|
Log-Analyse und Auswertung: Fremder Amazonzugriff - Verstecktes auf dem PC ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.09.2016, 15:45 | #1 |
| Fremder Amazonzugriff - Verstecktes auf dem PC ? Hallo zusammen, kürzlichst hat sich jemand Zugriff zu meinem Amazonkonto verschafft. (Bemerkt an einer fremden Bestellung). Mit Amazon & co. bin ich bereits in Kontakt - allerdings würde ich gerne mal meinen PC gegenchecken lassen um mögliche Malware (bestmöglichst) auszuschließen. Danke schonmal! Anbei schonmal die FRST-Logs: FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2016 02 durchgeführt von Explo (Administrator) auf EXPLOOLPXE (25-09-2016 16:42:42) Gestartet von C:\Users\Explo\Desktop Geladene Profile: Explo (Verfügbare Profile: Explo) Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe () C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) C:\Users\Explo\Desktop\FRST64(1).exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft) HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [7241200 2016-07-26] (Emsisoft Ltd) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [222240 2016-04-28] (Geek Software GmbH) HKU\S-1-5-21-2660694709-3229954312-2415296201-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation) HKU\S-1-5-21-2660694709-3229954312-2415296201-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-2660694709-3229954312-2415296201-1001\...\MountPoints2: {44c36233-3e29-11e6-824f-806e6f6e6963} - "D:\data\setup.exe" ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7FF5B267-6E7E-4F2F-8485-E85A2F3A42A4}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-20] (Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-20] (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-09-20] (Microsoft Corporation) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-20] (Microsoft Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-20] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-20] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-20] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-20] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Extension: (DownThemAll!) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-31] FF Extension: (Stylish) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-05-31] FF Extension: (Greasemonkey) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-05-31] FF Extension: (anonymoX) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\client@anonymox.net.xpi [2015-05-31] FF Extension: (Ghostery) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\firefox@ghostery.com.xpi [2015-05-29] FF Extension: (Diablo 3 profile +) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\jid1-M4HE20OYnEIt5A@jetpack.xpi [2015-05-29] FF Extension: (Snap Links Plus) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\snaplinks@snaplinks.mozdev.org.xpi [2015-05-29] FF Extension: (uBlock Origin) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\uBlock0@raymondhill.net.xpi [2016-05-28] FF Extension: (NoScript) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-06-14] FF Extension: (Adblock Plus) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-28] Chrome: ======= CHR Profile: C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default [2016-09-25] CHR Extension: (Google Präsentationen) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-29] CHR Extension: (Google Docs) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-29] CHR Extension: (Google Drive) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-29] CHR Extension: (YouTube) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-29] CHR Extension: (Google Tabellen) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-29] CHR Extension: (Google Docs Offline) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-29] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-29] CHR Extension: (Google Mail) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-29] CHR Extension: (Chrome Media Router) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9331168 2016-07-26] (Emsisoft Ltd) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3035848 2016-09-15] (Microsoft Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation) S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [102912 2016-05-20] () [Datei ist nicht signiert] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [115832 2016-07-21] (Emsisoft Ltd) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] () R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation) R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-09-25 16:42 - 2016-09-25 16:43 - 00013860 _____ C:\Users\Explo\Desktop\FRST.txt 2016-09-25 16:35 - 2016-09-25 16:35 - 02402816 _____ (Farbar) C:\Users\Explo\Desktop\FRST64(1).exe 2016-09-24 15:22 - 2016-09-24 20:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2016-09-20 22:40 - 2016-09-20 22:40 - 01610560 _____ (Malwarebytes) C:\Users\Explo\Downloads\JRT(1).exe 2016-09-20 22:32 - 2016-09-20 22:32 - 03861056 _____ C:\Users\Explo\Downloads\AdwCleaner_6.020.exe 2016-09-20 22:07 - 2016-08-27 21:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-09-20 22:07 - 2016-08-27 21:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-09-20 22:07 - 2016-08-27 21:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe 2016-09-20 22:07 - 2016-08-27 20:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-09-20 22:07 - 2016-08-27 20:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-09-20 22:07 - 2016-08-27 20:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe 2016-09-20 22:07 - 2016-08-27 18:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2016-09-20 22:07 - 2016-08-27 18:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2016-09-20 22:07 - 2016-08-27 18:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2016-09-20 22:07 - 2016-08-27 17:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2016-09-20 22:07 - 2016-08-25 22:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2016-09-20 22:07 - 2016-08-25 21:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll 2016-09-20 22:07 - 2016-08-21 00:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-09-20 22:07 - 2016-08-21 00:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-09-20 22:07 - 2016-08-13 02:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-09-20 22:07 - 2016-08-13 02:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys 2016-09-20 22:07 - 2016-08-13 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys 2016-09-20 22:07 - 2016-08-13 02:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys 2016-09-20 22:07 - 2016-08-13 00:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll 2016-09-20 22:07 - 2016-08-13 00:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2016-09-20 22:07 - 2016-08-12 23:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-09-20 22:07 - 2016-08-12 23:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll 2016-09-20 22:07 - 2016-08-12 22:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-09-20 22:07 - 2016-08-12 03:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2016-09-20 22:07 - 2016-08-12 03:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2016-09-20 22:07 - 2016-08-11 20:33 - 00096256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys 2016-09-20 22:07 - 2016-08-11 20:33 - 00083456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys 2016-09-20 22:07 - 2016-08-11 20:33 - 00023040 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys 2016-09-20 22:07 - 2016-08-11 19:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe 2016-09-20 22:07 - 2016-08-11 15:39 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml 2016-09-20 22:07 - 2016-08-11 15:12 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2016-09-20 22:07 - 2016-08-11 15:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2016-09-20 22:07 - 2016-08-11 15:12 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2016-09-20 22:07 - 2016-08-11 15:11 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2016-09-20 22:07 - 2016-08-11 15:11 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2016-09-20 22:07 - 2016-08-11 15:11 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2016-09-20 22:07 - 2016-08-11 07:46 - 00420184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2016-09-20 22:07 - 2016-08-03 17:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll 2016-09-20 22:07 - 2016-08-03 17:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll 2016-09-20 22:07 - 2016-08-03 17:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll 2016-09-20 22:07 - 2016-08-03 17:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll 2016-09-20 22:07 - 2016-07-30 19:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2016-09-20 22:07 - 2016-07-30 18:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2016-09-20 22:07 - 2016-07-26 15:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS 2016-09-20 22:07 - 2016-07-26 15:40 - 00162850 _____ C:\Windows\system32\C_932.NLS 2016-09-20 22:07 - 2016-07-23 20:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll 2016-09-20 22:07 - 2016-07-23 20:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll 2016-09-20 03:46 - 2016-09-20 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office -Tools 2016-09-15 10:12 - 2016-09-15 10:12 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll 2016-09-15 10:12 - 2016-09-15 10:12 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll 2016-09-15 10:10 - 2016-09-15 10:10 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll 2016-09-15 10:08 - 2016-09-15 10:08 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll 2016-09-15 10:08 - 2016-09-15 10:08 - 00394504 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll 2016-09-15 10:08 - 2016-09-15 10:08 - 00334616 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll 2016-09-15 10:08 - 2016-09-15 10:08 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll 2016-09-15 10:06 - 2016-09-15 10:06 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll 2016-09-15 08:08 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-09-15 08:08 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-09-15 08:08 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-09-15 08:08 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-09-15 08:08 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-09-15 08:08 