x1c24 TCPIP6 - ok
21:50:08.0884 0x1c24 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
21:50:08.0897 0x1c24 tcpipreg - ok
21:50:08.0924 0x1c24 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
21:50:08.0937 0x1c24 tdx - ok
21:50:09.0123 0x1c24 [ E99CD4524662A2DA7C73372C626669D8, 694DF29BF6CFF8CA06B8C701BBD148DCF58D6A6ECE3CF6CC900B0D0E5A3DFDF2 ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
21:50:09.0230 0x1c24 TeamViewer9 - ok
21:50:09.0264 0x1c24 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
21:50:09.0275 0x1c24 terminpt - ok
21:50:09.0331 0x1c24 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
21:50:09.0366 0x1c24 TermService - ok
21:50:09.0396 0x1c24 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
21:50:09.0410 0x1c24 Themes - ok
21:50:09.0430 0x1c24 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
21:50:09.0443 0x1c24 THREADORDER - ok
21:50:09.0464 0x1c24 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
21:50:09.0481 0x1c24 TimeBroker - ok
21:50:09.0511 0x1c24 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
21:50:09.0525 0x1c24 TPM - ok
21:50:09.0554 0x1c24 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
21:50:09.0569 0x1c24 TrkWks - ok
21:50:09.0618 0x1c24 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
21:50:09.0650 0x1c24 TrustedInstaller - ok
21:50:09.0687 0x1c24 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
21:50:09.0705 0x1c24 TsUsbFlt - ok
21:50:09.0727 0x1c24 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
21:50:09.0739 0x1c24 TsUsbGD - ok
21:50:09.0763 0x1c24 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
21:50:09.0777 0x1c24 tunnel - ok
21:50:09.0810 0x1c24 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
21:50:09.0821 0x1c24 uagp35 - ok
21:50:09.0830 0x1c24 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
21:50:09.0842 0x1c24 UASPStor - ok
21:50:09.0877 0x1c24 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
21:50:09.0891 0x1c24 UCX01000 - ok
21:50:09.0918 0x1c24 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
21:50:09.0935 0x1c24 udfs - ok
21:50:09.0963 0x1c24 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
21:50:09.0973 0x1c24 UEFI - ok
21:50:09.0997 0x1c24 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
21:50:10.0010 0x1c24 UI0Detect - ok
21:50:10.0025 0x1c24 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
21:50:10.0037 0x1c24 uliagpkx - ok
21:50:10.0047 0x1c24 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
21:50:10.0061 0x1c24 umbus - ok
21:50:10.0078 0x1c24 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
21:50:10.0089 0x1c24 UmPass - ok
21:50:10.0117 0x1c24 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
21:50:10.0135 0x1c24 UmRdpService - ok
21:50:10.0165 0x1c24 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:50:10.0186 0x1c24 upnphost - ok
21:50:10.0218 0x1c24 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
21:50:10.0245 0x1c24 usbccgp - ok
21:50:10.0265 0x1c24 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
21:50:10.0278 0x1c24 usbcir - ok
21:50:10.0300 0x1c24 [ BBFD17B6B954FC9FA02E62D604052069, 47D2B7228EABA7F37F69A1756B69FFFB19F0C2CC2869C5BF674E4FD9257488A2 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
21:50:10.0314 0x1c24 usbehci - ok
21:50:10.0339 0x1c24 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
21:50:10.0361 0x1c24 usbhub - ok
21:50:10.0389 0x1c24 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
21:50:10.0410 0x1c24 USBHUB3 - ok
21:50:10.0430 0x1c24 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
21:50:10.0442 0x1c24 usbohci - ok
21:50:10.0457 0x1c24 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
21:50:10.0470 0x1c24 usbprint - ok
21:50:10.0495 0x1c24 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:50:10.0508 0x1c24 usbscan - ok
21:50:10.0534 0x1c24 [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
21:50:10.0547 0x1c24 USBSTOR - ok
21:50:10.0559 0x1c24 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
21:50:10.0572 0x1c24 usbuhci - ok
21:50:10.0592 0x1c24 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
21:50:10.0607 0x1c24 usbvideo - ok
21:50:10.0644 0x1c24 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
21:50:10.0661 0x1c24 USBXHCI - ok
21:50:10.0668 0x1c24 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
21:50:10.0680 0x1c24 VaultSvc - ok
21:50:10.0703 0x1c24 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
21:50:10.0714 0x1c24 vdrvroot - ok
21:50:10.0788 0x1c24 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
21:50:10.0826 0x1c24 vds - ok
21:50:10.0854 0x1c24 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
21:50:10.0868 0x1c24 VerifierExt - ok
21:50:10.0912 0x1c24 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
21:50:10.0934 0x1c24 vhdmp - ok
21:50:10.0955 0x1c24 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
21:50:10.0965 0x1c24 viaide - ok
21:50:10.0987 0x1c24 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
21:50:10.0999 0x1c24 vmbus - ok
21:50:11.0011 0x1c24 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
21:50:11.0022 0x1c24 VMBusHID - ok
21:50:11.0055 0x1c24 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
21:50:11.0076 0x1c24 vmicguestinterface - ok
21:50:11.0100 0x1c24 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
21:50:11.0123 0x1c24 vmicheartbeat - ok
21:50:11.0144 0x1c24 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
21:50:11.0165 0x1c24 vmickvpexchange - ok
21:50:11.0189 0x1c24 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
21:50:11.0210 0x1c24 vmicrdv - ok
21:50:11.0233 0x1c24 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
21:50:11.0255 0x1c24 vmicshutdown - ok
21:50:11.0278 0x1c24 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
21:50:11.0299 0x1c24 vmictimesync - ok
21:50:11.0322 0x1c24 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
21:50:11.0344 0x1c24 vmicvss - ok
21:50:11.0365 0x1c24 [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
21:50:11.0376 0x1c24 volmgr - ok
21:50:11.0409 0x1c24 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
21:50:11.0427 0x1c24 volmgrx - ok
21:50:11.0456 0x1c24 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
21:50:11.0473 0x1c24 volsnap - ok
21:50:11.0489 0x1c24 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
21:50:11.0500 0x1c24 vpci - ok
21:50:11.0519 0x1c24 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
21:50:11.0533 0x1c24 vsmraid - ok
21:50:11.0591 0x1c24 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\WINDOWS\system32\vssvc.exe
21:50:11.0633 0x1c24 VSS - ok
21:50:11.0649 0x1c24 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
21:50:11.0667 0x1c24 VSTXRAID - ok
21:50:11.0715 0x1c24 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
21:50:11.0744 0x1c24 vwifibus - ok
21:50:11.0761 0x1c24 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
21:50:11.0773 0x1c24 vwififlt - ok
21:50:11.0787 0x1c24 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
21:50:11.0799 0x1c24 vwifimp - ok
21:50:11.0828 0x1c24 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
21:50:11.0848 0x1c24 W32Time - ok
21:50:11.0871 0x1c24 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
21:50:11.0882 0x1c24 WacomPen - ok
21:50:11.0965 0x1c24 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
21:50:12.0005 0x1c24 wbengine - ok
21:50:12.0024 0x1c24 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
21:50:12.0045 0x1c24 WbioSrvc - ok
21:50:12.0075 0x1c24 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
21:50:12.0095 0x1c24 Wcmsvc - ok
21:50:12.0132 0x1c24 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
21:50:12.0153 0x1c24 wcncsvc - ok
21:50:12.0183 0x1c24 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
21:50:12.0197 0x1c24 WcsPlugInService - ok
21:50:12.0222 0x1c24 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
21:50:12.0233 0x1c24 WdBoot - ok
21:50:12.0263 0x1c24 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
21:50:12.0289 0x1c24 Wdf01000 - ok
21:50:12.0309 0x1c24 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
21:50:12.0325 0x1c24 WdFilter - ok
21:50:12.0347 0x1c24 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
21:50:12.0362 0x1c24 WdiServiceHost - ok
21:50:12.0366 0x1c24 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
21:50:12.0381 0x1c24 WdiSystemHost - ok
21:50:12.0399 0x1c24 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
|
|
03.09.2016, 20:57
| #5 |
| | Browser immitierte Bankseite und forderte Pineingabe - Trojaner?Code:
ATTFilter 21:50:12.0412 0x1c24 WdNisDrv - ok
21:50:12.0429 0x1c24 WdNisSvc - ok
21:50:12.0456 0x1c24 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\WINDOWS\System32\webclnt.dll
21:50:12.0473 0x1c24 WebClient - ok
21:50:12.0556 0x1c24 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
21:50:12.0590 0x1c24 Wecsvc - ok
21:50:12.0607 0x1c24 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
21:50:12.0621 0x1c24 WEPHOSTSVC - ok
21:50:12.0635 0x1c24 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
21:50:12.0658 0x1c24 wercplsupport - ok
21:50:12.0686 0x1c24 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
21:50:12.0702 0x1c24 WerSvc - ok
21:50:12.0726 0x1c24 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
21:50:12.0738 0x1c24 WFPLWFS - ok
21:50:12.0765 0x1c24 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
21:50:12.0778 0x1c24 WiaRpc - ok
21:50:12.0803 0x1c24 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
21:50:12.0814 0x1c24 WIMMount - ok
21:50:12.0816 0x1c24 WinDefend - ok
21:50:12.0863 0x1c24 [ 310388D06C11C507226CD7C2D21D5ACE, E8158111566D553B8F0E86C33B5F75AF3A4A3405503927822B80DF64D8DEFB05 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
21:50:12.0891 0x1c24 WinHttpAutoProxySvc - ok
21:50:12.0961 0x1c24 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:50:12.0991 0x1c24 Winmgmt - ok
21:50:13.0088 0x1c24 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:50:13.0151 0x1c24 WinRM - ok
21:50:13.0185 0x1c24 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys
21:50:13.0215 0x1c24 WinUsb - ok
21:50:13.0279 0x1c24 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
21:50:13.0321 0x1c24 WlanSvc - ok
21:50:13.0403 0x1c24 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
21:50:13.0447 0x1c24 wlidsvc - ok
21:50:13.0476 0x1c24 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
21:50:13.0497 0x1c24 WmiAcpi - ok
21:50:13.0529 0x1c24 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
21:50:13.0543 0x1c24 wmiApSrv - ok
21:50:13.0568 0x1c24 WMPNetworkSvc - ok
21:50:13.0594 0x1c24 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
21:50:13.0607 0x1c24 Wof - ok
21:50:13.0665 0x1c24 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
21:50:13.0710 0x1c24 workfolderssvc - ok
21:50:13.0733 0x1c24 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
21:50:13.0745 0x1c24 wpcfltr - ok
21:50:13.0763 0x1c24 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
21:50:13.0776 0x1c24 WPCSvc - ok
21:50:13.0802 0x1c24 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
21:50:13.0816 0x1c24 WPDBusEnum - ok
21:50:13.0844 0x1c24 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
21:50:13.0855 0x1c24 WpdUpFltr - ok
21:50:13.0880 0x1c24 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
21:50:13.0893 0x1c24 ws2ifsl - ok
21:50:13.0914 0x1c24 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
21:50:13.0929 0x1c24 wscsvc - ok
21:50:13.0936 0x1c24 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
21:50:13.0949 0x1c24 WSDPrintDevice - ok
21:50:13.0971 0x1c24 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\WINDOWS\System32\drivers\WSDScan.sys
21:50:13.0983 0x1c24 WSDScan - ok
21:50:13.0986 0x1c24 WSearch - ok
21:50:14.0116 0x1c24 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
21:50:14.0208 0x1c24 WSService - ok
21:50:14.0330 0x1c24 [ 020F47C655ED1F63BBA834AA53575D5C, 7E36BB83B937CEA8B5D1EAF1DF63D32D64CA8045DA377DF5237D2F4DC16574CC ] wuauserv C:\WINDOWS\system32\wuaueng.dll
21:50:14.0414 0x1c24 wuauserv - ok
21:50:14.0446 0x1c24 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
21:50:14.0460 0x1c24 WudfPf - ok
21:50:14.0474 0x1c24 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
21:50:14.0489 0x1c24 WUDFRd - ok
21:50:14.0496 0x1c24 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\System32\drivers\WUDFRd.sys
21:50:14.0511 0x1c24 WUDFSensorLP - ok
21:50:14.0536 0x1c24 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
21:50:14.0550 0x1c24 wudfsvc - ok
21:50:14.0558 0x1c24 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
21:50:14.0573 0x1c24 WUDFWpdFs - ok
21:50:14.0580 0x1c24 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
21:50:14.0596 0x1c24 WUDFWpdMtp - ok
21:50:14.0624 0x1c24 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
21:50:14.0647 0x1c24 WwanSvc - ok
21:50:14.0737 0x1c24 [ C591D6054EE2E668CF9361B9266EB4DA, 080430886C431DC534F6A0E9D4F40584E6B16A7D7907F311EA03305A91757C96 ] YSearchUtilSvc C:\Program Files (x86)\Yahoo!\yset\{604FCFE8-4252-7D4E-9CBB-C95E3FF55FD7}\YSearchUtilSvc.exe
21:50:14.0760 0x1c24 YSearchUtilSvc - ok
21:50:14.0773 0x1c24 ================ Scan global ===============================
21:50:14.0804 0x1c24 [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\WINDOWS\system32\basesrv.dll
21:50:14.0824 0x1c24 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
21:50:14.0855 0x1c24 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
21:50:14.0892 0x1c24 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
21:50:14.0899 0x1c24 [ Global ] - ok
21:50:14.0899 0x1c24 ================ Scan MBR ==================================
21:50:14.0915 0x1c24 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:50:15.0165 0x1c24 \Device\Harddisk0\DR0 - ok
21:50:15.0172 0x1c24 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR4
21:50:15.0611 0x1c24 \Device\Harddisk1\DR4 - ok
21:50:15.0616 0x1c24 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR3
21:50:16.0121 0x1c24 \Device\Harddisk2\DR3 - ok
21:50:16.0122 0x1c24 ================ Scan VBR
21:50:16.0155 0x1c24 [ A7246EE81C6A6F6CC45A1C9D9F5F7921 ] \Device\Harddisk0\DR0\Partition1
21:50:16.0156 0x1c24 \Device\Harddisk0\DR0\Partition1 - ok
21:50:16.0173 0x1c24 [ EF0BB73008249E793120EF8E59A48F30 ] \Device\Harddisk0\DR0\Partition2
21:50:16.0174 0x1c24 \Device\Harddisk0\DR0\Partition2 - ok
21:50:16.0186 0x1c24 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
21:50:16.0186 0x1c24 \Device\Harddisk0\DR0\Partition3 - ok
21:50:16.0202 0x1c24 [ E553233B75FE673361E6158481901F45 ] \Device\Harddisk0\DR0\Partition4
21:50:16.0204 0x1c24 \Device\Harddisk0\DR0\Partition4 - ok
21:50:16.0207 0x1c24 [ 439B30F6063ADAEB88CFD345FA2F269E ] \Device\Harddisk1\DR4\Partition1
21:50:16.0207 0x1c24 \Device\Harddisk1\DR4\Partition1 - ok
21:50:16.0211 0x1c24 [ 88D4D6BF121381C1CFEA1B29A66B31E5 ] \Device\Harddisk2\DR3\Partition1
21:50:16.0213 0x1c24 \Device\Harddisk2\DR3\Partition1 - ok
21:50:16.0213 0x1c24 ================ Scan generic autorun
21:50:16.0322 0x1c24 [ 5858DE874168C5F0AEA7A353DD520D48, DB77AF431227AEBD92C6E40AC723435E83DCF4620B7366D4FA6D9ACB500AA6EA ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
21:50:16.0407 0x1c24 CanonMyPrinter - ok
21:50:16.0443 0x1c24 [ 46E91D8F23069D12CB990FE8A9B05CAA, 54C3677D42463DBE33C2390D72AB35C1FB76B0DB919F0237ED5DB03D08FA004E ] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
21:50:16.0454 0x1c24 IJNetworkScanUtility - ok
21:50:16.0507 0x1c24 [ 00AB2B491C7037BB219BEB26FAD34C72, 95EDBBE07EB85EEE1376252AA975BAA61235C80FC03036357BD4786E5D6B9703 ] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
21:50:16.0553 0x1c24 CanonSolutionMenuEx - ok
21:50:16.0593 0x1c24 [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
21:50:16.0609 0x1c24 IJNetworkScannerSelectorEX - ok
21:50:16.0647 0x1c24 [ E3B5AF054806682787A1232021BD25E0, 6DBCF5625DF0323D12D3B8C41C8B75DCC3F93770FB8682BCEFA774F4680C2283 ] C:\Program Files (x86)\PDF24\pdf24.exe
21:50:16.0660 0x1c24 PDFPrint - ok
21:50:16.0704 0x1c24 [ 6EACC43D0542EF88226FB34B0B12EDB0, 6345E4B49D7F804F6DE042F981AB172822B6AB74C42209BEFB0582B019430884 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
21:50:16.0724 0x1c24 SunJavaUpdateSched - ok
21:50:16.0862 0x1c24 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
21:50:17.0003 0x1c24 SDTray - ok
21:50:17.0131 0x1c24 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Carolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
21:50:17.0154 0x1c24 Dropbox Update - ok
21:50:17.0235 0x1c24 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
21:50:17.0275 0x1c24 SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