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-09-15 08:08 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-09-15 08:08 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-09-15 08:08 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-09-15 08:08 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-09-15 08:08 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-09-15 08:08 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-09-15 08:08 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-09-15 08:08 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-09-15 08:08 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-09-15 08:08 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-09-15 08:08 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-09-15 08:08 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-09-15 08:08 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-09-15 08:08 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-09-15 08:08 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-09-15 08:08 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-09-15 08:08 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2016-09-15 08:08 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-09-15 08:08 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2016-09-15 08:08 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-09-15 08:08 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-09-15 08:08 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-09-15 08:08 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-09-15 08:08 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-09-15 08:08 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-09-15 08:08 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-09-15 08:08 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-09-15 08:07 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-09-15 08:07 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-09-15 08:07 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-09-15 08:07 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-09-15 08:07 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-09-15 08:07 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-09-15 08:07 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-09-15 08:07 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-09-15 08:07 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-09-15 08:07 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-09-15 08:07 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-09-15 08:07 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-09-15 08:07 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-09-15 08:07 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2016-09-15 08:07 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-09-15 08:07 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-09-15 08:07 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-09-15 08:07 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-09-15 08:07 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-09-15 08:07 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-09-15 08:07 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-09-15 08:07 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll 2016-09-15 08:07 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll 2016-09-15 08:07 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll 2016-09-11 14:29 - 2016-09-11 14:29 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2016-09-04 13:11 - 2016-09-11 14:30 - 00000000 ____D C:\Users\Explo\Downloads\MusiHandy ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-09-25 16:42 - 2016-08-20 23:32 - 00000000 ____D C:\FRST 2016-09-25 16:38 - 2016-07-01 20:19 - 00000000 ____D C:\Users\Explo\AppData\Roaming\Skype 2016-09-25 16:22 - 2016-06-29 20:55 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware 2016-09-25 16:20 - 2016-06-29 21:02 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-25 12:44 - 2016-07-01 20:05 - 00000000 ____D C:\Users\Explo\AppData\Local\Battle.net 2016-09-25 10:21 - 2016-06-29 20:55 - 00000000 ____D C:\Users\Explo\AppData\Local\ClassicShell 2016-09-25 09:54 - 2016-07-01 20:05 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-09-25 09:20 - 2016-06-29 21:02 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-25 01:21 - 2016-07-01 20:12 - 00000000 ____D C:\Program Files (x86)\Steam 2016-09-24 20:00 - 2016-06-29 20:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-24 16:56 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2016-09-24 14:00 - 2016-07-01 20:11 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-09-22 11:03 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2016-09-21 23:41 - 2014-11-21 05:35 - 01686150 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-21 23:41 - 2014-11-21 04:45 - 00727930 _____ C:\Windows\system32\perfh007.dat 2016-09-21 23:41 - 2014-11-21 04:45 - 00151586 _____ C:\Windows\system32\perfc007.dat 2016-09-21 23:41 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2016-09-20 22:42 - 2016-07-31 00:16 - 00000543 _____ C:\Users\Explo\Desktop\JRT.txt 2016-09-20 22:38 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-20 22:37 - 2016-07-31 00:03 - 00000000 ____D C:\AdwCleaner 2016-09-20 22:22 - 2016-07-01 21:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-20 22:09 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-09-20 22:08 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2016-09-20 22:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-09-20 22:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed 2016-09-20 22:06 - 2016-07-01 19:29 - 00000000 ____D C:\Users\Explo\AppData\Local\Adobe 2016-09-20 22:05 - 2016-07-01 20:19 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-09-20 22:04 - 2013-08-22 16:44 - 00473064 _____ C:\Windows\system32\FNTCACHE.DAT 2016-09-20 22:02 - 2016-06-29 20:47 - 00000000 ____D C:\Users\Explo 2016-09-20 20:28 - 2016-06-29 20:47 - 00000000 ____D C:\Users\Explo\AppData\Local\Packages 2016-09-20 10:11 - 2016-06-29 20:52 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2660694709-3229954312-2415296201-1001 2016-09-20 03:46 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-09-20 03:45 - 2016-07-01 20:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-09-17 23:23 - 2016-06-29 20:51 - 00000000 __SHD C:\Users\Explo\AppData\LocalLow\EmieUserList 2016-09-17 23:23 - 2016-06-29 20:51 - 00000000 __SHD C:\Users\Explo\AppData\LocalLow\EmieSiteList 2016-09-17 23:23 - 2016-06-29 20:51 - 00000000 __SHD C:\Users\Explo\AppData\Local\EmieUserList 2016-09-17 23:23 - 2016-06-29 20:51 - 00000000 __SHD C:\Users\Explo\AppData\Local\EmieSiteList 2016-09-17 13:21 - 2016-06-29 21:02 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-17 13:21 - 2016-06-29 21:02 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-09-17 13:00 - 2016-06-29 21:09 - 00000000 ____D C:\Windows\system32\MRT 2016-09-17 12:58 - 2016-06-29 21:09 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-09-16 08:17 - 2016-07-01 20:11 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-16 08:16 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-16 08:16 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2016-09-10 18:19 - 2016-08-07 00:55 - 00096256 ___SH C:\Users\Explo\Downloads\Thumbs.db 2016-09-07 03:11 - 2014-11-21 13:01 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-09-07 03:11 - 2014-11-21 13:01 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-04 22:48 - 2016-07-24 21:06 - 00000000 ____D C:\Users\Explo\AppData\Roaming\TS3Client Einige Dateien in TEMP: ==================== C:\Users\Explo\AppData\Local\Temp\libeay32.dll C:\Users\Explo\AppData\Local\Temp\msvcr120.dll C:\Users\Explo\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-09-22 08:03 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24-09-2016 02 durchgeführt von Explo (25-09-2016 16:43:04) Gestartet von C:\Users\Explo\Desktop Windows 8.1 (Update) (X64) (2016-06-29 18:47:35) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2660694709-3229954312-2415296201-500 - Administrator - Disabled) Explo (S-1-5-21-2660694709-3229954312-2415296201-1001 - Administrator - Enabled) => C:\Users\Explo Gast (S-1-5-21-2660694709-3229954312-2415296201-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2660694709-3229954312-2415296201-1003 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Emsisoft Anti-Malware (Enabled - Up to date) {D1196F3E-3487-585D-3681-0661BD157EC3} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Emsisoft Anti-Malware (Enabled - Up to date) {6A788EDA-12BD-57D3-0C31-3D13C692347E} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - ) Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform) Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.8 - Emsisoft Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Indiana Jones and the Fate of Atlantis (HKLM\...\Steam App 6010) (Version: - LucasArts) Indiana Jones and the Last Crusade (HKLM\...\Steam App 32310) (Version: - LucasArts) Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.7341.2032 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2660694709-3229954312-2415296201-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 47.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 de)) (Version: 47.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1 - Mozilla) Mozilla Thunderbird 45.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.3.0 (x86 de)) (Version: 45.3.0 - Mozilla) Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.0.0 - Duodian Technology Co. Ltd.) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7341.2032 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7341.2032 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7341.2032 - Microsoft Corporation) Hidden PDF24 Creator 7.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Steuer-Sparer 2016 (HKLM-x32\...\{F7B36B93-F38D-4A38-A028-31E0A9622377}) (Version: 21.36.103 - Akademische Arbeitsgemeinschaft) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) WatchGuard Mobile VPN with SSL client 11.11.1 (HKLM-x32\...