21:50:17.0364 0x1c24 Detect skipped due to KSN trusted
21:50:17.0364 0x1c24 SpybotPostWindows10UpgradeReInstall - ok
21:50:17.0365 0x1c24 Waiting for KSN requests completion. In queue: 134
21:50:18.0400 0x1c24 AV detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\WSCStub.exe ( 22.7.0.0 ), 0x51000 ( enabled : updated )
21:50:18.0402 0x1c24 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
21:50:18.0405 0x1c24 FW detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\WSCStub.exe ( 22.7.0.0 ), 0x51010 ( enabled )
21:50:18.0555 0x1c24 ============================================================
21:50:18.0555 0x1c24 Scan finished
21:50:18.0555 0x1c24 ============================================================
21:50:18.0573 0x0ca0 Detected object count: 0
21:50:18.0573 0x0ca0 Actual detected object count: 0
21:50:35.0040 0x1260 ============================================================
21:50:35.0040 0x1260 Scan started
21:50:35.0040 0x1260 Mode: Manual; SigCheck; TDLFS;
21:50:35.0040 0x1260
21:50:35.0040 0x1260 KSN ping started
21:50:35.0101 0x1260 KSN ping finished: true
21:50:35.0768 0x1260 ================ Scan system memory
21:50:35.0768 0x1260 System memory - ok
21:50:35.0769 0x1260 ================ Scan services
21:50:35.0912 0x1260 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
21:50:35.0937 0x1260 1394ohci - ok
21:50:35.0946 0x1260 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
21:50:35.0958 0x1260 3ware - ok
21:50:35.0996 0x1260 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
21:50:36.0019 0x1260 ACPI - ok
21:50:36.0031 0x1260 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
21:50:36.0043 0x1260 acpiex - ok
21:50:36.0056 0x1260 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
21:50:36.0068 0x1260 acpipagr - ok
21:50:36.0099 0x1260 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
21:50:36.0111 0x1260 AcpiPmi - ok
21:50:36.0134 0x1260 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
21:50:36.0146 0x1260 acpitime - ok
21:50:36.0232 0x1260 [ 68E7DEA59FDEF410BAF29FDB5B7A6EEF, B808FCF0C30B465A1330E47947B84FC722A3B4C46260E261C54B1EED725A288F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:50:36.0256 0x1260 AdobeARMservice - ok
21:50:36.0366 0x1260 [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:50:36.0385 0x1260 AdobeFlashPlayerUpdateSvc - ok
21:50:36.0442 0x1260 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
21:50:36.0477 0x1260 ADP80XX - ok
21:50:36.0504 0x1260 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
21:50:36.0521 0x1260 AeLookupSvc - ok
21:50:36.0547 0x1260 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\WINDOWS\system32\drivers\afd.sys
21:50:36.0570 0x1260 AFD - ok
21:50:36.0599 0x1260 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
21:50:36.0611 0x1260 agp440 - ok
21:50:36.0636 0x1260 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
21:50:36.0649 0x1260 ahcache - ok
21:50:36.0676 0x1260 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
21:50:36.0688 0x1260 ALG - ok
21:50:36.0717 0x1260 [ B85B5F067E29A94D598E3C35CC76EE2B, 4D6890FCF677637C6FB1E73E212D9208DB2B72432E4155557290892C21895F59 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
21:50:36.0736 0x1260 AMD External Events Utility - ok
21:50:36.0756 0x1260 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
21:50:36.0769 0x1260 AmdK8 - ok
21:50:37.0123 0x1260 [ 8E5F9BD597E596ABC7D0CBBF1F5DD229, 2F7A64B3C6F555D13DB151C77816889090DE4CEA0A62EC7B1618748C10F589B4 ] amdkmdag C:\WINDOWS\system32\DRIVERS\atikmdag.sys
21:50:37.0400 0x1260 amdkmdag - ok
21:50:37.0476 0x1260 [ C80088CF1D9BE6391051D080EE20BB40, 3CFA490DAAB6E4E8B96497C58308D30A87086A7B1B3F2C542004FEDEDCC2A17F ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
21:50:37.0499 0x1260 amdkmdap - ok
21:50:37.0529 0x1260 [ 8A375CB3B6D1A56A2AEEE72A5F1D0926, 03D6EA77B141675B719E66DA09D1DACC7137B19F9918C303DD6870B3F36ADEBB ] amdkmpfd C:\WINDOWS\system32\drivers\amdkmpfd.sys
21:50:37.0538 0x1260 amdkmpfd - ok
21:50:37.0551 0x1260 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
21:50:37.0564 0x1260 AmdPPM - ok
21:50:37.0579 0x1260 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
21:50:37.0591 0x1260 amdsata - ok
21:50:37.0619 0x1260 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
21:50:37.0635 0x1260 amdsbs - ok
21:50:37.0647 0x1260 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
21:50:37.0658 0x1260 amdxata - ok
21:50:37.0681 0x1260 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
21:50:37.0693 0x1260 AppID - ok
21:50:37.0719 0x1260 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
21:50:37.0731 0x1260 AppIDSvc - ok
21:50:37.0754 0x1260 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
21:50:37.0768 0x1260 Appinfo - ok
21:50:37.0794 0x1260 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
21:50:37.0817 0x1260 AppReadiness - ok
21:50:37.0904 0x1260 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
21:50:37.0943 0x1260 AppXSvc - ok
21:50:37.0975 0x1260 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
21:50:37.0988 0x1260 arcsas - ok
21:50:37.0999 0x1260 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
21:50:38.0010 0x1260 atapi - ok
21:50:38.0042 0x1260 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
21:50:38.0060 0x1260 AudioEndpointBuilder - ok
21:50:38.0103 0x1260 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
21:50:38.0132 0x1260 Audiosrv - ok
21:50:38.0164 0x1260 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
21:50:38.0178 0x1260 AxInstSV - ok
21:50:38.0211 0x1260 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
21:50:38.0233 0x1260 b06bdrv - ok
21:50:38.0248 0x1260 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
21:50:38.0259 0x1260 BasicDisplay - ok
21:50:38.0287 0x1260 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
21:50:38.0299 0x1260 BasicRender - ok
21:50:38.0319 0x1260 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
21:50:38.0328 0x1260 bcmfn2 - ok
21:50:38.0355 0x1260 [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
21:50:38.0374 0x1260 BDESVC - ok
21:50:38.0392 0x1260 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:50:38.0404 0x1260 Beep - ok
21:50:38.0452 0x1260 [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE C:\WINDOWS\System32\bfe.dll
21:50:38.0479 0x1260 BFE - ok
21:50:38.0621 0x1260 [ D96D4638A7DC68640FF916F6A4C7D509, E700F76066F2F731AF9C111E06A3FB1537ACC6B4AD8076D411F1762C94EB8A0E ] BHDrvx64 C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20160826.008\BHDrvx64.sys
21:50:38.0667 0x1260 BHDrvx64 - ok
21:50:38.0711 0x1260 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
21:50:38.0742 0x1260 BITS - ok
21:50:38.0757 0x1260 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
21:50:38.0770 0x1260 bowser - ok
21:50:38.0797 0x1260 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
21:50:38.0814 0x1260 BrokerInfrastructure - ok
21:50:38.0843 0x1260 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
21:50:38.0858 0x1260 Browser - ok
21:50:38.0877 0x1260 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
21:50:38.0890 0x1260 BthAvrcpTg - ok
21:50:38.0924 0x1260 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
21:50:38.0936 0x1260 BthEnum - ok
21:50:38.0964 0x1260 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
21:50:38.0976 0x1260 BthHFEnum - ok
21:50:38.0984 0x1260 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
21:50:38.0997 0x1260 bthhfhid - ok
21:50:39.0023 0x1260 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
21:50:39.0040 0x1260 BthHFSrv - ok
21:50:39.0054 0x1260 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
21:50:39.0067 0x1260 BTHMODEM - ok
21:50:39.0090 0x1260 [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
21:50:39.0104 0x1260 BthPan - ok
21:50:39.0149 0x1260 [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
21:50:39.0184 0x1260 BTHPORT - ok
21:50:39.0218 0x1260 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
21:50:39.0231 0x1260 bthserv - ok
21:50:39.0255 0x1260 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
21:50:39.0267 0x1260 BTHUSB - ok
21:50:39.0334 0x1260 [ 03427B8FF618BE50EB5027B4E549C0D8, 3C3815FE3C847B992E794B1BB0FDB87B8D18AEC95BA9E916591CF43EB8169D15 ] ccSet_NS C:\WINDOWS\system32\drivers\NSx64\1607010.020\ccSetx64.sys
21:50:39.0357 0x1260 ccSet_NS - ok
21:50:39.0373 0x1260 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
21:50:39.0388 0x1260 cdfs - ok
21:50:39.0421 0x1260 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
21:50:39.0435 0x1260 cdrom - ok
21:50:39.0471 0x1260 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
21:50:39.0485 0x1260 CertPropSvc - ok
21:50:39.0506 0x1260 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
21:50:39.0518 0x1260 circlass - ok
21:50:39.0547 0x1260 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
21:50:39.0567 0x1260 CLFS - ok
21:50:39.0593 0x1260 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
21:50:39.0604 0x1260 CmBatt - ok
21:50:39.0645 0x1260 [ 5CBF8B3E27D824D2AA2A34AFB406F1D0, 955AF1307C02D2B4DEEB150F37F77B8631C0F3C450037C233E9E27D6571B0265 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
21:50:39.0668 0x1260 CNG - ok
21:50:39.0686 0x1260 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
21:50:39.0699 0x1260 CompositeBus - ok
21:50:39.0702 0x1260 COMSysApp - ok
21:50:39.0721 0x1260 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
21:50:39.0734 0x1260 condrv - ok
21:50:39.0906 0x1260 [ 15FBADDC84ED202E59A4F1B201CC692C, A50092155B18DAD51049A72503002F08C1BB2DFDA239C4D3555360C163F2F782 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
21:50:39.0934 0x1260 cphs - ok
21:50:39.0982 0x1260 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
21:50:40.0008 0x1260 CryptSvc - ok
21:50:40.0023 0x1260 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
21:50:40.0034 0x1260 dam - ok
21:50:40.0077 0x1260 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:50:40.0105 0x1260 DcomLaunch - ok
21:50:40.0143 0x1260 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
21:50:40.0165 0x1260 defragsvc - ok
21:50:40.0195 0x1260 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
21:50:40.0215 0x1260 DeviceAssociationService - ok
21:50:40.0239 0x1260 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
21:50:40.0255 0x1260 DeviceInstall - ok
21:50:40.0278 0x1260 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
21:50:40.0292 0x1260 Dfsc - ok
21:50:40.0306 0x1260 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:50:40.0316 0x1260 dg_ssudbus - ok
21:50:40.0355 0x1260 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
21:50:40.0388 0x1260 Dhcp - ok
21:50:40.0462 0x1260 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
21:50:40.0507 0x1260 DiagTrack - ok
21:50:40.0531 0x1260 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
21:50:40.0543 0x1260 disk - ok
21:50:40.0552 0x1260 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
21:50:40.0563 0x1260 dmvsc - ok
21:50:40.0590 0x1260 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:50:40.0606 0x1260 Dnscache - ok
21:50:40.0633 0x1260 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
21:50:40.0650 0x1260 dot3svc - ok
21:50:40.0689 0x1260 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
21:50:40.0705 0x1260 DPS - ok
21:50:40.0733 0x1260 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:50:40.0743 0x1260 drmkaud - ok
21:50:40.0762 0x1260 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
21:50:40.0779 0x1260 DsmSvc - ok
21:50:40.0842 0x1260 [ F74B839FA0F4E6060CA1DA6B8DA17941, EF493E1F55FCD6A8C32B3D5D5809B7EFCCC9829E9A347522D1E6FE080D41BF37 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
21:50:40.0889 0x1260 DXGKrnl - ok
21:50:40.0915 0x1260 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
21:50:40.0929 0x1260 Eaphost - ok
21:50:41.0028 0x1260 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
21:50:41.0119 0x1260 ebdrv - ok
21:50:41.0202 0x1260 [ E5C10FCFA331D2BA13B211D0454FEA38, 9363545317C655EED282BA1FE7C71B26E2C3599F35E42E7496F413961303A24D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:50:41.0229 0x1260 eeCtrl - ok
21:50:41.0247 0x1260 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
21:50:41.0259 0x1260 EFS - ok
21:50:41.0280 0x1260 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
21:50:41.0291 0x1260 EhStorClass - ok
21:50:41.0307 0x1260 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
21:50:41.0319 0x1260 EhStorTcgDrv - ok
21:50:41.0341 0x1260 [ 2BD3F1059975CE90F8D968DADD790DFF, 9FD4FA7DB54B0E1E4A48863435F728220978A271D2A28BB3E9E112C1A59B1D4C ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:50:41.0353 0x1260 EraserUtilRebootDrv - ok
21:50:41.0366 0x1260 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
21:50:41.0378 0x1260 ErrDev - ok
21:50:41.0420 0x1260 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
21:50:41.0443 0x1260 EventSystem - ok
21:50:41.0475 0x1260 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
21:50:41.0494 0x1260 exfat - ok
21:50:41.0509 0x1260 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
21:50:41.0525 0x1260 fastfat - ok
21:50:41.0563 0x1260 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
21:50:41.0588 0x1260 Fax - ok
21:50:41.0597 0x1260 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
21:50:41.0610 0x1260 fdc - ok
21:50:41.0628 0x1260 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
21:50:41.0640 0x1260 fdPHost - ok
21:50:41.0662 0x1260 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
21:50:41.0675 0x1260 FDResPub - ok
21:50:41.0703 0x1260 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
21:50:41.0717 0x1260 fhsvc - ok
21:50:41.0741 0x1260 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
21:50:41.0752 0x1260 FileInfo - ok
21:50:41.0783 0x1260 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
21:50:41.0800 0x1260 Filetrace - ok
21:50:41.0815 0x1260 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
21:50:41.0827 0x1260 flpydisk - ok
21:50:41.0852 0x1260 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:50:41.0870 0x1260 FltMgr - ok
21:50:41.0919 0x1260 [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache C:\WINDOWS\system32\FntCache.dll
21:50:41.0958 0x1260 FontCache - ok
21:50:41.0981 0x1260 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
21:50:41.0992 0x1260 FsDepends - ok
21:50:42.0015 0x1260 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:50:42.0025 0x1260 Fs_Rec - ok
21:50:42.0068 0x1260 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
21:50:42.0092 0x1260 fvevol - ok
21:50:42.0109 0x1260 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
21:50:42.0121 0x1260 FxPPM - ok
21:50:42.0134 0x1260 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
21:50:42.0146 0x1260 gagp30kx - ok
21:50:42.0176 0x1260 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
21:50:42.0188 0x1260 gencounter - ok
21:50:42.0212 0x1260 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
21:50:42.0225 0x1260 GPIOClx0101 - ok
21:50:42.0288 0x1260 [ 9678FD4747A4F2E2318245EE6099482E, C76AE30E8BA77DC330F9CFE5ECEA58FAE0995396742923B564A2257DE24D7B32 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
21:50:42.0328 0x1260 gpsvc - ok
21:50:42.0359 0x1260 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
21:50:42.0379 0x1260 HdAudAddService - ok
21:50:42.0403 0x1260 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
21:50:42.0416 0x1260 HDAudBus - ok
21:50:42.0432 0x1260 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
21:50:42.0444 0x1260 HidBatt - ok
21:50:42.0478 0x1260 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
21:50:42.0491 0x1260 HidBth - ok
21:50:42.0503 0x1260 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
21:50:42.0516 0x1260 hidi2c - ok
21:50:42.0529 0x1260 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
21:50:42.0542 0x1260 HidIr - ok
21:50:42.0561 0x1260 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
21:50:42.0574 0x1260 hidserv - ok
21:50:42.0596 0x1260 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
21:50:42.0608 0x1260 HidUsb - ok
21:50:42.0640 0x1260 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
21:50:42.0655 0x1260 hkmsvc - ok
21:50:42.0691 0x1260 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
21:50:42.0710 0x1260 HomeGroupListener - ok
21:50:42.0746 0x1260 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
21:50:42.0767 0x1260 HomeGroupProvider - ok
21:50:42.0796 0x1260 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
21:50:42.0810 0x1260 HpSAMD - ok
21:50:42.0870 0x1260 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
21:50:42.0908 0x1260 HTTP - ok
21:50:42.0939 0x1260 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
21:50:42.0950 0x1260 hwpolicy - ok
21:50:42.0964 0x1260 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
21:50:42.0976 0x1260 hyperkbd - ok
21:50:42.0989 0x1260 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
21:50:43.0001 0x1260 HyperVideo - ok
21:50:43.0030 0x1260 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
21:50:43.0044 0x1260 i8042prt - ok
21:50:43.0070 0x1260 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
21:50:43.0079 0x1260 iaLPSSi_GPIO - ok
21:50:43.0094 0x1260 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
21:50:43.0107 0x1260 iaLPSSi_I2C - ok
21:50:43.0147 0x1260 [ 459016E8A4FA6426EDB5A9456A6E5E58, 92B73EE5559ABD8783EC5AF8A2B6EBDE0D937745B4BEDBEA6DF06DD8606AE56C ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
21:50:43.0170 0x1260 iaStorA - ok
21:50:43.0212 0x1260 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
21:50:43.0235 0x1260 iaStorAV - ok
21:50:43.0262 0x1260 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
21:50:43.0283 0x1260 iaStorV - ok
21:50:43.0383 0x1260 [ DB2B8F970C2EA337C78C92B04C2E84D1, A5D2275AEA687A84BE2B6A355B11446F59A3DD549C4C6F0FCE337A9BF8C34049 ] IDSVia64 C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20160902.001\IDSvia64.sys
21:50:43.0413 0x1260 IDSVia64 - ok
21:50:43.0418 0x1260 IEEtwCollectorService - ok
21:50:43.0548 0x1260 [ C38AFE18A40ADF005647090DD3AC24F3, 302810C31B005DD4C9143233AB5B4F332C62AD866A7C7AB0E8F8F81AE1766B11 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
21:50:43.0652 0x1260 igfx - ok
21:50:43.0675 0x1260 [ 7A510A9AFC7955DEE63F8DC243E31292, 13906F6212F4C116BE224F2A8AFFF089ACFED8F543E26FC6208FF38463366173 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
21:50:43.0690 0x1260 igfxCUIService1.0.0.0 - ok
21:50:43.0759 0x1260 [ CE1EE31FFF730CA975A5535D8A71AF61, A1808EB92EC2444F9309C93F5724A7A374F4B983862829BF9B076C8D3B2427DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
21:50:43.0771 0x1260 IJPLMSVC - ok
21:50:43.0821 0x1260 [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT C:\WINDOWS\System32\ikeext.dll
21:50:43.0859 0x1260 IKEEXT - ok
21:50:43.0881 0x1260 [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
21:50:43.0892 0x1260 intaud_WaveExtensible - ok
21:50:43.0913 0x1260 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
21:50:43.0924 0x1260 intelide - ok
21:50:43.0953 0x1260 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
21:50:43.0965 0x1260 intelpep - ok
21:50:43.0980 0x1260 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
21:50:43.0993 0x1260 intelppm - ok
21:50:44.0018 0x1260 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:50:44.0037 0x1260 IpFilterDriver - ok
21:50:44.0087 0x1260 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
21:50:44.0119 0x1260 iphlpsvc - ok
21:50:44.0150 0x1260 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
21:50:44.0163 0x1260 IPMIDRV - ok
21:50:44.0193 0x1260 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
21:50:44.0207 0x1260 IPNAT - ok
21:50:44.0223 0x1260 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
21:50:44.0237 0x1260 IRENUM - ok
21:50:44.0256 0x1260 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
21:50:44.0270 0x1260 isapnp - ok
21:50:44.0310 0x1260 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
21:50:44.0330 0x1260 iScsiPrt - ok
21:50:44.0357 0x1260 [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
21:50:44.0366 0x1260 iwdbus - ok
21:50:44.0395 0x1260 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
21:50:44.0407 0x1260 kbdclass - ok
21:50:44.0417 0x1260 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
21:50:44.0430 0x1260 kbdhid - ok
21:50:44.0462 0x1260 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
21:50:44.0474 0x1260 kdnic - ok
21:50:44.0480 0x1260 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
21:50:44.0493 0x1260 KeyIso - ok
21:50:44.0517 0x1260 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
21:50:44.0531 0x1260 KSecDD - ok
21:50:44.0559 0x1260 [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
21:50:44.0578 0x1260 KSecPkg - ok
21:50:44.0590 0x1260 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
21:50:44.0604 0x1260 ksthunk - ok
21:50:44.0634 0x1260 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
21:50:44.0655 0x1260 KtmRm - ok
21:50:44.0693 0x1260 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
21:50:44.0712 0x1260 LanmanServer - ok
21:50:44.0737 0x1260 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
21:50:44.0760 0x1260 LanmanWorkstation - ok
21:50:44.0787 0x1260 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
21:50:44.0812 0x1260 lfsvc - ok
21:50:44.0930 0x1260 [ 337FA50FFDED5E2BC94B36BF625AB681, BC77CCED8F2B52D26C7A2D7960FB5C1690F5D7E41013644C9226A85C9FF4FA2C ] LiveUpdateSvc C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
21:50:44.0995 0x1260 LiveUpdateSvc - ok
21:50:45.0023 0x1260 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
21:50:45.0038 0x1260 lltdio - ok
21:50:45.0082 0x1260 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
21:50:45.0109 0x1260 lltdsvc - ok
21:50:45.0138 0x1260 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
21:50:45.0150 0x1260 lmhosts - ok
21:50:45.0180 0x1260 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
21:50:45.0193 0x1260 LSI_SAS - ok
21:50:45.0228 0x1260 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
21:50:45.0240 0x1260 LSI_SAS2 - ok
21:50:45.0291 0x1260 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
21:50:45.0316 0x1260 LSI_SAS3 - ok
21:50:45.0329 0x1260 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
21:50:45.0341 0x1260 LSI_SSS - ok
21:50:45.0381 0x1260 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
21:50:45.0409 0x1260 LSM - ok
21:50:45.0435 0x1260 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
21:50:45.0449 0x1260 luafv - ok
21:50:45.0469 0x1260 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
21:50:45.0480 0x1260 megasas - ok
21:50:45.0501 0x1260 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
21:50:45.0525 0x1260 megasr - ok
21:50:45.0557 0x1260 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
21:50:45.0567 0x1260 MEIx64 - ok
21:50:45.0587 0x1260 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
21:50:45.0601 0x1260 MMCSS - ok
21:50:45.0631 0x1260 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
21:50:45.0646 0x1260 Modem - ok
21:50:45.0663 0x1260 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
21:50:45.0675 0x1260 monitor - ok
21:50:45.0688 0x1260 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
21:50:45.0699 0x1260 mouclass - ok
21:50:45.0715 0x1260 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
21:50:45.0727 0x1260 mouhid - ok
21:50:45.0755 0x1260 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
21:50:45.0767 0x1260 mountmgr - ok
21:50:45.0803 0x1260 [ A82AA5481A845F4AC0E5EE83904FBFED, 2E1640BCA51B1957815465E4DEE895FCD87C93EA80DDD3A80B5647B23D16FB67 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:50:45.0814 0x1260 MozillaMaintenance - ok
21:50:45.0841 0x1260 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
21:50:45.0854 0x1260 mpsdrv - ok
21:50:45.0890 0x1260 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
21:50:45.0921 0x1260 MpsSvc - ok
21:50:45.0950 0x1260 [ D2AC8F07995CE6CD18848C129435B481, 839B04116B49A757950E049150F6AADE41335914CC699ED73BE886BECAC39D36 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
21:50:45.0977 0x1260 MRxDAV - ok
21:50:46.0007 0x1260 [ 5DCD41F62F71519D2A46D41F60C69B0C, A9C2F8B8F82BDBF48F34D5837ED27CE251C75232A07AF26F7B796D2A106795A0 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:50:46.0027 0x1260 mrxsmb - ok
21:50:46.0050 0x1260 [ D7C9BC4D37BF08C7DD436A0A5F321668, 30A5AF211BEC89E26134CDAE3E60D0D9F0AE2748F56E9D09B07431206AD381C6 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
21:50:46.0067 0x1260 mrxsmb10 - ok
21:50:46.0097 0x1260 [ 4065615E836BF8C61AF6278EB2A9D1D6, B9A0E40DEC36D1A228EC4EF48CCD9BE6C726E53D17F38280AA74C068E7887621 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
21:50:46.0113 0x1260 mrxsmb20 - ok
21:50:46.0134 0x1260 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
21:50:46.0148 0x1260 MsBridge - ok
21:50:46.0181 0x1260 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:50:46.0195 0x1260 MSDTC - ok
21:50:46.0231 0x1260 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:50:46.0244 0x1260 Msfs - ok
21:50:46.0269 0x1260 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
21:50:46.0280 0x1260 msgpiowin32 - ok
21:50:46.0288 0x1260 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
21:50:46.0300 0x1260 mshidkmdf - ok
21:50:46.0310 0x1260 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
21:50:46.0322 0x1260 mshidumdf - ok
21:50:46.0331 0x1260 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
21:50:46.0342 0x1260 msisadrv - ok
21:50:46.0370 0x1260 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
21:50:46.0384 0x1260 MSiSCSI - ok
21:50:46.0387 0x1260 msiserver - ok
21:50:46.0402 0x1260 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:50:46.0414 0x1260 MSKSSRV - ok
21:50:46.0441 0x1260 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
21:50:46.0454 0x1260 MsLldp - ok
21:50:46.0473 0x1260 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:50:46.0485 0x1260 MSPCLOCK - ok
21:50:46.0507 0x1260 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:50:46.0518 0x1260 MSPQM - ok
21:50:46.0545 0x1260 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
21:50:46.0564 0x1260 MsRPC - ok
21:50:46.0632 0x1260 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
21:50:46.0662 0x1260 mssmbios - ok
21:50:46.0677 0x1260 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:50:46.0689 0x1260 MSTEE - ok
21:50:46.0697 0x1260 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
21:50:46.0710 0x1260 MTConfig - ok
21:50:46.0725 0x1260 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
21:50:46.0738 0x1260 Mup - ok
21:50:46.0761 0x1260 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
21:50:46.0773 0x1260 mvumis - ok
21:50:46.0808 0x1260 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
21:50:46.0830 0x1260 napagent - ok
21:50:46.0860 0x1260 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
21:50:46.0880 0x1260 NativeWifiP - ok
21:50:46.0907 0x1260 NAVENG - ok
21:50:46.0909 0x1260 NAVEX15 - ok
21:50:46.0946 0x1260 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
21:50:46.0960 0x1260 NcaSvc - ok
21:50:46.0995 0x1260 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
21:50:47.0009 0x1260 NcbService - ok
21:50:47.0032 0x1260 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
21:50:47.0045 0x1260 NcdAutoSetup - ok
21:50:47.0094 0x1260 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
21:50:47.0131 0x1260 NDIS - ok
21:50:47.0161 0x1260 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
21:50:47.0174 0x1260 NdisCap - ok
21:50:47.0197 0x1260 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
21:50:47.0211 0x1260 NdisImPlatform - ok
21:50:47.0224 0x1260 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:50:47.0236 0x1260 NdisTapi - ok
21:50:47.0254 0x1260 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:50:47.0266 0x1260 Ndisuio - ok
21:50:47.0289 0x1260 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
21:50:47.0303 0x1260 NdisVirtualBus - ok
21:50:47.0319 0x1260 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:50:47.0336 0x1260 NdisWan - ok
21:50:47.0343 0x1260 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:50:47.0362 0x1260 NdisWanLegacy - ok
21:50:47.0386 0x1260 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:50:47.0416 0x1260 NDProxy - ok
21:50:47.0457 0x1260 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
21:50:47.0483 0x1260 Ndu - ok
21:50:47.0513 0x1260 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:50:47.0532 0x1260 NetBIOS - ok
21:50:47.0565 0x1260 [ 9DC17B7D9D84C37C102D379FCC7D4942, D522022ED4395686837E96F57EE29F8065FB749D1195B60D2A406FB33F696C09 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:50:47.0582 0x1260 NetBT - ok
21:50:47.0592 0x1260 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
21:50:47.0605 0x1260 Netlogon - ok
21:50:47.0632 0x1260 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
21:50:47.0650 0x1260 Netman - ok
21:50:47.0691 0x1260 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
21:50:47.0729 0x1260 netprofm - ok
21:50:47.0821 0x1260 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:50:47.0861 0x1260 NetTcpPortSharing - ok
21:50:47.0887 0x1260 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
21:50:47.0899 0x1260 netvsc - ok
21:50:48.0019 0x1260 [ 75B9B86878CC159FBC40C4F9202ADBE3, 80D9176112BAFB42E6568E723781E5C03BD5472AB382496C1BD784DB9B2FB6E6 ] NETwNe64 C:\WINDOWS\system32\DRIVERS\NETwew00.sys
21:50:48.0097 0x1260 NETwNe64 - ok
21:50:48.0136 0x1260 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
21:50:48.0156 0x1260 NlaSvc - ok
21:50:48.0184 0x1260 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:50:48.0198 0x1260 Npfs - ok
21:50:48.0217 0x1260 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
21:50:48.0228 0x1260 npsvctrig - ok
21:50:48.0277 0x1260 [ 510589251AC1265DF9EFAF5EF2E4FA03, 6762059A8DCF0662625A944C6F3A798EE6B2AC01925A97D18EA9EFECA1CB8504 ] NS C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NS.exe
21:50:48.0291 0x1260 NS - ok
21:50:48.0322 0x1260 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
21:50:48.0335 0x1260 nsi - ok
21:50:48.0360 0x1260 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
21:50:48.0373 0x1260 nsiproxy - ok
21:50:48.0441 0x1260 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:50:48.0501 0x1260 Ntfs - ok
21:50:48.0526 0x1260 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
21:50:48.0538 0x1260 Null - ok
21:50:48.0552 0x1260 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
21:50:48.0565 0x1260 nvraid - ok
21:50:48.0582 0x1260 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
21:50:48.0596 0x1260 nvstor - ok
21:50:48.0616 0x1260 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
21:50:48.0629 0x1260 nv_agp - ok
21:50:48.0659 0x1260 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:50:48.0671 0x1260 ose - ok
21:50:48.0852 0x1260 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:50:48.0960 0x1260 osppsvc - ok
21:50:49.0083 0x1260 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
21:50:49.0107 0x1260 p2pimsvc - ok
21:50:49.0143 0x1260 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
21:50:49.0164 0x1260 p2psvc - ok
21:50:49.0179 0x1260 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
21:50:49.0193 0x1260 Parport - ok
21:50:49.0207 0x1260 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
21:50:49.0219 0x1260 partmgr - ok
21:50:49.0256 0x1260 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
21:50:49.0278 0x1260 PcaSvc - ok
21:50:49.0305 0x1260 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
21:50:49.0321 0x1260 pci - ok
21:50:49.0345 0x1260 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
21:50:49.0355 0x1260 pciide - ok
21:50:49.0369 0x1260 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
21:50:49.0381 0x1260 pcmcia - ok
21:50:49.0400 0x1260 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
21:50:49.0411 0x1260 pcw - ok
21:50:49.0432 0x1260 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
21:50:49.0444 0x1260 pdc - ok
21:50:49.0482 0x1260 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
21:50:49.0507 0x1260 PEAUTH - ok
21:50:49.0587 0x1260 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
21:50:49.0599 0x1260 PerfHost - ok
21:50:49.0661 0x1260 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
21:50:49.0707 0x1260 pla - ok
21:50:49.0740 0x1260 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
21:50:49.0755 0x1260 PlugPlay - ok
21:50:49.0777 0x1260 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
21:50:49.0790 0x1260 PNRPAutoReg - ok
21:50:49.0805 0x1260 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
21:50:49.0826 0x1260 PNRPsvc - ok
21:50:49.0869 0x1260 [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
21:50:49.0889 0x1260 PolicyAgent - ok
21:50:49.0913 0x1260 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
21:50:49.0927 0x1260 Power - ok
21:50:50.0112 0x1260 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
21:50:50.0182 0x1260 PrintNotify - ok
21:50:50.0222 0x1260 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
21:50:50.0235 0x1260 Processor - ok
21:50:50.0257 0x1260 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