\Mobile VPN with SSL client_is1) (Version: - WatchGuard) Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2660694709-3229954312-2415296201-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Explo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-2660694709-3229954312-2415296201-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Explo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2BD74BE7-F8EE-4916-B285-254F5F709F5A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Explo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation) Task: {2F6D9F3C-4038-48C9-9A2C-35F46F1D1B71} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated) Task: {300B3F61-8B5F-492E-898A-129E92D2C7CE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-15] (Microsoft Corporation) Task: {31F129B7-7C79-47E5-9135-0C23A7A1A724} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-09-20] (Microsoft Corporation) Task: {5C98F5E7-4738-47CC-87F1-7D71EF6A234D} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2660694709-3229954312-2415296201-1001 => C:\Users\Explo\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-23] (Microsoft Corporation) Task: {6D7FC688-3265-4A89-AEA9-AE2E92748830} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-09-20] (Microsoft Corporation) Task: {8D157702-884B-4C19-A013-9BAE14350FAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-09-20] (Microsoft Corporation) Task: {A2B21CB4-CAD1-4F4E-9157-83E4B90F1E45} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-29] (Google Inc.) Task: {B20D4010-3E88-46C4-B687-AEC26B60CD5F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-15] (Microsoft Corporation) Task: {CA4CAC4E-203E-4C7D-96FE-D9D0B9E9C0A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd) Task: {E0882EFE-7121-41B2-9CD6-D4FBC84337DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-29] (Google Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-08-08 20:15 - 2016-05-20 14:34 - 00102912 _____ () C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe 2016-08-23 07:54 - 2016-08-23 07:54 - 01864384 _____ () C:\Users\Explo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2016-07-01 20:13 - 2016-09-08 05:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-07-01 20:13 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-07-01 20:13 - 2016-09-20 21:28 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll 2016-07-01 20:13 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-07-01 20:13 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-07-01 20:13 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-07-01 20:13 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-07-01 20:13 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-07-01 20:13 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-07-01 20:13 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-07-01 20:13 - 2016-09-20 21:28 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-07-01 20:13 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-07-01 20:13 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2016-07-01 20:13 - 2015-09-25 01:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2660694709-3229954312-2415296201-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img1.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{A4B97141-D89E-4EE8-ACE4-4559D1F34496}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BC8FE7C2-CDBA-4BDF-AFF1-7F9C9A482E8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E58F6AA9-6B7A-4F52-B0DD-A25E929177DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{FE096311-28E3-41CB-B8CA-CEDB64D26F78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7A5BE588-9842-4F52-B39C-A131BDE0DDCF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{8DFB4653-91F3-4A84-9ED0-70408D3BDE58}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{9DF438BD-0DAE-4485-B127-2C7F1CC6107B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{EFFFF3EB-C45B-452F-9E0C-592097F5E318}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{FE0FD2B4-79F2-4219-9769-0D3658F76862}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{37C2A57F-399A-4C0B-81E9-F01F4133B979}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{4C3CBECB-9E97-4EE5-9EE2-8AF541EADFB7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{0FFBFC7B-E945-4EDF-B1D2-F8C9D443F6A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{34545FA1-97B4-4F23-92D1-0650D03A1F5E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{8A1CB675-2E23-4689-9EFD-5E7E1BCCBD70}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{4ADAD218-54E7-44D5-A60C-5476B2A0FDE9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [TCP Query User{BC3C53C6-0FEB-40C1-B7E0-70C8802B85C5}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{DBD7A83E-48E8-4579-A56C-6B6DF8168525}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [TCP Query User{AB093F08-3A25-4FB9-8016-B61FFD245091}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{6EFDF932-E080-48C6-A8AB-BC29FF84C368}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{DA1ADFB6-1260-4E7C-A6E7-CD9E711910C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Indiana Jones and the Last Crusade\Indiana Jones and the Last Crusade.exe FirewallRules: [{B96A6D67-A99A-42B0-9166-363F798A0642}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Indiana Jones and the Last Crusade\Indiana Jones and the Last Crusade.exe FirewallRules: [{D8214FAA-B990-4B2F-B455-C1770A9C3BB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Indiana Jones and the Fate of Atlantis\Indiana Jones and the Fate of Atlantis.exe FirewallRules: [{FF4BC7F3-CD9E-4A5E-A65A-D9225CC41FC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Indiana Jones and the Fate of Atlantis\Indiana Jones and the Fate of Atlantis.exe FirewallRules: [{ED7027B8-DD01-4301-B866-34AF0B76F9FC}] => (Allow) C:\Users\Explo\AppData\Roaming\Nox\bin\Nox.exe FirewallRules: [{1D31FA23-4BCA-4880-863A-4004FCE8BED2}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe FirewallRules: [{935AC911-1F71-4956-B689-ABB9AAEFA709}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wiederherstellungspunkte ========================= 10-09-2016 12:58:58 Geplanter Prüfpunkt 17-09-2016 12:57:41 Windows Update 20-09-2016 22:02:50 Windows Update 20-09-2016 22:41:16 JRT Pre-Junkware Removal ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/24/2016 04:50:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "\\?\Volume{b023730f-cb4c-424b-b6ba-7ec01db674a3}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (09/24/2016 04:50:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "Wiederherstellung" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (09/20/2016 10:08:31 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (09/20/2016 10:07:41 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (09/18/2016 06:53:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 47.0.1.6018, Zeitstempel: 0x576c9637 Name des fehlerhaften Moduls: mozglue.dll, Version: 47.0.1.6018, Zeitstempel: 0x576c85ba Ausnahmecode: 0x80000003 Fehleroffset: 0x0000f02b ID des fehlerhaften Prozesses: 0x1348 Startzeit der fehlerhaften Anwendung: 0x01d210fa8694e9eb Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Berichtskennung: 6cc806df-7dc0-11e6-825a-b8763fef676c Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/18/2016 02:26:41 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "\\?\Volume{b023730f-cb4c-424b-b6ba-7ec01db674a3}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (09/18/2016 02:26:40 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "Wiederherstellung" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (09/17/2016 01:44:02 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "\\?\Volume{b023730f-cb4c-424b-b6ba-7ec01db674a3}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (09/17/2016 01:44:01 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "Wiederherstellung" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (09/12/2016 12:39:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 47.0.1.6018, Zeitstempel: 0x576c9637 Name des fehlerhaften Moduls: mozglue.dll, Version: 47.0.1.6018, Zeitstempel: 0x576c85ba Ausnahmecode: 0x80000003 Fehleroffset: 0x0000f02b ID des fehlerhaften Prozesses: 0x3484 Startzeit der fehlerhaften Anwendung: 0x01d20c7c9d1bbd8b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Berichtskennung: 94350968-7870-11e6-825a-b8763fef676c Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Systemfehler: ============= Error: (09/25/2016 04:34:52 AM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/25/2016 04:34:22 AM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/24/2016 06:28:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (09/24/2016 06:28:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (09/24/2016 04:51:19 PM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/24/2016 04:50:49 PM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/24/2016 01:22:57 PM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/23/2016 11:50:37 AM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/22/2016 10:00:33 PM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/22/2016 09:59:53 PM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. CodeIntegrity: =================================== Date: 2016-08-01 19:04:01.729 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-01 10:11:52.542 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Microsoft signing level requirements. Date: 2016-08-01 10:11:50.562 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2016-08-01 07:05:41.642 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-01 07:01:03.204 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-01 06:54:05.293 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-01 03:21:42.793 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-01 00:11:23.469 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-01 00:06:44.472 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2016-08-01 00:06:38.152 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz Prozentuale Nutzung des RAM: 41% Installierter physikalischer RAM: 8139.28 MB Verfügbarer physikalischer RAM: 4727.77 MB Summe virtueller Speicher: 12491.28 MB Verfügbarer virtueller Speicher: 7672.11 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:237.46 GB) (Free:145.83 GB) NTFS Drive d: (212038) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== Ende von Addition.txt ============================ |
25.09.2016, 17:59 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Fremder Amazonzugriff - Verstecktes auf dem PC ? Wohin ging denn die Bestellung und was wurde gekauft?
__________________Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
25.09.2016, 18:59 | #3 |
| Fremder Amazonzugriff - Verstecktes auf dem PC ? Es waren 3 Bestellungen. Alle an meine Adresse, alle aus dem gleichen Shop. 2 Davon direkt wieder storniert. Die 3. wurde dann ausgeblendet (dank Kontoauszug "schnell" bemerkt). Ein 25€ "Bunte Nachtlicht Hubschrauber"
____________________ Log: Code:
ATTFilter 19:57:44.0569 0x1cdc TDSS rootkit removing tool 3.1.0.11 Aug 5 2016 12:13:31 19:57:44.0569 0x1cdc UEFI system 19:58:00.0711 0x1cdc ============================================================ 19:58:00.0711 0x1cdc Current date / time: 2016/09/25 19:58:00.0711 19:58:00.0711 0x1cdc SystemInfo: 19:58:00.0711 0x1cdc 19:58:00.0711 0x1cdc OS Version: 6.3.9600 ServicePack: 0.0 19:58:00.0711 0x1cdc Product type: Workstation 19:58:00.0711 0x1cdc ComputerName: EXPLOOLPXE 19:58:00.0711 0x1cdc UserName: Explo 19:58:00.0711 0x1cdc Windows directory: C:\Windows 19:58:00.0711 0x1cdc System windows directory: C:\Windows 19:58:00.0711 0x1cdc Running under WOW64 19:58:00.0711 0x1cdc Processor architecture: Intel x64 19:58:00.0711 0x1cdc Number of processors: 8 19:58:00.0711 0x1cdc Page size: 0x1000 19:58:00.0711 0x1cdc Boot type: Normal boot 19:58:00.0711 0x1cdc CodeIntegrityOptions = 0x00000001 19:58:00.0711 0x1cdc ============================================================ 19:58:00.0994 0x1cdc KLMD registered as C:\Windows\system32\drivers\93298841.sys 19:58:00.0994 0x1cdc KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18438, osProperties = 0x19 19:58:01.0059 0x1cdc System UUID: {55A0F149-3CC7-75D8-E4C4-20B3F5523C94} 19:58:01.0289 0x1cdc Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:58:01.0292 0x1cdc ============================================================ 19:58:01.0292 0x1cdc \Device\Harddisk0\DR0: 19:58:01.0292 0x1cdc GPT partitions: 19:58:01.0293 0x1cdc \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E85EACAF-83B7-4626-889B-8B3750D9AAA6}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000 19:58:01.0293 0x1cdc \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {232B0101-B96B-4E5A-8953-E58D154F6C88}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000 19:58:01.0293 0x1cdc \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D3254D3B-8619-4FDC-9D36-E81423F2F608}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000 19:58:01.0293 0x1cdc \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {10ABF851-0DDB-4767-92EF-D65936EB56B7}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0x1DAEB800 19:58:01.0293 0x1cdc \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B023730F-CB4C-424B-B6BA-7EC01DB674A3}, Name: , StartLBA 0x1DBF4000, BlocksNum 0xFF000 19:58:01.0293 0x1cdc MBR partitions: 19:58:01.0293 0x1cdc ============================================================ 19:58:01.0294 0x1cdc C: <-> \Device\Harddisk0\DR0\Partition4 19:58:01.0294 0x1cdc ============================================================ 19:58:01.0294 0x1cdc Initialize success 19:58:01.0294 0x1cdc ============================================================ 19:58:29.0055 0x1274 ============================================================ 19:58:29.0055 0x1274 Scan started 19:58:29.0055 0x1274 Mode: Manual; SigCheck; TDLFS; 19:58:29.0055 0x1274 ============================================================ 19:58:29.0055 0x1274 KSN ping started 19:58:29.0155 0x1274 KSN ping finished: true 19:58:29.0557 0x1274 ================ Scan system memory ======================== 19:58:29.0557 0x1274 System memory - ok 19:58:29.0558 0x1274 ================ Scan services ============================= 19:58:29.0590 0x1274 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys 19:58:29.0631 0x1274 1394ohci - ok 19:58:29.0639 0x1274 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys 19:58:29.0649 0x1274 3ware - ok 19:58:29.0806 0x1274 [ 02F3BA98D25FD4764CBEFF365EC73113, B8641770BA1782E9A49A217BB142C3CC394CA17C3D2A27422690D336B06D3769 ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe 19:58:30.0011 0x1274 a2AntiMalware - ok 19:58:30.0034 0x1274 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:58:30.0056 0x1274 ACPI - ok 19:58:30.0061 0x1274 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys 19:58:30.0070 0x1274 acpiex - ok 19:58:30.0073 0x1274 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys 19:58:30.0083 0x1274 acpipagr - ok 19:58:30.0086 0x1274 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys 19:58:30.0097 0x1274 AcpiPmi - ok 19:58:30.0100 0x1274 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys 19:58:30.0109 0x1274 acpitime - ok 19:58:30.0115 0x1274 [ A0CAC4F3F998173A8DC1E67E7E0345EF, D0C2F504A5059691EDBBA917D0C6260450A554A365C12E7747E48EE1668C51A5 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:58:30.0124 0x1274 AdobeARMservice - ok 19:58:30.0146 0x1274 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS 19:58:30.0171 0x1274 ADP80XX - ok 19:58:30.0180 0x1274 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:58:30.0197 0x1274 AeLookupSvc - ok 19:58:30.0209 0x1274 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\Windows\system32\drivers\afd.sys 19:58:30.0232 0x1274 AFD - ok 19:58:30.0237 0x1274 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:58:30.0246 0x1274 agp440 - ok 19:58:30.0250 0x1274 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys 19:58:30.0261 0x1274 ahcache - ok 19:58:30.0266 0x1274 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe 19:58:30.0277 0x1274 ALG - ok 19:58:30.0285 0x1274 [ 6CF81DD5083D7F94A7E76E50429A949C, 19240502A6406924F889D1AFA975B975A300776D8B2D0557181DF13649622E2B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 19:58:30.0307 0x1274 AMD External Events Utility - ok 19:58:30.0313 0x1274 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys 19:58:30.0325 0x1274 AmdK8 - ok 19:58:30.0545 0x1274 [ 71F8D8B977ACC5973FA042BF906E709F, 8106C5F5C8E40344CCCDB912845786DF287BDF068D7A6EF9D26B00FA1754C1BC ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 19:58:30.0810 0x1274 amdkmdag - ok 19:58:30.0833 0x1274 [ 4AA027F91A8093B1CDF453B5394F6715, E6D15E959637C102A34F73F66BFDC38436575A2FEFFC3976ACF399A472F126A5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 19:58:30.0858 0x1274 amdkmdap - ok 19:58:30.0864 0x1274 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys 19:58:30.0877 0x1274 AmdPPM - ok 19:58:30.0881 0x1274 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:58:30.0890 0x1274 amdsata - ok 19:58:30.0898 0x1274 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 19:58:30.0912 0x1274 amdsbs - ok 19:58:30.0916 0x1274 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:58:30.0924 0x1274 amdxata - ok 19:58:30.0929 0x1274 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys 19:58:30.0941 0x1274 AppID - ok 19:58:30.0945 0x1274 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:58:30.0954 0x1274 AppIDSvc - ok 19:58:30.0959 0x1274 [ 734622FBA766DBD65B1803549B24A04A, 3B6872B87A60D4DA265D3B8AB0561A929CFE2C097419183E93D3843422363C89 ] Appinfo C:\Windows\System32\appinfo.dll 19:58:30.0972 0x1274 Appinfo - ok 19:58:30.0985 0x1274 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll 19:58:31.0008 0x1274 AppReadiness - ok 19:58:31.0034 0x1274 [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll 19:58:31.0070 0x1274 AppXSvc - ok 19:58:31.0076 0x1274 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys 19:58:31.0086 0x1274 arcsas - ok 19:58:31.0089 0x1274 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys 19:58:31.0097 0x1274 atapi - ok 19:58:31.0162 0x1274 [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr C:\Windows\system32\DRIVERS\athw8x.sys 19:58:31.0249 0x1274 athr - ok 19:58:31.0260 0x1274 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll 19:58:31.0275 0x1274 AudioEndpointBuilder - ok 19:58:31.0293 0x1274 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\Windows\System32\Audiosrv.dll 19:58:31.0321 0x1274 Audiosrv - ok 19:58:31.0326 0x1274 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:58:31.0337 0x1274 AxInstSV - ok 19:58:31.0349 0x1274 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 19:58:31.0369 0x1274 b06bdrv - ok 19:58:31.0374 0x1274 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys 19:58:31.0385 0x1274 BasicDisplay - ok 19:58:31.0389 0x1274 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys 19:58:31.0399 0x1274 BasicRender - ok 19:58:31.0404 0x1274 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys 19:58:31.0410 0x1274 bcmfn2 - ok 19:58:31.0419 0x1274 [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC C:\Windows\System32\bdesvc.dll 19:58:31.0437 0x1274 BDESVC - ok 19:58:31.0440 0x1274 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys 19:58:31.0450 0x1274 Beep - ok 19:58:31.0467 0x1274 [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE C:\Windows\System32\bfe.dll 19:58:31.0495 0x1274 BFE - ok 19:58:31.0514 0x1274 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll 19:58:31.0550 0x1274 BITS - ok 19:58:31.0556 0x1274 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:58:31.0567 0x1274 bowser - ok 19:58:31.0575 0x1274 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll 19:58:31.0590 0x1274 BrokerInfrastructure - ok 19:58:31.0595 0x1274 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll 19:58:31.0607 0x1274 Browser - ok 19:58:31.0620 0x1274 [ 25B35FDD5FE5666DC49CCC0BC6A9AD81, 0F6A9783EF72AF53F20B19E51FE40A17F72FB9CC037670ADB77970AF9CA7E376 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys 19:58:31.0642 0x1274 BtFilter - ok 19:58:31.0646 0x1274 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys 19:58:31.0655 0x1274 BthAvrcpTg - ok 19:58:31.0659 0x1274 [ 12418846B057E4F92FC621F5C6CF737D, 0B8B0EADE4F2AD95D450A5C71C287C0F04F33897ABF27D3E3B6428A3C99C7B5D ] BthEnum C:\Windows\System32\drivers\BthEnum.sys 19:58:31.0670 0x1274 BthEnum - ok 19:58:31.0674 0x1274 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys 19:58:31.0683 0x1274 BthHFEnum - ok 19:58:31.0687 0x1274 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys 19:58:31.0697 0x1274 bthhfhid - ok 19:58:31.0707 0x1274 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll 19:58:31.0725 0x1274 BthHFSrv - ok 19:58:31.0733 0x1274 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys 19:58:31.0748 0x1274 BthLEEnum - ok 19:58:31.0752 0x1274 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys 19:58:31.0762 0x1274 BTHMODEM - ok 19:58:31.0768 0x1274 [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan C:\Windows\System32\drivers\bthpan.sys 19:58:31.0780 0x1274 BthPan - ok 19:58:31.0809 0x1274 [ B810B2B39CCA90DC6BF42AF1658AE0D1, D184F927BCFBDE7063A0C9873BF2C174226E1AB5081A7108FCC66210CD117465 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 19:58:31.0845 0x1274 BTHPORT - ok 19:58:31.0850 0x1274 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll 19:58:31.0861 0x1274 bthserv - ok 19:58:31.0866 0x1274 [ 52A1B7ECAB4C9EF70FD41241691E09D3, F7A5BFE72D3151E73DD9922A76964C08AC1FDCB8460D9A17DCF8B7969006AD42 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 19:58:31.0876 0x1274 BTHUSB - ok 19:58:31.0880 0x1274 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:58:31.0893 0x1274 cdfs - ok 19:58:31.0900 0x1274 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys 19:58:31.0912 0x1274 cdrom - ok 19:58:31.0918 0x1274 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\Windows\System32\certprop.dll 19:58:31.0932 0x1274 CertPropSvc - ok 19:58:31.0936 0x1274 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys 19:58:31.0946 0x1274 circlass - ok 19:58:31.0955 0x1274 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\Windows\system32\drivers\CLFS.sys 19:58:31.0971 0x1274 CLFS - ok 19:58:32.0039 0x1274 [ 73B28D91BF0F1E9C9130BDADC43C82B2, D64B52FA6F1FF7805D1814A2031899054D91034DD549EE13891D36190E9B86BC ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 19:58:32.0106 0x1274 ClickToRunSvc - ok 19:58:32.0115 0x1274 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys 19:58:32.0124 0x1274 CmBatt - ok 19:58:32.0137 0x1274 [ 5CBF8B3E27D824D2AA2A34AFB406F1D0, 955AF1307C02D2B4DEEB150F37F77B8631C0F3C450037C233E9E27D6571B0265 ] CNG C:\Windows\system32\Drivers\cng.sys 19:58:32.0158 0x1274 CNG - ok 19:58:32.0163 0x1274 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys 19:58:32.0172 0x1274 CompositeBus - ok 19:58:32.0174 0x1274 COMSysApp - ok 19:58:32.0178 0x1274 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys 19:58:32.0189 0x1274 condrv - ok 19:58:32.0195 0x1274 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:58:32.0209 0x1274 CryptSvc - ok 19:58:32.0213 0x1274 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\Windows\system32\drivers\dam.sys 19:58:32.0222 0x1274 dam - ok 19:58:32.0240 0x1274 [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:58:32.0268 0x1274 DcomLaunch - ok 19:58:32.0280 0x1274 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll 19:58:32.0300 0x1274 defragsvc - ok 19:58:32.0311 0x1274 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll 19:58:32.0331 0x1274 DeviceAssociationService - ok 19:58:32.0336 0x1274 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll 19:58:32.0349 0x1274 DeviceInstall - ok 19:58:32.0354 0x1274 [ 5408A71E47FF21E357192FD4126B3002, D9EDDE26EFB7B3EBD8F21F5730A49D594D916A95E0D09ABBA7B6E7C59052A712 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys 19:58:32.0368 0x1274 Dfsc - ok 19:58:32.0378 0x1274 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll 19:58:32.0395 0x1274 Dhcp - ok 19:58:32.0428 0x1274 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\Windows\system32\diagtrack.dll 19:58:32.0470 0x1274 DiagTrack - ok 19:58:32.0476 0x1274 [ 8B1E62881D5AC68E673CD94B136B34AC, A0C50F17041E43AC07B67A74F2C408820316201439F47CDEA37A4F5891CC0E6F ] disk C:\Windows\system32\drivers\disk.sys 19:58:32.0487 0x1274 disk - ok 19:58:32.0490 0x1274 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys 19:58:32.0501 0x1274 dmvsc - ok 19:58:32.0508 0x1274 [ 561CBB163EB3C8221D9B1D7D1E5CA477, 4D235E73CC127769A257B31A92180552276EC8DDD991F1106815FADEF385E72D ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:58:32.0524 0x1274 Dnscache - ok 19:58:32.0531 0x1274 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll 19:58:32.0547 0x1274 dot3svc - ok 19:58:32.0553 0x1274 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\Windows\system32\dps.dll 19:58:32.0567 0x1274 DPS - ok 19:58:32.0570 0x1274 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:58:32.0577 0x1274 drmkaud - ok 19:58:32.0584 0x1274 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll 19:58:32.0597 0x1274 DsmSvc - ok 19:58:32.0625 0x1274 [ F74B839FA0F4E6060CA1DA6B8DA17941, EF493E1F55FCD6A8C32B3D5D5809B7EFCCC9829E9A347522D1E6FE080D41BF37 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:58:32.0668 0x1274 DXGKrnl - ok 19:58:32.0675 0x1274 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll 19:58:32.0687 0x1274 Eaphost - ok 19:58:32.0745 0x1274 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys 19:58:32.0828 0x1274 ebdrv - ok 19:58:32.0835 0x1274 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe 19:58:32.0844 0x1274 EFS - ok 19:58:32.0849 0x1274 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys 19:58:32.0857 0x1274 EhStorClass - ok 19:58:32.0863 0x1274 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys 19:58:32.0873 0x1274 EhStorTcgDrv - ok 19:58:32.0877 0x1274 [ F25A2EBFEB9814C048DAC62D0CB8C83B, 5DBF0A98F72DF44B4BD5101C884CE0A6FE9BC00F8CD83765CED885CBC5296D44 ] epp C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys 19:58:32.0886 0x1274 epp - ok 19:58:32.0890 0x1274 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys 19:58:32.0898 0x1274 ErrDev - ok 19:58:32.0903 0x1274 [ 32710ECBE3C17C6F769BAC88CD1756FF, BB9B269F0322FFBFAC459EC15BA9410A5FF5CDCBD38F67F8482720ACB1799C2B ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys 19:58:32.0912 0x1274 ESProtectionDriver - ok 19:58:32.0926 0x1274 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll 19:58:32.0947 0x1274 EventSystem - ok 19:58:32.0953 0x1274 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys 19:58:32.0973 0x1274 exfat - ok 19:58:32.0980 0x1274 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:58:32.0992 0x1274 fastfat - ok 19:58:33.0006 0x1274 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe 19:58:33.0029 0x1274 Fax - ok 19:58:33.0033 0x1274 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys 19:58:33.0042 0x1274 fdc - ok 19:58:33.0045 0x1274 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll 19:58:33.0055 0x1274 fdPHost - ok 19:58:33.0059 0x1274 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll 19:58:33.0069 0x1274 FDResPub - ok 19:58:33.0074 0x1274 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll 19:58:33.0086 0x1274 fhsvc - ok 19:58:33.0090 0x1274 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:58:33.0099 0x1274 FileInfo - ok 19:58:33.0102 0x1274 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:58:33.0116 0x1274 Filetrace - ok 19:58:33.0120 0x1274 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys 19:58:33.0129 0x1274 flpydisk - ok 19:58:33.0138 0x1274 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:58:33.0153 0x1274 FltMgr - ok 19:58:33.0179 0x1274 [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache C:\Windows\system32\FntCache.dll 19:58:33.0216 0x1274 FontCache - ok 19:58:33.0221 0x1274 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:58:33.0229 0x1274 FsDepends - ok 19:58:33.0232 0x1274 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:58:33.0240 0x1274 Fs_Rec - ok 19:58:33.0252 0x1274 [ D4AB6EE3D715BC44C00277FD934FAACF, DE8A8B14D7BA73BA1B5A833DE193CA65EDFE512A57D84F4F2CE19D9646D97F4E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:58:33.0273 0x1274 fvevol - ok 19:58:33.0277 0x1274 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys 19:58:33.0286 0x1274 FxPPM - ok 19:58:33.0290 0x1274 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 19:58:33.0299 0x1274 gagp30kx - ok 19:58:33.0302 0x1274 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys 19:58:33.0312 0x1274 gencounter - ok 19:58:33.0318 0x1274 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys 19:58:33.0329 0x1274 GPIOClx0101 - ok 19:58:33.0354 0x1274 [ 9678FD4747A4F2E2318245EE6099482E, C76AE30E8BA77DC330F9CFE5ECEA58FAE0995396742923B564A2257DE24D7B32 ] gpsvc C:\Windows\System32\gpsvc.dll 19:58:33.0393 0x1274 gpsvc - ok 19:58:33.0400 0x1274 [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:58:33.0409 0x1274 gupdate - ok 19:58:33.0414 0x1274 [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:58:33.0422 0x1274 gupdatem - ok 19:58:33.0434 0x1274 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:58:33.0452 0x1274 HdAudAddService - ok 19:58:33.0457 0x1274 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys 19:58:33.0469 0x1274 HDAudBus - ok 19:58:33.0472 0x1274 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys 19:58:33.0481 0x1274 HidBatt - ok 19:58:33.0487 0x1274 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys 19:58:33.0499 0x1274 HidBth - ok 19:58:33.0503 0x1274 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys 19:58:33.0513 0x1274 hidi2c - ok 19:58:33.0516 0x1274 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys 19:58:33.0526 0x1274 HidIr - ok 19:58:33.0530 0x1274 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll 19:58:33.0540 0x1274 hidserv - ok 19:58:33.0544 0x1274 [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb C:\Windows\System32\drivers\hidusb.sys 19:58:33.0555 0x1274 HidUsb - ok 19:58:33.0559 0x1274 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll 19:58:33.0571 0x1274 hkmsvc - ok 19:58:33.0579 0x1274 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:58:33.0594 0x1274 HomeGroupListener - ok 19:58:33.0605 0x1274 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:58:33.0622 0x1274 HomeGroupProvider - ok 19:58:33.0626 0x1274 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:58:33.0635 0x1274 HpSAMD - ok 19:58:33.0654 0x1274 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:58:33.0685 0x1274 HTTP - ok 19:58:33.0689 0x1274 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:58:33.0697 0x1274 hwpolicy - ok 19:58:33.0699 0x1274 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys 19:58:33.0708 0x1274 hyperkbd - ok 19:58:33.0711 0x1274 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys 19:58:33.0721 0x1274 HyperVideo - ok 19:58:33.0726 0x1274 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\Windows\System32\drivers\i8042prt.sys 19:58:33.0739 0x1274 i8042prt - ok 19:58:33.0742 0x1274 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 19:58:33.0748 0x1274 iaLPSSi_GPIO - ok 19:58:33.0753 0x1274 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys 19:58:33.0760 0x1274 iaLPSSi_I2C - ok 19:58:33.0774 0x1274 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys 19:58:33.0792 0x1274 iaStorAV - ok 19:58:33.0803 0x1274 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:58:33.0820 0x1274 iaStorV - ok 19:58:33.0823 0x1274 IEEtwCollectorService - ok 19:58:33.0844 0x1274 [ 5697FD05EC6915A1E7193D658D8D6E05, 0179C3AF29880AA21F609CB471034EA5FA49324ACCE12736866675C037EBEC7A ] IKEEXT C:\Windows\System32\ikeext.dll 19:58:33.0874 0x1274 IKEEXT - ok 19:58:33.0879 0x1274 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys 19:58:33.0886 0x1274 intelide - ok 19:58:33.0890 0x1274 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\Windows\system32\drivers\intelpep.sys 19:58:33.0898 0x1274 intelpep - ok 19:58:33.0904 0x1274 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys 19:58:33.0915 0x1274 intelppm - ok 19:58:33.0920 0x1274 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:58:33.0935 0x1274 IpFilterDriver - ok 19:58:33.0954 0x1274 [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:58:33.0983 0x1274 iphlpsvc - ok 19:58:33.0988 0x1274 [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys 19:58:33.0998 0x1274 IPMIDRV - ok 19:58:34.0003 0x1274 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:58:34.0015 0x1274 IPNAT - ok 19:58:34.0018 0x1274 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:58:34.0028 0x1274 IRENUM - ok 19:58:34.0032 0x1274 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:58:34.0039 0x1274 isapnp - ok 19:58:34.0049 0x1274 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys 19:58:34.0064 0x1274 iScsiPrt - ok 19:58:34.0067 0x1274 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\Windows\System32\drivers\kbdclass.sys 19:58:34.0076 0x1274 kbdclass - ok 19:58:34.0079 0x1274 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys 19:58:34.0088 0x1274 kbdhid - ok 19:58:34.0092 0x1274 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys 19:58:34.0101 0x1274 kdnic - ok 19:58:34.0105 0x1274 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe 19:58:34.0114 0x1274 KeyIso - ok 19:58:34.0119 0x1274 [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:58:34.0128 0x1274 KSecDD - ok 19:58:34.0135 0x1274 [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:58:34.0146 0x1274 KSecPkg - ok 19:58:34.0149 0x1274 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:58:34.0159 0x1274 ksthunk - ok 19:58:34.0168 0x1274 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll 19:58:34.0184 0x1274 KtmRm - ok 19:58:34.0193 0x1274 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll 19:58:34.0209 0x1274 LanmanServer - ok 19:58:34.0217 0x1274 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:58:34.0233 0x1274 LanmanWorkstation - ok 19:58:34.0246 0x1274 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll 19:58:34.0266 0x1274 lfsvc - ok 19:58:34.0270 0x1274 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:58:34.0281 0x1274 lltdio - ok 19:58:34.0289 0x1274 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:58:34.0304 0x1274 lltdsvc - ok 19:58:34.0308 0x1274 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:58:34.0319 0x1274 lmhosts - ok 19:58:34.0326 0x1274 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 19:58:34.0335 0x1274 LSI_SAS - ok 19:58:34.0339 0x1274 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 19:58:34.0348 0x1274 LSI_SAS2 - ok 19:58:34.0352 0x1274 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys 19:58:34.0361 0x1274 LSI_SAS3 - ok 19:58:34.0365 0x1274 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys 19:58:34.0374 0x1274 LSI_SSS - ok 19:58:34.0390 0x1274 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\Windows\System32\lsm.dll 19:58:34.0415 0x1274 LSM - ok 19:58:34.0420 0x1274 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys 19:58:34.0432 0x1274 luafv - ok 19:58:34.0448 0x1274 [ DE111E937CB01E149FD749F67CDA7DD9, 1434FD87072FE4032D40E2B59DA301B0B35A301DAD4A6E7FE53BE8044BD2B465 ] MbaeSvc C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe 19:58:34.0469 0x1274 MbaeSvc - ok 19:58:34.0474 0x1274 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys 19:58:34.0483 0x1274 megasas - ok 19:58:34.0495 0x1274 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys 19:58:34.0516 0x1274 megasr - ok 19:58:34.0521 0x1274 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys 19:58:34.0528 0x1274 MEIx64 - ok 19:58:34.0533 0x1274 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll 19:58:34.0545 0x1274 MMCSS - ok 19:58:34.0548 0x1274 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys 19:58:34.0559 0x1274 Modem - ok 19:58:34.0563 0x1274 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys 19:58:34.0572 0x1274 monitor - ok 19:58:34.0575 0x1274 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\Windows\System32\drivers\mouclass.sys 