21:50:50.0274 0x1260 ProfSvc - ok
21:50:50.0305 0x1260 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
21:50:50.0319 0x1260 Psched - ok
21:50:50.0347 0x1260 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
21:50:50.0365 0x1260 QWAVE - ok
21:50:50.0386 0x1260 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
21:50:50.0398 0x1260 QWAVEdrv - ok
21:50:50.0415 0x1260 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:50:50.0427 0x1260 RasAcd - ok
21:50:50.0450 0x1260 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:50:50.0465 0x1260 RasAuto - ok
21:50:50.0501 0x1260 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:50:50.0525 0x1260 RasMan - ok
21:50:50.0549 0x1260 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:50:50.0565 0x1260 RasPppoe - ok
21:50:50.0595 0x1260 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:50:50.0615 0x1260 rdbss - ok
21:50:50.0644 0x1260 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
21:50:50.0665 0x1260 rdpbus - ok
21:50:50.0688 0x1260 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
21:50:50.0714 0x1260 RDPDR - ok
21:50:50.0737 0x1260 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
21:50:50.0748 0x1260 RdpVideoMiniport - ok
21:50:50.0772 0x1260 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
21:50:50.0787 0x1260 rdyboost - ok
21:50:50.0828 0x1260 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
21:50:50.0859 0x1260 ReFS - ok
21:50:50.0885 0x1260 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:50:50.0901 0x1260 RemoteAccess - ok
21:50:50.0935 0x1260 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:50:50.0951 0x1260 RemoteRegistry - ok
21:50:51.0008 0x1260 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
21:50:51.0044 0x1260 RFCOMM - ok
21:50:51.0067 0x1260 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
21:50:51.0081 0x1260 RpcEptMapper - ok
21:50:51.0096 0x1260 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
21:50:51.0108 0x1260 RpcLocator - ok
21:50:51.0143 0x1260 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:50:51.0173 0x1260 RpcSs - ok
21:50:51.0186 0x1260 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:50:51.0201 0x1260 rspndr - ok
21:50:51.0230 0x1260 [ 4E6F99CCF3F3149CEC2D576005FD3D15, AE61B930391FD7171D48D808682EA470D9CD0876A209B9CECBC8883A219B66AF ] RSUSBVSTOR C:\WINDOWS\System32\Drivers\RtsUVStor.sys
21:50:51.0244 0x1260 RSUSBVSTOR - ok
21:50:51.0285 0x1260 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
21:50:51.0308 0x1260 RTL8168 - ok
21:50:51.0321 0x1260 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
21:50:51.0333 0x1260 s3cap - ok
21:50:51.0359 0x1260 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
21:50:51.0371 0x1260 SamSs - ok
21:50:51.0392 0x1260 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
21:50:51.0405 0x1260 sbp2port - ok
21:50:51.0438 0x1260 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
21:50:51.0455 0x1260 SCardSvr - ok
21:50:51.0484 0x1260 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
21:50:51.0500 0x1260 ScDeviceEnum - ok
21:50:51.0526 0x1260 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
21:50:51.0539 0x1260 scfilter - ok
21:50:51.0587 0x1260 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:50:51.0627 0x1260 Schedule - ok
21:50:51.0660 0x1260 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
21:50:51.0674 0x1260 SCPolicySvc - ok
21:50:51.0703 0x1260 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
21:50:51.0718 0x1260 sdbus - ok
21:50:51.0955 0x1260 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
21:50:51.0999 0x1260 SDScannerService - ok
21:50:52.0030 0x1260 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
21:50:52.0042 0x1260 sdstor - ok
21:50:52.0108 0x1260 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
21:50:52.0159 0x1260 SDUpdateService - ok
21:50:52.0187 0x1260 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
21:50:52.0199 0x1260 SDWSCService - ok
21:50:52.0225 0x1260 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
21:50:52.0237 0x1260 secdrv - ok
21:50:52.0259 0x1260 [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\WINDOWS\system32\seclogon.dll
21:50:52.0273 0x1260 seclogon - ok
21:50:52.0294 0x1260 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
21:50:52.0309 0x1260 SENS - ok
21:50:52.0340 0x1260 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
21:50:52.0357 0x1260 SensrSvc - ok
21:50:52.0379 0x1260 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
21:50:52.0390 0x1260 SerCx - ok
21:50:52.0416 0x1260 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
21:50:52.0429 0x1260 SerCx2 - ok
21:50:52.0440 0x1260 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
21:50:52.0452 0x1260 Serenum - ok
21:50:52.0469 0x1260 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
21:50:52.0484 0x1260 Serial - ok
21:50:52.0514 0x1260 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
21:50:52.0539 0x1260 sermouse - ok
21:50:52.0577 0x1260 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
21:50:52.0597 0x1260 SessionEnv - ok
21:50:52.0613 0x1260 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
21:50:52.0626 0x1260 sfloppy - ok
21:50:52.0648 0x1260 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:50:52.0670 0x1260 SharedAccess - ok
21:50:52.0707 0x1260 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:50:52.0740 0x1260 ShellHWDetection - ok
21:50:52.0757 0x1260 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
21:50:52.0768 0x1260 SiSRaid2 - ok
21:50:52.0781 0x1260 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
21:50:52.0793 0x1260 SiSRaid4 - ok
21:50:52.0807 0x1260 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
21:50:52.0820 0x1260 smphost - ok
21:50:52.0856 0x1260 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
21:50:52.0871 0x1260 SNMPTRAP - ok
21:50:52.0917 0x1260 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
21:50:52.0946 0x1260 spaceport - ok
21:50:52.0967 0x1260 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
21:50:52.0978 0x1260 SpbCx - ok
21:50:53.0024 0x1260 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
21:50:53.0053 0x1260 Spooler - ok
21:50:53.0253 0x1260 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
21:50:53.0425 0x1260 sppsvc - ok
21:50:53.0604 0x1260 [ C78B63F99F9C40F6C9B06A43A25E77B0, C96437BD4E98997DEDD9C0DC2B5D02AF5A5F9F35A79E712244DDADD6E62374B9 ] SRTSP C:\WINDOWS\System32\Drivers\NSx64\1607010.020\SRTSP64.SYS
21:50:53.0636 0x1260 SRTSP - ok
21:50:53.0661 0x1260 [ 27382B6CF36D08783212FCF8B3691649, 83ECFBE280BBA8A4073A34F1B36D57952543F1A9B31E13EF8A40D8A2F12C2F73 ] SRTSPX C:\WINDOWS\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS
21:50:53.0670 0x1260 SRTSPX - ok
21:50:53.0704 0x1260 [ 69DC128CF54009A686E0F0C57E2BA0DC, 961B1F1F4CD07D85660E63DEC0AACDE1BF0DA30C0E39C497AE31BD37C5591B72 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:50:53.0740 0x1260 srv - ok
21:50:53.0764 0x1260 [ CED8576CD925E83ABEB14F65EA205C29, 37803AB047B5717EDBB7009F504C87B8DE110FBC5D67DFE6A9C8F04B30DD9629 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
21:50:53.0789 0x1260 srv2 - ok
21:50:53.0812 0x1260 [ 4396587119D8F4B72561ED24666E7567, 11754EA2668B2088363EFD2BCE4FDABC8836A6C9D78873F2A4F3517A48932ABF ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
21:50:53.0829 0x1260 srvnet - ok
21:50:53.0857 0x1260 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:50:53.0875 0x1260 SSDPSRV - ok
21:50:53.0902 0x1260 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
21:50:53.0917 0x1260 SstpSvc - ok
21:50:53.0951 0x1260 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:50:53.0962 0x1260 ssudmdm - ok
21:50:53.0976 0x1260 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
21:50:53.0987 0x1260 stexstor - ok
21:50:54.0022 0x1260 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
21:50:54.0047 0x1260 stisvc - ok
21:50:54.0071 0x1260 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
21:50:54.0084 0x1260 storahci - ok
21:50:54.0124 0x1260 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
21:50:54.0136 0x1260 storflt - ok
21:50:54.0158 0x1260 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
21:50:54.0170 0x1260 stornvme - ok
21:50:54.0196 0x1260 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
21:50:54.0209 0x1260 StorSvc - ok
21:50:54.0230 0x1260 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
21:50:54.0242 0x1260 storvsc - ok
21:50:54.0272 0x1260 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
21:50:54.0285 0x1260 svsvc - ok
21:50:54.0313 0x1260 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
21:50:54.0324 0x1260 swenum - ok
21:50:54.0366 0x1260 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
21:50:54.0394 0x1260 swprv - ok
21:50:54.0466 0x1260 [ 6ADFA39058484ADECCCF159627DC987E, FF8376D3441ABA6742773F83BF4DE46A0DB05FD9BA29902454E0E4C05ABC7E58 ] SymEFASI C:\WINDOWS\system32\drivers\NSx64\1607010.020\SYMEFASI64.SYS
21:50:54.0509 0x1260 SymEFASI - ok
21:50:54.0529 0x1260 [ 1DE0CBF15AC67AE0E5B456ADEFB89493, C764815313BB4332279730AA02531A448A1D32F5B6D5689FF04549406A5B5212 ] SymELAM C:\WINDOWS\system32\drivers\NSx64\1607010.020\SymELAM.sys
21:50:54.0541 0x1260 SymELAM - ok
21:50:54.0572 0x1260 [ F612740A892E8F9E789A85DD92B51150, 67F43FC6CE7A2238DA875657F2223787829316B410EB9A1481C4DF92258C7804 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
21:50:54.0599 0x1260 SymEvent - ok
21:50:54.0619 0x1260 [ 9458A37D3A38597FBF62F97E05B3170A, 22724BBCC4426978B656F614B68FB1A80E0E14B56128122A29DAB33266C0E88C ] SymIRON C:\WINDOWS\system32\drivers\NSx64\1607010.020\Ironx64.SYS
21:50:54.0633 0x1260 SymIRON - ok
21:50:54.0654 0x1260 [ 5A185256AE1689912B5EC53F69D53820, D692B735AF2764CE29C6182A5C496994AD3A9EF9D5FB600EE9CE8B664F39D0FA ] SymNetS C:\WINDOWS\System32\Drivers\NSx64\1607010.020\SYMNETS.SYS
21:50:54.0674 0x1260 SymNetS - ok
21:50:54.0725 0x1260 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
21:50:54.0762 0x1260 SysMain - ok
21:50:54.0796 0x1260 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
21:50:54.0813 0x1260 SystemEventsBroker - ok
21:50:54.0846 0x1260 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
21:50:54.0862 0x1260 TabletInputService - ok
21:50:54.0898 0x1260 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:50:54.0916 0x1260 TapiSrv - ok
21:50:55.0016 0x1260 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
21:50:55.0087 0x1260 Tcpip - ok
21:50:55.0166 0x1260 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:50:55.0238 0x1260 TCPIP6 - ok
21:50:55.0264 0x1260 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
21:50:55.0276 0x1260 tcpipreg - ok
21:50:55.0303 0x1260 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
21:50:55.0317 0x1260 tdx - ok
21:50:55.0517 0x1260 [ E99CD4524662A2DA7C73372C626669D8, 694DF29BF6CFF8CA06B8C701BBD148DCF58D6A6ECE3CF6CC900B0D0E5A3DFDF2 ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
21:50:55.0637 0x1260 TeamViewer9 - ok
21:50:55.0688 0x1260 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
21:50:55.0699 0x1260 terminpt - ok
21:50:55.0755 0x1260 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
21:50:55.0792 0x1260 TermService - ok
21:50:55.0820 0x1260 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
21:50:55.0835 0x1260 Themes - ok
21:50:55.0865 0x1260 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
21:50:55.0879 0x1260 THREADORDER - ok
21:50:55.0899 0x1260 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
21:50:55.0918 0x1260 TimeBroker - ok
21:50:55.0946 0x1260 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
21:50:55.0960 0x1260 TPM - ok
21:50:55.0989 0x1260 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
21:50:56.0004 0x1260 TrkWks - ok
21:50:56.0049 0x1260 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
21:50:56.0063 0x1260 TrustedInstaller - ok
21:50:56.0089 0x1260 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
21:50:56.0102 0x1260 TsUsbFlt - ok
21:50:56.0128 0x1260 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
21:50:56.0141 0x1260 TsUsbGD - ok
21:50:56.0165 0x1260 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
21:50:56.0180 0x1260 tunnel - ok
21:50:56.0211 0x1260 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
21:50:56.0223 0x1260 uagp35 - ok
21:50:56.0243 0x1260 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
21:50:56.0255 0x1260 UASPStor - ok
21:50:56.0290 0x1260 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
21:50:56.0304 0x1260 UCX01000 - ok
21:50:56.0331 0x1260 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
21:50:56.0348 0x1260 udfs - ok
21:50:56.0376 0x1260 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
21:50:56.0387 0x1260 UEFI - ok
21:50:56.0410 0x1260 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
21:50:56.0423 0x1260 UI0Detect - ok
21:50:56.0438 0x1260 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
21:50:56.0450 0x1260 uliagpkx - ok
21:50:56.0461 0x1260 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
21:50:56.0474 0x1260 umbus - ok
21:50:56.0490 0x1260 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
21:50:56.0502 0x1260 UmPass - ok
21:50:56.0541 0x1260 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
21:50:56.0559 0x1260 UmRdpService - ok
21:50:56.0589 0x1260 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:50:56.0613 0x1260 upnphost - ok
21:50:56.0638 0x1260 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
21:50:56.0653 0x1260 usbccgp - ok
21:50:56.0666 0x1260 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
21:50:56.0680 0x1260 usbcir - ok
21:50:56.0701 0x1260 [ BBFD17B6B954FC9FA02E62D604052069, 47D2B7228EABA7F37F69A1756B69FFFB19F0C2CC2869C5BF674E4FD9257488A2 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
21:50:56.0715 0x1260 usbehci - ok
21:50:56.0740 0x1260 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
21:50:56.0761 0x1260 usbhub - ok
21:50:56.0791 0x1260 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
21:50:56.0812 0x1260 USBHUB3 - ok
21:50:56.0832 0x1260 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
21:50:56.0844 0x1260 usbohci - ok
21:50:56.0870 0x1260 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
21:50:56.0883 0x1260 usbprint - ok
21:50:56.0908 0x1260 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:50:56.0921 0x1260 usbscan - ok
21:50:56.0947 0x1260 [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
21:50:56.0960 0x1260 USBSTOR - ok
21:50:56.0972 0x1260 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
21:50:56.0986 0x1260 usbuhci - ok
21:50:57.0016 0x1260 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
21:50:57.0032 0x1260 usbvideo - ok
21:50:57.0068 0x1260 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
21:50:57.0086 0x1260 USBXHCI - ok
21:50:57.0103 0x1260 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
21:50:57.0116 0x1260 VaultSvc - ok
21:50:57.0138 0x1260 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
21:50:57.0150 0x1260 vdrvroot - ok
21:50:57.0230 0x1260 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
21:50:57.0281 0x1260 vds - ok
21:50:57.0312 0x1260 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
21:50:57.0326 0x1260 VerifierExt - ok
21:50:57.0369 0x1260 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
21:50:57.0392 0x1260 vhdmp - ok
21:50:57.0413 0x1260 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
21:50:57.0423 0x1260 viaide - ok
21:50:57.0445 0x1260 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
21:50:57.0457 0x1260 vmbus - ok
21:50:57.0469 0x1260 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
21:50:57.0480 0x1260 VMBusHID - ok
21:50:57.0512 0x1260 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
21:50:57.0534 0x1260 vmicguestinterface - ok
21:50:57.0557 0x1260 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
21:50:57.0579 0x1260 vmicheartbeat - ok
21:50:57.0602 0x1260 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
21:50:57.0628 0x1260 vmickvpexchange - ok
21:50:57.0647 0x1260 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
21:50:57.0673 0x1260 vmicrdv - ok
21:50:57.0690 0x1260 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
21:50:57.0712 0x1260 vmicshutdown - ok
21:50:57.0734 0x1260 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
21:50:57.0757 0x1260 vmictimesync - ok
21:50:57.0779 0x1260 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
21:50:57.0801 0x1260 vmicvss - ok
21:50:57.0822 0x1260 [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
21:50:57.0833 0x1260 volmgr - ok
21:50:57.0866 0x1260 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
21:50:57.0885 0x1260 volmgrx - ok
21:50:57.0913 0x1260 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
21:50:57.0931 0x1260 volsnap - ok
21:50:57.0945 0x1260 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
21:50:57.0957 0x1260 vpci - ok
21:50:57.0976 0x1260 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
21:50:57.0990 0x1260 vsmraid - ok
21:50:58.0050 0x1260 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\WINDOWS\system32\vssvc.exe
21:50:58.0093 0x1260 VSS - ok
21:50:58.0117 0x1260 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
21:50:58.0137 0x1260 VSTXRAID - ok
21:50:58.0183 0x1260 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
21:50:58.0217 0x1260 vwifibus - ok
21:50:58.0241 0x1260 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
21:50:58.0266 0x1260 vwififlt - ok
21:50:58.0289 0x1260 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
21:50:58.0301 0x1260 vwifimp - ok
21:50:58.0330 0x1260 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
21:50:58.0351 0x1260 W32Time - ok
21:50:58.0372 0x1260 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
21:50:58.0385 0x1260 WacomPen - ok
21:50:58.0462 0x1260 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
21:50:58.0508 0x1260 wbengine - ok
21:50:58.0536 0x1260 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
21:50:58.0560 0x1260 WbioSrvc - ok
21:50:58.0588 0x1260 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
21:50:58.0610 0x1260 Wcmsvc - ok
21:50:58.0645 0x1260 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
21:50:58.0668 0x1260 wcncsvc - ok
21:50:58.0696 0x1260 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
21:50:58.0711 0x1260 WcsPlugInService - ok
21:50:58.0735 0x1260 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
21:50:58.0747 0x1260 WdBoot - ok
21:50:58.0776 0x1260 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
21:50:58.0804 0x1260 Wdf01000 - ok
21:50:58.0832 0x1260 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
21:50:58.0849 0x1260 WdFilter - ok
21:50:58.0870 0x1260 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
21:50:58.0887 0x1260 WdiServiceHost - ok
21:50:58.0892 0x1260 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
21:50:58.0908 0x1260 WdiSystemHost - ok
21:50:58.0933 0x1260 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
21:50:58.0947 0x1260 WdNisDrv - ok
21:50:58.0964 0x1260 WdNisSvc - ok
21:50:58.0991 0x1260 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\WINDOWS\System32\webclnt.dll
21:50:59.0010 0x1260 WebClient - ok
21:50:59.0040 0x1260 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
21:50:59.0057 0x1260 Wecsvc - ok
21:50:59.0076 0x1260 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
21:50:59.0089 0x1260 WEPHOSTSVC - ok
21:50:59.0114 0x1260 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
21:50:59.0129 0x1260 wercplsupport - ok
21:50:59.0154 0x1260 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
21:50:59.0171 0x1260 WerSvc - ok
21:50:59.0194 0x1260 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
21:50:59.0217 0x1260 WFPLWFS - ok
21:50:59.0244 0x1260 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
21:50:59.0258 0x1260 WiaRpc - ok
21:50:59.0283 0x1260 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
21:50:59.0298 0x1260 WIMMount - ok
21:50:59.0302 0x1260 WinDefend - ok
21:50:59.0353 0x1260 [ 310388D06C11C507226CD7C2D21D5ACE, E8158111566D553B8F0E86C33B5F75AF3A4A3405503927822B80DF64D8DEFB05 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
21:50:59.0384 0x1260 WinHttpAutoProxySvc - ok
21:50:59.0443 0x1260 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:50:59.0461 0x1260 Winmgmt - ok
21:50:59.0560 0x1260 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:50:59.0634 0x1260 WinRM - ok
21:50:59.0661 0x1260 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys
21:50:59.0675 0x1260 WinUsb - ok
21:50:59.0786 0x1260 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
21:50:59.0831 0x1260 WlanSvc - ok
21:50:59.0898 0x1260 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
21:50:59.0943 0x1260 wlidsvc - ok
21:50:59.0966 0x1260 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
21:50:59.0978 0x1260 WmiAcpi - ok
21:51:00.0008 0x1260 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
21:51:00.0024 0x1260 wmiApSrv - ok
21:51:00.0047 0x1260 WMPNetworkSvc - ok
21:51:00.0075 0x1260 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
21:51:00.0104 0x1260 Wof - ok
21:51:00.0167 0x1260 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
21:51:00.0214 0x1260 workfolderssvc - ok
21:51:00.0235 0x1260 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
21:51:00.0247 0x1260 wpcfltr - ok
21:51:00.0265 0x1260 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
21:51:00.0278 0x1260 WPCSvc - ok
21:51:00.0304 0x1260 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
21:51:00.0318 0x1260 WPDBusEnum - ok
21:51:00.0346 0x1260 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
21:51:00.0357 0x1260 WpdUpFltr - ok
21:51:00.0381 0x1260 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
21:51:00.0395 0x1260 ws2ifsl - ok
21:51:00.0416 0x1260 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
21:51:00.0431 0x1260 wscsvc - ok
21:51:00.0438 0x1260 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
21:51:00.0451 0x1260 WSDPrintDevice - ok
21:51:00.0473 0x1260 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\WINDOWS\System32\drivers\WSDScan.sys
21:51:00.0485 0x1260 WSDScan - ok
21:51:00.0488 0x1260 WSearch - ok
21:51:00.0620 0x1260 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
21:51:00.0717 0x1260 WSService - ok
21:51:00.0920 0x1260 [ 020F47C655ED1F63BBA834AA53575D5C, 7E36BB83B937CEA8B5D1EAF1DF63D32D64CA8045DA377DF5237D2F4DC16574CC ] wuauserv C:\WINDOWS\system32\wuaueng.dll
21:51:01.0004 0x1260 wuauserv - ok
21:51:01.0036 0x1260 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
21:51:01.0050 0x1260 WudfPf - ok
21:51:01.0063 0x1260 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
21:51:01.0080 0x1260 WUDFRd - ok
21:51:01.0087 0x1260 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\System32\drivers\WUDFRd.sys
21:51:01.0102 0x1260 WUDFSensorLP - ok
21:51:01.0126 0x1260 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
21:51:01.0141 0x1260 wudfsvc - ok
21:51:01.0149 0x1260 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
21:51:01.0165 0x1260 WUDFWpdFs - ok
21:51:01.0172 0x1260 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
21:51:01.0187 0x1260 WUDFWpdMtp - ok
21:51:01.0215 0x1260 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
21:51:01.0238 0x1260 WwanSvc - ok
21:51:01.0329 0x1260 [ C591D6054EE2E668CF9361B9266EB4DA, 080430886C431DC534F6A0E9D4F40584E6B16A7D7907F311EA03305A91757C96 ] YSearchUtilSvc C:\Program Files (x86)\Yahoo!\yset\{604FCFE8-4252-7D4E-9CBB-C95E3FF55FD7}\YSearchUtilSvc.exe
21:51:01.0363 0x1260 YSearchUtilSvc - ok
21:51:01.0371 0x1260 ================ Scan global ===============================
21:51:01.0393 0x1260 [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\WINDOWS\system32\basesrv.dll
21:51:01.0415 0x1260 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
21:51:01.0446 0x1260 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
21:51:01.0483 0x1260 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
21:51:01.0490 0x1260 [ Global ] - ok
21:51:01.0491 0x1260 ================ Scan MBR ==================================
21:51:01.0506 0x1260 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:51:01.0722 0x1260 \Device\Harddisk0\DR0 - ok
21:51:01.0729 0x1260 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR4
21:51:01.0816 0x1260 \Device\Harddisk1\DR4 - ok
21:51:01.0819 0x1260 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR3
21:51:01.0864 0x1260 \Device\Harddisk2\DR3 - ok
21:51:01.0865 0x1260 ================ Scan VBR ==================================
21:51:01.0891 0x1260 [ A7246EE81C6A6F6CC45A1C9D9F5F7921 ] \Device\Harddisk0\DR0\Partition1
21:51:01.0894 0x1260 \Device\Harddisk0\DR0\Partition1 - ok
21:51:01.0908 0x1260 [ EF0BB73008249E793120EF8E59A48F30 ] \Device\Harddisk0\DR0\Partition2
21:51:01.0909 0x1260 \Device\Harddisk0\DR0\Partition2 - ok
21:51:01.0920 0x1260 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
21:51:01.0921 0x1260 \Device\Harddisk0\DR0\Partition3 - ok
21:51:01.0937 0x1260 [ E553233B75FE673361E6158481901F45 ] \Device\Harddisk0\DR0\Partition4
21:51:01.0940 0x1260 \Device\Harddisk0\DR0\Partition4 - ok
21:51:01.0944 0x1260 [ 439B30F6063ADAEB88CFD345FA2F269E ] \Device\Harddisk1\DR4\Partition1
21:51:01.0944 0x1260 \Device\Harddisk1\DR4\Partition1 - ok
21:51:01.0950 0x1260 [ 88D4D6BF121381C1CFEA1B29A66B31E5 ] \Device\Harddisk2\DR3\Partition1
21:51:01.0952 0x1260 \Device\Harddisk2\DR3\Partition1 - ok
21:51:01.0953 0x1260 ================ Scan generic autorun ======================
21:51:02.0085 0x1260 [ 5858DE874168C5F0AEA7A353DD520D48, DB77AF431227AEBD92C6E40AC723435E83DCF4620B7366D4FA6D9ACB500AA6EA ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
21:51:02.0144 0x1260 CanonMyPrinter - ok
21:51:02.0178 0x1260 [ 46E91D8F23069D12CB990FE8A9B05CAA, 54C3677D42463DBE33C2390D72AB35C1FB76B0DB919F0237ED5DB03D08FA004E ] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
21:51:02.0189 0x1260 IJNetworkScanUtility - ok
21:51:02.0243 0x1260 [ 00AB2B491C7037BB219BEB26FAD34C72, 95EDBBE07EB85EEE1376252AA975BAA61235C80FC03036357BD4786E5D6B9703 ] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
21:51:02.0282 0x1260 CanonSolutionMenuEx - ok
21:51:02.0318 0x1260 [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
21:51:02.0334 0x1260 IJNetworkScannerSelectorEX - ok
21:51:02.0371 0x1260 [ E3B5AF054806682787A1232021BD25E0, 6DBCF5625DF0323D12D3B8C41C8B75DCC3F93770FB8682BCEFA774F4680C2283 ] C:\Program Files (x86)\PDF24\pdf24.exe
21:51:02.0384 0x1260 PDFPrint - ok
21:51:02.0427 0x1260 [ 6EACC43D0542EF88226FB34B0B12EDB0, 6345E4B49D7F804F6DE042F981AB172822B6AB74C42209BEFB0582B019430884 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
21:51:02.0447 0x1260 SunJavaUpdateSched - ok
21:51:02.0580 0x1260 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
21:51:02.0663 0x1260 SDTray - ok
21:51:02.0788 0x1260 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Carolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
21:51:02.0812 0x1260 Dropbox Update - ok
21:51:02.0882 0x1260 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
21:51:02.0907 0x1260 SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
21:51:02.0907 0x1260 Detect skipped due to KSN trusted
21:51:02.0907 0x1260 SpybotPostWindows10UpgradeReInstall - ok
21:51:02.0911 0x1260 AV detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\WSCStub.exe ( 22.7.0.0 ), 0x51000 ( enabled : updated )
21:51:02.0911 0x1260 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
21:51:02.0912 0x1260 FW detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\WSCStub.exe ( 22.7.0.0 ), 0x51010 ( enabled )
21:51:03.0022 0x1260
21:51:03.0022 0x1260 Scan finished
21:51:03.0022 0x1260
21:51:03.0043 0x1e10 Detected object count: 0
21:51:03.0043 0x1e10 Actual detected object count: 0
|
|
03.09.2016, 21:04
| #6 |
| /// TB-Ausbilder | Browser immitierte Bankseite und forderte Pineingabe - Trojaner? Servus, Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
04.09.2016, 12:10
| #7 |
| | Browser immitierte Bankseite und forderte Pineingabe - Trojaner?Code:
ATTFilter # AdwCleaner v6.010 - Bericht erstellt am 04/09/2016 um 12:20:03
# Aktualisiert am 12/08/2016 von ToolsLib
# Datenbank : 2016-09-03.2 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : Carolina - CAROLINA
# Gestartet von : C:\Users\Carolina\Desktop\AdwCleaner_6.010.exe
# Modus: Löschen
# Unterstützung : https://toolslib.net/forum
***** [ Dienste ] *****
[-] Dienst gelöscht: YSearchUtilSvc
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Users\Carolina\AppData\Local\YSearchUtil
[-] Ordner gelöscht: C:\Users\Carolina\Desktop\ppt
[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro
[-] Ordner gelöscht: C:\Program Files (x86)\Yahoo!\yset
[-] Ordner gelöscht: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
***** [ Dateien ] *****
[-] Datei gelöscht: C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\5e2e3eil.default-1414797382018\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsProtectManger
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-4300-7A786E7484D7}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Wert gelöscht: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-4300-7A786E7484D7}]
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileViewPro_is1
[-] Schlüssel gelöscht: HKU\S-1-5-21-985286299-975283114-1846765778-1001\Software\OCS
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\OCS
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Wert gelöscht: HKU\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5808 Bytes] - [04/09/2016 12:20:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [5755 Bytes] - [04/09/2016 12:17:52]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5954 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 04.09.2016 Suchlaufzeit: 12:23 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.09.04.04 Rootkit-Datenbank: v2016.08.15.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Carolina Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 329648 Abgelaufene Zeit: 30 Min., 12 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 x64
Ran by Carolina (Administrator) on 04.09.2016 at 12:58:44,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 3
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Carolina\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job (Task)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.09.2016 at 13:01:37,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von Carolina (Administrator) auf CAROLINA (04-09-2016 13:02:40)
Gestartet von C:\Users\Carolina\Desktop
Geladene Profile: Carolina (Verfügbare Profile: Carolina)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Run: [Dropbox Update] => C:\Users\Carolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\MountPoints2: {a6852633-d385-11e3-be89-6036dda75de5} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
Startup: C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{58BF2E8F-2EA9-4F17-AF2E-78712D3E35C0}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
URLSearchHook: HKLM-x32 -> Standard = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\S-1-5-21-985286299-975283114-1846765778-1001 -> {E29367D3-A777-43D0-B942-BF09BA6AF55C} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-03] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-985286299-975283114-1846765778-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
FireFox:
========
FF ProfilePath: C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\5e2e3eil.default-1414797382018
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Extension: (Firefox Hotfix) - C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\5e2e3eil.default-1414797382018\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon [2016-07-05]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-22] (IObit)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NS.exe [289080 2016-08-16] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-15] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20160826.008\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607010.020\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20160902.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-04] (Malwarebytes)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1607010.020\SRTSP64.SYS [773360 2016-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1607010.020\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607010.020\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607010.020\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160706.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160706.008\EX64.SYS [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-09-04 13:02 - 2016-09-04 13:03 - 00016938 _____ C:\Users\Carolina\Desktop\FRST.txt
2016-09-04 13:01 - 2016-09-04 13:02 - 00000771 _____ C:\Users\Carolina\Desktop\JRT.txt
2016-09-04 12:56 - 2016-09-04 12:56 - 00006052 _____ C:\Users\Carolina\Desktop\AdwCleaner[C0].txt
2016-09-04 12:55 - 2016-09-04 12:55 - 01610560 _____ (Malwarebytes) C:\Users\Carolina\Desktop\JRT.exe
2016-09-04 12:54 - 2016-09-04 12:54 - 00001198 _____ C:\Users\Carolina\Desktop\mbam.txt
2016-09-04 11:49 - 2016-09-04 12:20 - 00000000 ____D C:\AdwCleaner
2016-09-04 11:48 - 2016-09-04 11:48 - 03826240 _____ C:\Users\Carolina\Desktop\AdwCleaner_6.010.exe
2016-09-03 21:47 - 2016-09-03 21:53 - 00434902 _____ C:\TDSSKiller.3.1.0.11_03.09.2016_21.47.19_log.txt
2016-09-03 21:43 - 2016-09-04 13:02 - 00000000 ____D C:\FRST
2016-09-03 21:42 - 2016-09-03 21:42 - 02397696 _____ (Farbar) C:\Users\Carolina\Desktop\FRST64.exe
2016-09-03 14:24 - 2016-09-03 17:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-03 14:24 - 2016-09-03 14:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-03 14:24 - 2016-09-03 14:24 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-03 14:24 - 2016-09-03 14:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-09-03 14:24 - 2016-09-03 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-03 14:24 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-09-03 14:17 - 2016-09-03 14:20 - 12846600 _____ (Safer-Networking Ltd. ) C:\Users\Carolina\Downloads\spybot-2.4.40(1).exe.part
2016-09-03 13:46 - 2016-09-03 13:46 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Carolina\Downloads\spybot-2.4.40.exe
2016-09-03 13:44 - 2016-09-03 13:44 - 22851472 _____ (Malwarebytes ) C:\Users\Carolina\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-02 16:29 - 2016-09-03 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-02 12:24 - 2016-09-02 12:24 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-28 23:19 - 2016-08-28 23:20 - 00038471 _____ C:\Users\Carolina\Desktop\Müller online Fotoservice.pdf
2016-08-24 21:34 - 2016-08-24 21:35 - 00000000 ____D C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-24 14:02 - 2016-08-24 14:02 - 00003216 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-08-24 14:02 - 2016-08-24 14:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2016-08-19 18:11 - 2016-08-19 18:11 - 00000000 ____D C:\Users\Carolina\Documents\Mathematische_Ausarbeitungen_BSF11_und_BSF12_%28teilweise_BSF13%29
2016-08-19 18:09 - 2016-08-19 18:09 - 00000000 ____D C:\Users\Carolina\Documents\Stegreifaufgaben_BSF11_un_BSF12
2016-08-19 17:56 - 2016-08-19 17:56 - 00000000 ____D C:\Users\Carolina\Documents\Schulaufgabe
2016-08-13 18:21 - 2016-07-08 16:18 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-13 18:20 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-13 18:20 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-13 18:20 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-08-13 18:20 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-08-13 18:20 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-13 18:20 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-08-13 18:20 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-08-13 18:20 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-13 18:20 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-08-13 18:20 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-13 18:20 - 2016-08-02 07:46 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-08-13 18:20 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-08-13 18:20 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-08-13 18:20 - 2016-08-02 07:39 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-13 18:20 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-13 18:20 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-13 18:20 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-13 18:20 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-13 18:20 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-13 18:20 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-13 18:20 - 2016-08-02 07:20 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-08-13 18:20 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-13 18:20 - 2016-08-02 07:15 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-13 18:20 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-13 18:20 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-13 18:20 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-13 18:20 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-13 18:20 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-13 18:20 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-13 18:20 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-13 18:20 - 2016-07-06 16:26 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-13 18:20 - 2016-07-06 16:26 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-08-13 18:20 - 2016-07-06 16:23 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-08-13 18:20 - 2016-07-06 16:21 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-13 18:18 - 2016-07-12 16:08 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-13 18:18 - 2016-07-09 02:09 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-08-13 18:18 - 2016-07-09 02:08 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-08-13 18:18 - 2016-07-08 16:32 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-13 18:18 - 2016-07-08 16:25 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-13 18:18 - 2016-07-08 16:22 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-13 18:18 - 2016-07-08 16:19 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-08-13 18:18 - 2016-07-08 16:17 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-08-13 18:18 - 2016-07-08 00:33 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-08-13 18:18 - 2016-07-07 23:53 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-08-13 18:18 - 2016-07-07 22:06 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-08-13 18:18 - 2016-05-19 01:18 - 00563024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-13 18:18 - 2016-05-19 01:18 - 00397232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-08-13 18:18 - 2016-05-19 01:16 - 00178016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-13 18:18 - 2016-05-19 00:28 - 00340880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-09-04 12:55 - 2014-02-16 11:49 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-04 12:46 - 2014-10-08 19:55 - 00000000 ____D C:\Users\Carolina\AppData\Roaming\Dropbox
2016-09-04 12:26 - 2014-02-04 18:11 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-985286299-975283114-1846765778-1001
2016-09-04 12:23 - 2014-06-25 18:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-04 12:22 - 2014-10-08 19:58 - 00000000 ___RD C:\Users\Carolina\Dropbox
2016-09-04 12:22 - 2014-02-16 13:36 - 00000000 __RDO C:\Users\Carolina\SkyDrive
2016-09-04 12:21 - 2016-02-08 19:42 - 00000374 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-09-04 12:21 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-04 12:20 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-09-04 12:19 - 2015-10-20 22:14 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-09-04 11:48 - 2016-02-12 20:24 - 00000000 ____D C:\Users\Carolina\.gimp-2.8
2016-09-04 08:28 - 2014-02-16 15:29 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8268C022-4357-47A2-BFEF-A114E6961FEE}
2016-09-04 08:28 - 2013-11-14 09:27 - 01686150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-04 08:28 - 2013-11-14 09:11 - 00727930 _____ C:\WINDOWS\system32\perfh007.dat
2016-09-04 08:28 - 2013-11-14 09:11 - 00151586 _____ C:\WINDOWS\system32\perfc007.dat
2016-09-04 08:28 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-09-03 14:26 - 2015-12-11 19:47 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-03 14:22 - 2015-07-05 19:34 - 00000000 ____D C:\ProgramData\Oracle
2016-09-03 14:22 - 2015-07-05 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-03 14:22 - 2015-07-05 19:34 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-03 14:21 - 2015-10-20 22:11 - 00000000 ____D C:\Users\Carolina\.oracle_jre_usage
2016-09-03 14:21 - 2015-07-05 19:34 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-09-03 14:20 - 2015-01-05 11:40 - 00000000 ____D C:\Users\Carolina\AppData\Local\CrashDumps
2016-09-03 14:12 - 2014-02-09 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-03 14:12 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Performance
2016-09-03 13:45 - 2015-10-20 22:10 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-09-03 13:45 - 2014-06-25 18:30 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-09-03 13:34 - 2015-12-11 19:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-09-02 13:25 - 2014-02-09 12:34 - 01105920 ___SH C:\Users\Carolina\Desktop\Thumbs.db
2016-09-02 12:52 - 2014-02-16 13:16 - 00000000 ____D C:\Users\Carolina
2016-09-02 12:24 - 2014-02-04 16:13 - 00159805 ____N C:\WINDOWS\Minidump\090216-30312-01.dmp
2016-09-01 09:33 - 2014-04-27 21:53 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-08-29 09:53 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-24 14:02 - 2016-07-05 20:46 - 00002324 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-08-24 14:02 - 2014-12-14 14:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-08-24 14:02 - 2014-12-14 14:16 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2016-08-19 11:21 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-08-19 10:21 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-18 09:01 - 2013-08-22 16:44 - 00410080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-17 20:52 - 2014-02-08 19:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-17 20:49 - 2014-02-08 19:45 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-16 20:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-13 19:56 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-13 19:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-02-13 00:50 - 2016-02-13 00:50 - 0016796 _____ () C:\Users\Carolina\AppData\Local\recently-used.xbel
Einige Dateien in TEMP:
====================
C:\Users\Carolina\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Carolina\AppData\Local\Temp\libeay32.dll
C:\Users\Carolina\AppData\Local\Temp\msvcr120.dll
C:\Users\Carolina\AppData\Local\Temp\sqlite3.dll
C:\Users\Carolina\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-09-04 09:10
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Carolina (04-09-2016 13:03:24)
Gestartet von C:\Users\Carolina\Desktop
Windows 8.1 (Update) (X64) (2014-02-16 11:32:56)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-985286299-975283114-1846765778-500 - Administrator - Disabled)
Carolina (S-1-5-21-985286299-975283114-1846765778-1001 - Administrator - Enabled) => C:\Users\Carolina
Gast (S-1-5-21-985286299-975283114-1846765778-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-985286299-975283114-1846765778-1005 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Bandizip (HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Bandizip) (Version: 3.10 - Bandisoft.com)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.)
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.82.0 - International GeoGebra Institute)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Norton Security (HKLM-x32\...\NS) (Version: 22.7.1.32 - Symantec Corporation)
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.39045 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Carolina\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {08047DF3-1B2D-44DC-A14A-6474149F9564} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E6F0863-8C69-47B0-9A0B-20372BBE8D4C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {28EF32BD-CAB1-4E63-8952-7FFA1592D417} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {747939DD-B643-4F26-8856-D8CCFE25ADA3} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {8079A0BD-E6E9-4057-8F82-0830AD0A1B7D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {AE5579F1-7971-453D-9E88-6BC6AAE1C063} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {CC126947-852B-4624-B8A9-2C7971C24B51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {CC24FD9C-6C68-4AAC-B37E-235A274FF93B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {DDCF6622-B13A-4A26-9DBE-42B727B0612C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-17] (Microsoft Corporation)
Task: {EF05F4BA-F4F2-415B-AB55-8B922AC7C4EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-985286299-975283114-1846765778-1001Core1d0c1fb4e728405.job => C:\Users\Carolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Carolina\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1919035336_de-de.lnk -> hxxp://paint.net
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-27 21:57 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-04-20 20:28 - 2014-04-20 20:28 - 00611648 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-09-03 14:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-09-03 14:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-09-03 14:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-09-03 14:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-09-03 14:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-985286299-975283114-1846765778-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Carolina\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FD2D0CBE-2ACA-4AAC-8C5D-1B886A96EDA7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2DEE37ED-7C7F-4540-97CB-36AD955CF87B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{F0B9CEFB-F3BF-4F2A-B3E4-B402FD767BDF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E76C26C5-2BD1-433C-A368-E25B2159FA1C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{50BDE0CF-E37A-4593-A1D7-8BAC9A913096}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{121B0D97-D676-4213-8767-EA7CB6692538}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{8A3FB726-2F3F-4803-B61C-921845D80F11}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{97BF3BBB-63FD-4C8F-83EE-4B947F143D6F}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{BBA7191A-9D55-4B21-B94D-BC2B6BA85B5A}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{25F9C33E-5CF0-4EFE-B554-CEDCDAE83445}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A73631B-3944-451B-85BE-5E60202642AF}] => (Allow) LPort=2869
FirewallRules: [{67A66FAB-516C-4A78-B394-E86FAA5B327F}] => (Allow) LPort=1900
FirewallRules: [{8D3461A7-1C02-492C-ADCF-13CB6B24A7B5}] => (Allow) C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6CDC17CD-C5A7-4807-A61B-BF5CB68D3A3C}] => (Allow) C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{CD614C83-5B07-4FCE-9CC3-ED70796B3E21}C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{43C48600-5632-4AC0-BC0A-224EA33825B8}C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B07A1A75-3DF1-42BC-ADEA-ABFC444EBD8F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68DC9D0E-2780-44B5-9DEE-A72BB78C9BD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EF72481-AD33-49DF-BC7F-B5787FACD404}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6B53120D-2DA3-4EF7-91A2-48E131A20EB0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1165420B-AB4D-4AA5-BB45-F1F184D5B73E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C3824513-55AD-44C5-B0AC-A01E11CE2D0D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{947ADD07-0DD8-4463-8A85-46F7AED753ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{24BE4FB8-0FAB-421C-8328-C661F52ADDD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46C0F00D-5D25-4258-A60E-70C866E9C705}] => (Allow) %systemroot%\system32\alg.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
19-08-2016 10:18:20 Windows Update
22-08-2016 22:07:03 Windows Update
30-08-2016 14:13:55 Geplanter Prüfpunkt
04-09-2016 12:58:48 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/04/2016 12:22:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/04/2016 12:22:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/04/2016 12:14:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/04/2016 12:14:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/03/2016 05:11:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (09/03/2016 02:20:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 48.0.2.6079 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1014
Startzeit: 01d205dc8eb1792b
Endzeit: 34
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: c94d91ed-71d0-11e6-bf77-6036dda75de5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/03/2016 02:20:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 48.0.2.6079, Zeitstempel: 0x57bd3628
Name des fehlerhaften Moduls: mozglue.dll, Version: 48.0.2.6079, Zeitstempel: 0x57bd2857
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000efe5
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0x01d205dc93442b17
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: cd1a0fbf-71d0-11e6-bf77-6036dda75de5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/03/2016 02:13:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/03/2016 02:13:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/03/2016 02:12:45 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Systemfehler:
=============
Error: (09/04/2016 12:21:20 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.
Error: (09/04/2016 12:20:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (09/04/2016 12:20:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%3 = Das System kann den angegebenen Pfad nicht finden.
Error: (09/04/2016 12:20:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3 = Das System kann den angegebenen Pfad nicht finden.
Error: (09/04/2016 12:20:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056 = Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (09/04/2016 12:19:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/04/2016 12:19:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/04/2016 12:19:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/04/2016 12:19:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/04/2016 12:19:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 20%
Installierter physikalischer RAM: 8061.27 MB
Verfügbarer physikalischer RAM: 6420 MB
Summe virtueller Speicher: 16253.27 MB
Verfügbarer virtueller Speicher: 14602.36 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:931 GB) (Free:844.55 GB) NTFS
Drive e: (INTENSO) (Fixed) (Total:931.28 GB) (Free:711.2 GB) FAT32
Drive f: (Carolina Schule) (Fixed) (Total:931.48 GB) (Free:912.93 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 104EC38C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 1809107F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
|
|
05.09.2016, 08:28
| #8 |
| /// TB-Ausbilder | Browser immitierte Bankseite und forderte Pineingabe - Trojaner? Servus, wir entfernen die letzten Reste und kontrollieren nochmal alles.  Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
CMD: dir "C:\Program Files (x86)"
CMD: dir "C:\Program Files"
CMD: dir "C:\ProgramData"
CMD: dir "%appdata%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 4
Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
05.09.2016, 14:06
| #9 |
| | Browser immitierte Bankseite und forderte Pineingabe - Trojaner?Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Carolina (05-09-2016 12:41:24) Run:1
Gestartet von C:\Users\Carolina\Desktop
Geladene Profile: Carolina (Verfügbare Profile: Carolina)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
CMD: dir "C:\Program Files (x86)"
CMD: dir "C:\Program Files"
CMD: dir "C:\ProgramData"
CMD: dir "%appdata%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
========= dir "C:\Program Files (x86)" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CEF9-EEDF
Verzeichnis von C:\Program Files (x86)
04.09.2016 23:18 <DIR> .
04.09.2016 23:18 <DIR> ..
23.03.2014 21:41 <DIR> 7-Zip
09.02.2014 14:56 <DIR> Adobe
02.01.2016 15:58 <DIR> Canon
03.09.2016 14:22 <DIR> Common Files
04.09.2016 23:18 <DIR> ESET
19.04.2015 20:14 <DIR> GeoGebra 5.0
16.02.2014 13:12 <DIR> Intel
17.08.2016 20:53 <DIR> Internet Explorer
20.04.2014 20:28 <DIR> IObit
03.09.2016 14:22 <DIR> Java
03.09.2016 13:45 <DIR> Malwarebytes Anti-Malware
06.02.2014 02:31 <DIR> Microsoft Analysis Services
06.02.2014 02:35 <DIR> Microsoft Office
26.06.2016 17:05 <DIR> Microsoft Silverlight
28.06.2014 14:50 <DIR> Microsoft SQL Server Compact Edition
16.02.2014 13:18 <DIR> Microsoft.NET
03.09.2016 14:12 <DIR> Mozilla Firefox
03.09.2016 14:12 <DIR> Mozilla Maintenance Service
14.12.2014 14:16 <DIR> Norton Security
14.12.2014 14:16 <DIR> NortonInstaller
10.01.2016 15:33 <DIR> PDF24
09.02.2014 14:53 <DIR> PDFCreator
09.02.2014 13:21 <DIR> Realtek
03.09.2016 14:28 <DIR> Spybot - Search & Destroy 2
09.02.2014 12:39 <DIR> TeamViewer
22.08.2015 11:49 <DIR> Windows Defender
28.06.2014 14:50 <DIR> Windows Live
17.03.2015 00:27 <DIR> Windows Mail
17.03.2015 00:27 <DIR> Windows Media Player
17.03.2015 00:27 <DIR> Windows Multimedia Platform
22.08.2013 17:36 <DIR> Windows NT
17.03.2015 00:27 <DIR> Windows Photo Viewer
17.03.2015 00:27 <DIR> Windows Portable Devices
22.08.2013 17:36 <DIR> WindowsPowerShell
04.09.2016 12:19 <DIR> Yahoo!
0 Datei(en), 0 Bytes
37 Verzeichnis(se), 905.905.934.336 Bytes frei
========= Ende von CMD: =========
========= dir "C:\Program Files" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CEF9-EEDF
Verzeichnis von C:\Program Files
03.09.2016 14:11 <DIR> .
03.09.2016 14:11 <DIR> ..
02.01.2016 15:44 <DIR> Canon
07.02.2016 17:20 <DIR> CEWE
11.12.2015 19:47 <DIR> Common Files
12.02.2016 20:21 <DIR> GIMP 2
16.02.2014 13:12 <DIR> Intel
17.08.2016 20:53 <DIR> Internet Explorer
06.02.2014 02:31 <DIR> Microsoft Office
26.06.2016 17:05 <DIR> Microsoft Silverlight
22.08.2015 11:49 <DIR> Windows Defender
10.05.2016 21:34 <DIR> Windows Journal
17.03.2015 00:29 <DIR> Windows Mail
17.03.2015 00:29 <DIR> Windows Media Player
17.03.2015 00:29 <DIR> Windows Multimedia Platform
16.02.2014 13:31 <DIR> Windows NT
17.03.2015 00:29 <DIR> Windows Photo Viewer
17.03.2015 00:29 <DIR> Windows Portable Devices
17.03.2015 00:27 <DIR> WindowsPowerShell
0 Datei(en), 0 Bytes
19 Verzeichnis(se), 905.905.934.336 Bytes frei
========= Ende von CMD: =========
========= dir "C:\ProgramData" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CEF9-EEDF
Verzeichnis von C:\ProgramData
09.02.2014 15:00 <DIR> Adobe
16.02.2014 11:33 <DIR> Canon IJ Network Tool
28.04.2014 22:40 <DIR> CanonIJ
01.09.2016 09:33 <DIR> CanonIJPLM
02.01.2016 15:46 <DIR> CanonIJWSpt
16.06.2015 06:42 <DIR> Dropbox
07.02.2016 17:25 <DIR> hps
20.04.2014 20:28 <DIR> IObit
10.01.2016 15:38 <DIR> IsolatedStorage
20.04.2014 20:33 <DIR> Malwarebytes
16.02.2014 11:49 <DIR> McAfee
22.08.2016 22:08 <DIR> Microsoft Help
09.02.2014 14:58 <DIR> Mozilla
27.06.2016 21:24 <DIR> Norton
14.12.2014 14:16 <DIR> NortonInstaller
03.09.2016 14:22 <DIR> Oracle
14.01.2016 21:22 <DIR> Package Cache
16.02.2014 13:18 <DIR> PRICache
17.03.2015 00:27 <DIR> regid.1991-06.com.microsoft
03.09.2016 17:02 <DIR> Spybot - Search & Destroy
05.07.2015 19:34 <DIR> Sun
13.03.2016 14:50 <DIR> tmp
0 Datei(en), 0 Bytes
22 Verzeichnis(se), 905.905.930.240 Bytes frei
========= Ende von CMD: =========
========= dir "%appdata%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CEF9-EEDF
Verzeichnis von C:\Users\Carolina\AppData\Roaming
05.09.2016 00:23 <DIR> .
05.09.2016 00:23 <DIR> ..
12.11.2014 21:47 <DIR> Adobe
31.03.2014 19:15 <DIR> Canon
05.09.2016 10:21 <DIR> Dropbox
05.05.2015 21:58 <DIR> GeoGebra 5.0
16.02.2014 13:33 <DIR> Identities
20.04.2014 20:28 <DIR> IObit
10.01.2016 15:38 <DIR> IsolatedStorage
04.02.2014 18:19 <DIR> Macromedia
09.02.2014 14:58 <DIR> Mozilla
09.02.2014 14:54 <DIR> PDF Architect
05.09.2016 00:23 <DIR> ProductData
20.10.2015 22:11 <DIR> Sun
25.06.2014 18:01 <DIR> unpacked17601
0 Datei(en), 0 Bytes
15 Verzeichnis(se), 905.905.930.240 Bytes frei
========= Ende von CMD: =========
========= RemoveProxy: =========
HKU\S-1-5-21-985286299-975283114-1846765778-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-985286299-975283114-1846765778-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 16777216 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50625491 B
Java, Flash, Steam htmlcache => 18345 B
Windows/system/drivers => 12792714 B
Edge => 0 B
Chrome => 0 B
Firefox => 395606370 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 31280360 B
LocalService => 4497720 B
NetworkService => 4230 B
Carolina => 39495675 B
RecycleBin => 8203910 B
EmptyTemp: => 533.4 MB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 12:42:34 ====
Code:
ATTFilter # product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6d5a6a0d72c89f4cbed836df00277daf
# engine=30651
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-09-05 12:45:00
# local_time=2016-09-05 02:45:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Norton Security'
# compatibility_mode=3604 16777213 100 94 1035117 16809686 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 32842552 86987794 0 0
# scanned=272137
# found=0
# cleaned=0
# scan_time=6874
Code:
ATTFilter HitmanPro 3.7.14.265
www.hitmanpro.com
Computer name . . . . : CAROLINA
Windows . . . . . . . : 6.3.0.9600.X64/4
User name . . . . . . : CAROLINA\Carolina
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2016-09-05 14:49:58
Scan mode . . . . . . : Normal
Scan duration . . . . : 8m 7s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 1
Objects scanned . . . : 2.003.458
Files scanned . . . . : 73.497
Remnants scanned . . : 543.340 files / 1.386.621 keys
Suspicious files ____________________________________________________________
C:\Users\Carolina\Desktop\FRST64.exe
Size . . . . . . . : 2.397.696 bytes
Age . . . . . . . : 1.7 days (2016-09-03 21:42:40)
Entropy . . . . . : 7.6
SHA-256 . . . . . : EFF67DD0CB40498753A49A710C08A3A6376C7DE296D23B8AEF5D4221A6017692
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\Users\Carolina\Desktop\FRST64.exe
0.1s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\CmnClnt\ccSubSDK\{CBD20984-8860-4FB2-A6F7-3A34ACDA5E35}
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Carolina (05-09-2016 14:59:16)
Gestartet von C:\Users\Carolina\Desktop
Windows 8.1 (Update) (X64) (2014-02-16 11:32:56)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-985286299-975283114-1846765778-500 - Administrator - Disabled)
Carolina (S-1-5-21-985286299-975283114-1846765778-1001 - Administrator - Enabled) => C:\Users\Carolina
Gast (S-1-5-21-985286299-975283114-1846765778-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-985286299-975283114-1846765778-1005 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Bandizip (HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Bandizip) (Version: 3.10 - Bandisoft.com)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.)
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.82.0 - International GeoGebra Institute)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Norton Security (HKLM-x32\...\NS) (Version: 22.7.1.32 - Symantec Corporation)
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.39045 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Carolina\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-985286299-975283114-1846765778-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {08047DF3-1B2D-44DC-A14A-6474149F9564} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E6F0863-8C69-47B0-9A0B-20372BBE8D4C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {28EF32BD-CAB1-4E63-8952-7FFA1592D417} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {747939DD-B643-4F26-8856-D8CCFE25ADA3} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {82BBBE20-8B03-4B46-B99A-A1540F232A63} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {AE5579F1-7971-453D-9E88-6BC6AAE1C063} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {CC126947-852B-4624-B8A9-2C7971C24B51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {CC24FD9C-6C68-4AAC-B37E-235A274FF93B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {DDCF6622-B13A-4A26-9DBE-42B727B0612C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-17] (Microsoft Corporation)
Task: {EF05F4BA-F4F2-415B-AB55-8B922AC7C4EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-985286299-975283114-1846765778-1001Core1d0c1fb4e728405.job => C:\Users\Carolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Carolina\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1919035336_de-de.lnk -> hxxp://paint.net
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-27 21:57 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-07-05 10:14 - 2015-07-05 10:15 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-04-20 20:28 - 2014-04-20 20:28 - 00611648 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-09-03 14:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-09-03 14:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-09-03 14:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-09-03 14:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-09-03 14:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-07-12 07:19 - 2016-07-12 04:07 - 00035792 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-08-24 21:34 - 2016-07-12 04:07 - 00145864 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-08-24 21:34 - 2016-07-12 04:07 - 00019408 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-08-24 21:34 - 2016-07-12 04:07 - 00116688 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-07-12 07:19 - 2016-07-12 04:07 - 00100296 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-07-12 07:19 - 2016-07-12 04:07 - 00018888 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\select.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00019760 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-07-12 07:19 - 2016-07-12 04:07 - 00694224 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00020816 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-07-12 07:19 - 2016-07-12 04:07 - 00123856 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 01682760 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00020808 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-08-13 13:53 - 2016-08-24 01:17 - 00021312 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00052024 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00105928 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-13 13:53 - 2016-08-24 01:17 - 00025424 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00038696 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-08-24 21:34 - 2016-07-12 04:07 - 00392144 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-08-24 21:34 - 2016-07-12 04:09 - 00020936 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00024528 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00114640 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00381752 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00124880 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00024016 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00175560 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00030160 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00043472 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00048592 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00026456 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00057808 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00024016 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00246592 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00028616 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00020800 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00019776 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00020800 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-07-12 07:19 - 2016-07-12 04:07 - 00144848 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-08-13 13:53 - 2016-07-12 04:08 - 00241104 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00020280 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00023376 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00350152 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-07-12 07:19 - 2016-08-24 01:17 - 00022352 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00024392 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-08-24 21:34 - 2016-07-12 04:09 - 00036296 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\librsync.dll
2016-08-24 21:34 - 2016-08-24 01:17 - 00084280 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-08-24 21:34 - 2016-08-24 01:17 - 01826096 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-07-12 07:19 - 2016-07-12 04:07 - 00083912 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\sip.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 03929392 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 01972016 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00531248 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00132912 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00224056 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00207672 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-13 13:53 - 2016-08-24 01:17 - 00020288 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-07-12 07:19 - 2016-07-12 04:09 - 00060880 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-13 13:53 - 2016-08-24 01:17 - 00024904 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00546096 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00357680 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00168248 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-08-24 21:34 - 2016-08-24 01:17 - 00042808 _____ () C:\Users\Carolina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-01-10 15:33 - 2015-11-18 14:04 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2016-01-10 15:33 - 2015-11-18 14:04 - 00052256 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-985286299-975283114-1846765778-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Carolina\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FD2D0CBE-2ACA-4AAC-8C5D-1B886A96EDA7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2DEE37ED-7C7F-4540-97CB-36AD955CF87B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{F0B9CEFB-F3BF-4F2A-B3E4-B402FD767BDF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E76C26C5-2BD1-433C-A368-E25B2159FA1C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{50BDE0CF-E37A-4593-A1D7-8BAC9A913096}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{121B0D97-D676-4213-8767-EA7CB6692538}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{8A3FB726-2F3F-4803-B61C-921845D80F11}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{97BF3BBB-63FD-4C8F-83EE-4B947F143D6F}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{BBA7191A-9D55-4B21-B94D-BC2B6BA85B5A}] => (Allow) C:\ProgramData\pennybee\pennybee.exe
FirewallRules: [{25F9C33E-5CF0-4EFE-B554-CEDCDAE83445}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A73631B-3944-451B-85BE-5E60202642AF}] => (Allow) LPort=2869
FirewallRules: [{67A66FAB-516C-4A78-B394-E86FAA5B327F}] => (Allow) LPort=1900
FirewallRules: [{8D3461A7-1C02-492C-ADCF-13CB6B24A7B5}] => (Allow) C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6CDC17CD-C5A7-4807-A61B-BF5CB68D3A3C}] => (Allow) C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{CD614C83-5B07-4FCE-9CC3-ED70796B3E21}C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{43C48600-5632-4AC0-BC0A-224EA33825B8}C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\carolina\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B07A1A75-3DF1-42BC-ADEA-ABFC444EBD8F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68DC9D0E-2780-44B5-9DEE-A72BB78C9BD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EF72481-AD33-49DF-BC7F-B5787FACD404}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6B53120D-2DA3-4EF7-91A2-48E131A20EB0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1165420B-AB4D-4AA5-BB45-F1F184D5B73E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C3824513-55AD-44C5-B0AC-A01E11CE2D0D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{947ADD07-0DD8-4463-8A85-46F7AED753ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{24BE4FB8-0FAB-421C-8328-C661F52ADDD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46C0F00D-5D25-4258-A60E-70C866E9C705}] => (Allow) %systemroot%\system32\alg.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
19-08-2016 10:18:20 Windows Update
22-08-2016 22:07:03 Windows Update
30-08-2016 14:13:55 Geplanter Prüfpunkt
04-09-2016 12:58:48 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/05/2016 02:48:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Carolina\Downloads\esetsmartinstaller_deu(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (09/05/2016 01:41:26 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 80070005).
Error: (09/05/2016 12:48:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Carolina\Downloads\esetsmartinstaller_deu(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (09/05/2016 12:48:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Carolina\Downloads\esetsmartinstaller_deu(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (09/05/2016 12:48:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Carolina\Downloads\esetsmartinstaller_deu(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (09/05/2016 12:48:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Carolina\Downloads\esetsmartinstaller_deu(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (09/05/2016 12:46:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (09/05/2016 12:44:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/05/2016 12:44:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/05/2016 12:43:37 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Systemfehler:
=============
Error: (09/05/2016 02:25:53 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (09/05/2016 02:25:53 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (09/05/2016 02:24:48 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (09/05/2016 02:24:48 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (09/05/2016 02:23:59 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (09/05/2016 02:23:59 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (09/05/2016 02:23:26 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (09/05/2016 02:23:26 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (09/05/2016 02:23:24 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (09/05/2016 02:23:24 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 8061.27 MB
Verfügbarer physikalischer RAM: 4956.27 MB
Summe virtueller Speicher: 16253.27 MB
Verfügbarer virtueller Speicher: 13196.24 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:931 GB) (Free:844.12 GB) NTFS
Drive e: (Kindle) (Removable) (Total:3.04 GB) (Free:2.79 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 3 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von Carolina (Administrator) auf CAROLINA (05-09-2016 14:58:33)
Gestartet von C:\Users\Carolina\Desktop
Geladene Profile: Carolina (Verfügbare Profile: Carolina)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Dropbox, Inc.) C:\Users\Carolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Run: [Dropbox Update] => C:\Users\Carolina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-985286299-975283114-1846765778-1001\...\MountPoints2: {a6852633-d385-11e3-be89-6036dda75de5} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Carolina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
Startup: C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Carolina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{58BF2E8F-2EA9-4F17-AF2E-78712D3E35C0}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-985286299-975283114-1846765778-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
URLSearchHook: HKLM-x32 -> Standard = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\S-1-5-21-985286299-975283114-1846765778-1001 -> {E29367D3-A777-43D0-B942-BF09BA6AF55C} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-03] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-985286299-975283114-1846765778-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
FireFox:
========
FF ProfilePath: C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\5e2e3eil.default-1414797382018
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Extension: (Firefox Hotfix) - C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\5e2e3eil.default-1414797382018\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon [2016-07-05]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-22] (IObit)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NS.exe [289080 2016-08-16] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-15] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20160826.008\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607010.020\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20160902.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-04] (Malwarebytes)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1607010.020\SRTSP64.SYS [773360 2016-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1607010.020\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607010.020\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607010.020\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160706.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160706.008\EX64.SYS [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-09-05 14:49 - 2016-09-05 14:58 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-05 14:48 - 2016-09-05 14:48 - 11438608 _____ (SurfRight B.V.) C:\Users\Carolina\Desktop\HitmanPro_x64.exe
2016-09-05 14:47 - 2016-09-05 14:47 - 00000735 _____ C:\Users\Carolina\Desktop\Eset.txt
2016-09-05 12:47 - 2016-09-05 12:47 - 02870984 _____ (ESET) C:\Users\Carolina\Downloads\esetsmartinstaller_deu(1).exe
2016-09-05 12:41 - 2016-09-05 12:42 - 00008073 _____ C:\Users\Carolina\Desktop\Fixlog.txt
2016-09-05 00:23 - 2016-09-05 00:23 - 00000000 ____D C:\Users\Carolina\AppData\Roaming\ProductData
2016-09-04 23:18 - 2016-09-04 23:18 - 00000000 ____D C:\Program Files (x86)\ESET
2016-09-04 23:17 - 2016-09-04 23:18 - 02870984 _____ (ESET) C:\Users\Carolina\Downloads\esetsmartinstaller_deu.exe
2016-09-04 17:03 - 2016-09-04 17:03 - 00000000 ____D C:\Users\Carolina\Documents\264
2016-09-04 17:01 - 2016-09-04 17:01 - 00000000 ____D C:\Users\Carolina\Documents\137
2016-09-04 16:49 - 2016-09-04 16:49 - 00000000 ____D C:\Users\Carolina\Documents\210
2016-09-04 16:45 - 2016-09-04 16:45 - 00000000 ____D C:\Users\Carolina\Documents\274
2016-09-04 16:39 - 2016-09-04 16:39 - 00000000 ____D C:\Users\Carolina\Documents\261
2016-09-04 16:36 - 2016-09-04 16:36 - 00000000 ____D C:\Users\Carolina\Documents\136
2016-09-04 16:26 - 2016-09-04 16:26 - 00000000 ____D C:\Users\Carolina\Documents\238
2016-09-04 13:02 - 2016-09-05 14:58 - 00018215 _____ C:\Users\Carolina\Desktop\FRST.txt
2016-09-04 12:54 - 2016-09-04 12:54 - 00001198 _____ C:\Users\Carolina\Desktop\mbam.txt
2016-09-04 11:49 - 2016-09-04 12:20 - 00000000 ____D C:\AdwCleaner
2016-09-03 21:47 - 2016-09-03 21:53 - 00434902 _____ C:\TDSSKiller.3.1.0.11_03.09.2016_21.47.19_log.txt
2016-09-03 21:43 - 2016-09-05 14:58 - 00000000 ____D C:\FRST
2016-09-03 21:42 - 2016-09-03 21:42 - 02397696 _____ (Farbar) C:\Users\Carolina\Desktop\FRST64.exe
2016-09-03 14:24 - 2016-09-03 17:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-03 14:24 - 2016-09-03 14:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-03 14:24 - 2016-09-03 14:24 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-03 14:24 - 2016-09-03 14:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-09-03 14:24 - 2016-09-03 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-03 14:24 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-09-03 14:17 - 2016-09-03 14:20 - 12846600 _____ (Safer-Networking Ltd. ) C:\Users\Carolina\Downloads\spybot-2.4.40(1).exe.part
2016-09-03 13:46 - 2016-09-03 13:46 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Carolina\Downloads\spybot-2.4.40.exe
2016-09-03 13:44 - 2016-09-03 13:44 - 22851472 _____ (Malwarebytes ) C:\Users\Carolina\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-02 16:29 - 2016-09-03 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-02 12:24 - 2016-09-02 12:24 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-28 23:19 - 2016-08-28 23:20 - 00038471 _____ C:\Users\Carolina\Desktop\Müller online Fotoservice.pdf
2016-08-24 21:34 - 2016-08-24 21:35 - 00000000 ____D C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-24 14:02 - 2016-08-24 14:02 - 00003216 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-08-24 14:02 - 2016-08-24 14:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2016-08-19 18:11 - 2016-08-19 18:11 - 00000000 ____D C:\Users\Carolina\Documents\Mathematische_Ausarbeitungen_BSF11_und_BSF12_%28teilweise_BSF13%29
2016-08-19 18:09 - 2016-08-19 18:09 - 00000000 ____D C:\Users\Carolina\Documents\Stegreifaufgaben_BSF11_un_BSF12
2016-08-19 17:56 - 2016-08-19 17:56 - 00000000 ____D C:\Users\Carolina\Documents\Schulaufgabe
2016-08-13 18:21 - 2016-07-08 16:18 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-13 18:20 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-13 18:20 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-13 18:20 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-08-13 18:20 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-08-13 18:20 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-13 18:20 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-08-13 18:20 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-08-13 18:20 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-13 18:20 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-08-13 18:20 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-13 18:20 - 2016-08-02 07:46 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-08-13 18:20 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-08-13 18:20 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-08-13 18:20 - 2016-08-02 07:39 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-13 18:20 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-13 18:20 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-13 18:20 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-13 18:20 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-13 18:20 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-13 18:20 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-13 18:20 - 2016-08-02 07:20 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-08-13 18:20 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-13 18:20 - 2016-08-02 07:15 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-13 18:20 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-13 18:20 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-13 18:20 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-13 18:20 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-13 18:20 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-13 18:20 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-13 18:20 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-13 18:20 - 2016-07-06 16:26 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-13 18:20 - 2016-07-06 16:26 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-08-13 18:20 - 2016-07-06 16:23 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-08-13 18:20 - 2016-07-06 16:21 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-13 18:18 - 2016-07-12 16:08 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-13 18:18 - 2016-07-09 02:09 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-08-13 18:18 - 2016-07-09 02:08 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-08-13 18:18 - 2016-07-08 16:32 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-13 18:18 - 2016-07-08 16:25 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-13 18:18 - 2016-07-08 16:22 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-13 18:18 - 2016-07-08 16:19 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-08-13 18:18 - 2016-07-08 16:17 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-08-13 18:18 - 2016-07-08 00:33 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-08-13 18:18 - 2016-07-07 23:53 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-08-13 18:18 - 2016-07-07 22:06 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-08-13 18:18 - 2016-05-19 01:18 - 00563024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-13 18:18 - 2016-05-19 01:18 - 00397232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-08-13 18:18 - 2016-05-19 01:16 - 00178016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-13 18:18 - 2016-05-19 00:28 - 00340880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-09-05 14:55 - 2014-02-16 11:49 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-05 14:45 - 2013-11-14 09:27 - 01686150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-05 14:45 - 2013-11-14 09:11 - 00727930 _____ C:\WINDOWS\system32\perfh007.dat
2016-09-05 14:45 - 2013-11-14 09:11 - 00151586 _____ C:\WINDOWS\system32\perfc007.dat
2016-09-05 14:45 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-09-05 14:32 - 2014-10-08 19:55 - 00000000 ____D C:\Users\Carolina\AppData\Roaming\Dropbox
2016-09-05 12:46 - 2014-02-16 13:36 - 00000000 ___DO C:\Users\Carolina\SkyDrive
2016-09-05 12:45 - 2014-10-08 19:58 - 00000000 ___RD C:\Users\Carolina\Dropbox
2016-09-05 12:44 - 2016-02-08 19:42 - 00000374 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-09-05 12:44 - 2014-02-09 12:34 - 01105920 ___SH C:\Users\Carolina\Desktop\Thumbs.db
2016-09-05 12:44 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-09-05 12:43 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-05 12:42 - 2014-02-04 20:22 - 00000000 ____D C:\Users\Carolina\AppData\LocalLow\Temp
2016-09-05 12:42 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-09-05 08:57 - 2014-02-16 15:29 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8268C022-4357-47A2-BFEF-A114E6961FEE}
2016-09-04 22:24 - 2015-12-11 19:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-09-04 18:45 - 2016-02-12 20:24 - 00000000 ____D C:\Users\Carolina\.gimp-2.8
2016-09-04 13:14 - 2014-02-04 18:11 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-985286299-975283114-1846765778-1001
2016-09-04 12:23 - 2014-06-25 18:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-04 12:19 - 2015-10-20 22:14 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-09-03 14:26 - 2015-12-11 19:47 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-03 14:22 - 2015-07-05 19:34 - 00000000 ____D C:\ProgramData\Oracle
2016-09-03 14:22 - 2015-07-05 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-03 14:22 - 2015-07-05 19:34 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-03 14:21 - 2015-10-20 22:11 - 00000000 ____D C:\Users\Carolina\.oracle_jre_usage
2016-09-03 14:21 - 2015-07-05 19:34 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-09-03 14:20 - 2015-01-05 11:40 - 00000000 ____D C:\Users\Carolina\AppData\Local\CrashDumps
2016-09-03 14:12 - 2014-02-09 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-03 14:12 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Performance
2016-09-03 13:45 - 2015-10-20 22:10 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-09-03 13:45 - 2014-06-25 18:30 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-09-02 12:52 - 2014-02-16 13:16 - 00000000 ____D C:\Users\Carolina
2016-09-02 12:24 - 2014-02-04 16:13 - 00159805 ____N C:\WINDOWS\Minidump\090216-30312-01.dmp
2016-09-01 09:33 - 2014-04-27 21:53 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-08-24 14:02 - 2016-07-05 20:46 - 00002324 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-08-24 14:02 - 2014-12-14 14:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-08-24 14:02 - 2014-12-14 14:16 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2016-08-19 11:21 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-08-19 10:21 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-18 09:01 - 2013-08-22 16:44 - 00410080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-17 20:52 - 2014-02-08 19:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-17 20:49 - 2014-02-08 19:45 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-16 20:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-13 19:56 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-13 19:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-02-13 00:50 - 2016-02-13 00:50 - 0016796 _____ () C:\Users\Carolina\AppData\Local\recently-used.xbel
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-09-04 15:30
==================== Ende von FRST.txt ============================
Vielen Dank schonmal!!! |
|
05.09.2016, 20:10
| #10 | ||||||||||
| /// TB-Ausbilder | Browser immitierte Bankseite und forderte Pineingabe - Trojaner? Servus, wegen dem langsamen Firefox hast du folgende Möglichkeiten: - Spybot deinstallieren, evtl. verlangsamt es Firefox - Firefox zurücksetzen - Norton ist auch nicht gerade für "systembeschleunigende" Eigenschaften bekannt...  Alternativen für Norton (evtl. wenn Lizenz abgelaufen ist), siehe weiter untenWenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
06.09.2016, 19:53
| #11 |
| | Browser immitierte Bankseite und forderte Pineingabe - Trojaner? Super, danke!!!! Ich denke, dass es jetzt passt!!!! Vielen Dank für deine Hilfe!!! |
|
06.09.2016, 22:53
| #12 |
| /// TB-Ausbilder | Browser immitierte Bankseite und forderte Pineingabe - Trojaner? Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Browser immitierte Bankseite und forderte Pineingabe - Trojaner? |
| appdata, bli, browser, code, computer, dll, ebanking, erkannt, explorer.exe, flash player, folge, gesperrt, helper.exe, hilfe!, laptop, malwarebytes, microsoft, online, onlinebanking, problem, roaming, software, spybot, system32, trojaner, trojaner?, websites |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