19:58:34.0584 0x1274 mouclass - ok 19:58:34.0587 0x1274 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\Windows\System32\drivers\mouhid.sys 19:58:34.0596 0x1274 mouhid - ok 19:58:34.0600 0x1274 [ 24DABC0A77FAFDC0E379AB3B30F61BB6, E66624ABBF1D742879035F9161F9D3713DE7B759B3D3CF8B96C9E397A02FCF82 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:58:34.0609 0x1274 mountmgr - ok 19:58:34.0615 0x1274 [ 69E23C730974BAC8C11DF2B7C4C9D37B, 8DC4448EC9C9647381952D7822B39C89E0997B4B964A785AE274144FADEE3C02 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:58:34.0624 0x1274 MozillaMaintenance - ok 19:58:34.0629 0x1274 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:58:34.0640 0x1274 mpsdrv - ok 19:58:34.0657 0x1274 [ D1418745A5472F3930A288E05B9E2C05, 95785F0FA7EE239459C0288DB37E9E54648029FD6FE45A61E6343526D67FFA32 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:58:34.0684 0x1274 MpsSvc - ok 19:58:34.0691 0x1274 [ D2AC8F07995CE6CD18848C129435B481, 839B04116B49A757950E049150F6AADE41335914CC699ED73BE886BECAC39D36 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:58:34.0703 0x1274 MRxDAV - ok 19:58:34.0714 0x1274 [ 3AF30CEB99E581E2FADA0B5FC4B551D8, 59BDE83C10D6F31E13B81FC317F1DE0E00793FBA288EAF844E29CFA0EB184502 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:58:34.0733 0x1274 mrxsmb - ok 19:58:34.0741 0x1274 [ 15D7AF1A26CCEBA32DF21A8E2098F463, 84390806AD3A9651DAB803E9257EEE851B898ED2AB56D8936E8C9F6B41967243 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:58:34.0755 0x1274 mrxsmb10 - ok 19:58:34.0762 0x1274 [ 0790EEB1EC199F8BE8259E47B373ED23, F9330F43B40675CCB60804182EF04BFBA3837ED14C798788A4B27D65A646D1C7 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:58:34.0774 0x1274 mrxsmb20 - ok 19:58:34.0778 0x1274 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys 19:58:34.0789 0x1274 MsBridge - ok 19:58:34.0794 0x1274 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe 19:58:34.0806 0x1274 MSDTC - ok 19:58:34.0812 0x1274 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:58:34.0821 0x1274 Msfs - ok 19:58:34.0826 0x1274 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys 19:58:34.0834 0x1274 msgpiowin32 - ok 19:58:34.0837 0x1274 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:58:34.0846 0x1274 mshidkmdf - ok 19:58:34.0849 0x1274 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys 19:58:34.0858 0x1274 mshidumdf - ok 19:58:34.0862 0x1274 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:58:34.0869 0x1274 msisadrv - ok 19:58:34.0875 0x1274 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:58:34.0887 0x1274 MSiSCSI - ok 19:58:34.0890 0x1274 msiserver - ok 19:58:34.0893 0x1274 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:58:34.0902 0x1274 MSKSSRV - ok 19:58:34.0906 0x1274 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys 19:58:34.0917 0x1274 MsLldp - ok 19:58:34.0920 0x1274 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:58:34.0930 0x1274 MSPCLOCK - ok 19:58:34.0933 0x1274 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:58:34.0942 0x1274 MSPQM - ok 19:58:34.0951 0x1274 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:58:34.0967 0x1274 MsRPC - ok 19:58:34.0972 0x1274 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys 19:58:34.0980 0x1274 mssmbios - ok 19:58:34.0984 0x1274 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:58:34.0992 0x1274 MSTEE - ok 19:58:34.0995 0x1274 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys 19:58:35.0004 0x1274 MTConfig - ok 19:58:35.0009 0x1274 [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup C:\Windows\system32\Drivers\mup.sys 19:58:35.0019 0x1274 Mup - ok 19:58:35.0023 0x1274 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys 19:58:35.0032 0x1274 mvumis - ok 19:58:35.0043 0x1274 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll 19:58:35.0061 0x1274 napagent - ok 19:58:35.0071 0x1274 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:58:35.0090 0x1274 NativeWifiP - ok 19:58:35.0096 0x1274 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll 19:58:35.0109 0x1274 NcaSvc - ok 19:58:35.0115 0x1274 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll 19:58:35.0129 0x1274 NcbService - ok 19:58:35.0133 0x1274 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll 19:58:35.0145 0x1274 NcdAutoSetup - ok 19:58:35.0167 0x1274 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:58:35.0200 0x1274 NDIS - ok 19:58:35.0204 0x1274 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:58:35.0213 0x1274 NdisCap - ok 19:58:35.0218 0x1274 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys 19:58:35.0229 0x1274 NdisImPlatform - ok 19:58:35.0232 0x1274 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:58:35.0242 0x1274 NdisTapi - ok 19:58:35.0247 0x1274 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:58:35.0257 0x1274 Ndisuio - ok 19:58:35.0260 0x1274 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys 19:58:35.0270 0x1274 NdisVirtualBus - ok 19:58:35.0277 0x1274 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:58:35.0290 0x1274 NdisWan - ok 19:58:35.0296 0x1274 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys 19:58:35.0308 0x1274 NdisWanLegacy - ok 19:58:35.0312 0x1274 [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:58:35.0323 0x1274 NDProxy - ok 19:58:35.0327 0x1274 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys 19:58:35.0339 0x1274 Ndu - ok 19:58:35.0343 0x1274 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:58:35.0352 0x1274 NetBIOS - ok 19:58:35.0360 0x1274 [ 9DC17B7D9D84C37C102D379FCC7D4942, D522022ED4395686837E96F57EE29F8065FB749D1195B60D2A406FB33F696C09 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:58:35.0375 0x1274 NetBT - ok 19:58:35.0379 0x1274 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe 19:58:35.0387 0x1274 Netlogon - ok 19:58:35.0395 0x1274 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll 19:58:35.0409 0x1274 Netman - ok 19:58:35.0421 0x1274 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll 19:58:35.0441 0x1274 netprofm - ok 19:58:35.0449 0x1274 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:58:35.0460 0x1274 NetTcpPortSharing - ok 19:58:35.0465 0x1274 [ 3C9C11DFF7C8C4384D22972ED75398D6, 79D1C630A441385E2A03A7BF1D9B3F85C8BC5BFA9CED96F85180059D18B3B5EC ] netvsc C:\Windows\System32\drivers\netvsc63.sys 19:58:35.0475 0x1274 netvsc - ok 19:58:35.0485 0x1274 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll 19:58:35.0502 0x1274 NlaSvc - ok 19:58:35.0506 0x1274 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:58:35.0517 0x1274 Npfs - ok 19:58:35.0520 0x1274 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys 19:58:35.0530 0x1274 npsvctrig - ok 19:58:35.0533 0x1274 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll 19:58:35.0545 0x1274 nsi - ok 19:58:35.0548 0x1274 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:58:35.0558 0x1274 nsiproxy - ok 19:58:35.0595 0x1274 [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:58:35.0647 0x1274 Ntfs - ok 19:58:35.0652 0x1274 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys 19:58:35.0661 0x1274 Null - ok 19:58:35.0667 0x1274 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:58:35.0678 0x1274 nvraid - ok 19:58:35.0684 0x1274 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:58:35.0694 0x1274 nvstor - ok 19:58:35.0699 0x1274 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:58:35.0710 0x1274 nv_agp - ok 19:58:35.0717 0x1274 [ FD63D247B8AE1ADB2EE075C3608372F5, D28EB60C77DD9976C1912789E5E08376B1043DBDCFBF25BD71A8C92EACA8C76F ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:58:35.0728 0x1274 ose - ok 19:58:35.0738 0x1274 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:58:35.0756 0x1274 p2pimsvc - ok 19:58:35.0767 0x1274 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll 19:58:35.0785 0x1274 p2psvc - ok 19:58:35.0791 0x1274 [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport C:\Windows\System32\drivers\parport.sys 19:58:35.0803 0x1274 Parport - ok 19:58:35.0807 0x1274 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:58:35.0816 0x1274 partmgr - ok 19:58:35.0827 0x1274 [ 0A2DF1055FEEA30DFF73DAC0DA45FDE4, 497B2AE591ABBCFA8FC571D9C1D750006212F2D2DDF12F5A9E7FFA811CD707A3 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:58:35.0847 0x1274 PcaSvc - ok 19:58:35.0856 0x1274 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys 19:58:35.0870 0x1274 pci - ok 19:58:35.0874 0x1274 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys 19:58:35.0881 0x1274 pciide - ok 19:58:35.0886 0x1274 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 19:58:35.0897 0x1274 pcmcia - ok 19:58:35.0900 0x1274 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys 19:58:35.0908 0x1274 pcw - ok 19:58:35.0912 0x1274 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\Windows\system32\drivers\pdc.sys 19:58:35.0923 0x1274 pdc - ok 19:58:35.0937 0x1274 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:58:35.0959 0x1274 PEAUTH - ok 19:58:35.0978 0x1274 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:58:35.0991 0x1274 PerfHost - ok 19:58:36.0023 0x1274 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\Windows\system32\pla.dll 19:58:36.0063 0x1274 pla - ok 19:58:36.0069 0x1274 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:58:36.0079 0x1274 PlugPlay - ok 19:58:36.0083 0x1274 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:58:36.0092 0x1274 PNRPAutoReg - ok 19:58:36.0101 0x1274 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:58:36.0116 0x1274 PNRPsvc - ok 19:58:36.0127 0x1274 [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:58:36.0144 0x1274 PolicyAgent - ok 19:58:36.0150 0x1274 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\Windows\system32\umpo.dll 19:58:36.0161 0x1274 Power - ok 19:58:36.0217 0x1274 [ F6EA63145C20A23732AD2CA1EBA65FA1, 0DD1164D37C1500258E9CCCE458778A3DA196D9A65919B2672E3C88383068F52 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll 19:58:36.0286 0x1274 PrintNotify - ok 19:58:36.0294 0x1274 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys 19:58:36.0305 0x1274 Processor - ok 19:58:36.0312 0x1274 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\Windows\system32\profsvc.dll 19:58:36.0327 0x1274 ProfSvc - ok 19:58:36.0333 0x1274 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:58:36.0344 0x1274 Psched - ok 19:58:36.0353 0x1274 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll 19:58:36.0368 0x1274 QWAVE - ok 19:58:36.0372 0x1274 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:58:36.0381 0x1274 QWAVEdrv - ok 19:58:36.0384 0x1274 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:58:36.0394 0x1274 RasAcd - ok 19:58:36.0399 0x1274 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll 19:58:36.0410 0x1274 RasAuto - ok 19:58:36.0423 0x1274 [ 15C0034561FE5B03FA376F1A6232478B, 0F9B5C2BD7D8803FF3C5ED957D3F0859F2A59B74510E4659FBF05EDCBF230208 ] RasMan C:\Windows\System32\rasmans.dll 19:58:36.0443 0x1274 RasMan - ok 19:58:36.0448 0x1274 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:58:36.0460 0x1274 RasPppoe - ok 19:58:36.0470 0x1274 [ D67ED4AB59D1EF66B05AD1A81AC28B26, 72E750A9A6B484D8BEDE52FA6DABEF4D95765DE491152E1F6C856D0590B50C28 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:58:36.0486 0x1274 rdbss - ok 19:58:36.0491 0x1274 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys 19:58:36.0500 0x1274 rdpbus - ok 19:58:36.0506 0x1274 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 19:58:36.0521 0x1274 RDPDR - ok 19:58:36.0527 0x1274 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 19:58:36.0534 0x1274 RdpVideoMiniport - ok 19:58:36.0541 0x1274 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:58:36.0553 0x1274 rdyboost - ok 19:58:36.0572 0x1274 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\Windows\system32\drivers\ReFS.sys 19:58:36.0601 0x1274 ReFS - ok 19:58:36.0609 0x1274 [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:58:36.0623 0x1274 RemoteAccess - ok 19:58:36.0629 0x1274 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:58:36.0642 0x1274 RemoteRegistry - ok 19:58:36.0649 0x1274 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys 19:58:36.0661 0x1274 RFCOMM - ok 19:58:36.0666 0x1274 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:58:36.0677 0x1274 RpcEptMapper - ok 19:58:36.0680 0x1274 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe 19:58:36.0690 0x1274 RpcLocator - ok 19:58:36.0706 0x1274 [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] RpcSs C:\Windows\system32\rpcss.dll 19:58:36.0731 0x1274 RpcSs - ok 19:58:36.0740 0x1274 [ E909662BF3CED6B79F2239DDA75BC6A4, 16A308AFFC605BEEAC968D6155928AA2FF5FD335B8F59F28C6AF40A4F0344E7F ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys 19:58:36.0752 0x1274 RSPCIESTOR - ok 19:58:36.0757 0x1274 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:58:36.0769 0x1274 rspndr - ok 19:58:36.0782 0x1274 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys 19:58:36.0802 0x1274 RTL8168 - ok 19:58:36.0805 0x1274 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys 19:58:36.0813 0x1274 s3cap - ok 19:58:36.0816 0x1274 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe 19:58:36.0825 0x1274 SamSs - ok 19:58:36.0830 0x1274 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:58:36.0841 0x1274 sbp2port - ok 19:58:36.0847 0x1274 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:58:36.0861 0x1274 SCardSvr - ok 19:58:36.0866 0x1274 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll 19:58:36.0879 0x1274 ScDeviceEnum - ok 19:58:36.0883 0x1274 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:58:36.0893 0x1274 scfilter - ok 19:58:36.0917 0x1274 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\Windows\system32\schedsvc.dll 19:58:36.0952 0x1274 Schedule - ok 19:58:36.0959 0x1274 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\Windows\System32\certprop.dll 19:58:36.0970 0x1274 SCPolicySvc - ok 19:58:36.0979 0x1274 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\Windows\System32\drivers\sdbus.sys 19:58:36.0993 0x1274 sdbus - ok 19:58:36.0998 0x1274 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys 19:58:37.0008 0x1274 sdstor - ok 19:58:37.0012 0x1274 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:58:37.0021 0x1274 secdrv - ok 19:58:37.0025 0x1274 [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\Windows\system32\seclogon.dll 19:58:37.0036 0x1274 seclogon - ok 19:58:37.0040 0x1274 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll 19:58:37.0052 0x1274 SENS - ok 19:58:37.0059 0x1274 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:58:37.0073 0x1274 SensrSvc - ok 19:58:37.0077 0x1274 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys 19:58:37.0086 0x1274 SerCx - ok 19:58:37.0091 0x1274 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys 19:58:37.0101 0x1274 SerCx2 - ok 19:58:37.0106 0x1274 [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum C:\Windows\System32\drivers\serenum.sys 19:58:37.0115 0x1274 Serenum - ok 19:58:37.0120 0x1274 [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial C:\Windows\System32\drivers\serial.sys 19:58:37.0130 0x1274 Serial - ok 19:58:37.0134 0x1274 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\Windows\System32\drivers\sermouse.sys 19:58:37.0143 0x1274 sermouse - ok 19:58:37.0151 0x1274 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\Windows\system32\sessenv.dll 19:58:37.0168 0x1274 SessionEnv - ok 19:58:37.0172 0x1274 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys 19:58:37.0181 0x1274 sfloppy - ok 19:58:37.0192 0x1274 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:58:37.0209 0x1274 SharedAccess - ok 19:58:37.0223 0x1274 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:58:37.0247 0x1274 ShellHWDetection - ok 19:58:37.0251 0x1274 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 19:58:37.0259 0x1274 SiSRaid2 - ok 19:58:37.0264 0x1274 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 19:58:37.0272 0x1274 SiSRaid4 - ok 19:58:37.0280 0x1274 [ 6749AD471D1D44CBD1F30257C861F77B, D5A554F35E380948F13BFE0673B49F8FD8AE5A438BF3645857522E2560A58685 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 19:58:37.0294 0x1274 SkypeUpdate - ok 19:58:37.0297 0x1274 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll 19:58:37.0308 0x1274 smphost - ok 19:58:37.0313 0x1274 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:58:37.0324 0x1274 SNMPTRAP - ok 19:58:37.0338 0x1274 [ B312191DCBECE3C07DF9A99DE433B126, D9D9028331C703CE9B9EC75772D29BB04FE43B3A7895F8CBB3AC701CA0548F8D ] spaceport C:\Windows\system32\drivers\spaceport.sys 19:58:37.0357 0x1274 spaceport - ok 19:58:37.0361 0x1274 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys 19:58:37.0370 0x1274 SpbCx - ok 19:58:37.0387 0x1274 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\Windows\System32\spoolsv.exe 19:58:37.0413 0x1274 Spooler - ok 19:58:37.0526 0x1274 [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc C:\Windows\system32\sppsvc.exe 19:58:37.0703 0x1274 sppsvc - ok 19:58:37.0720 0x1274 [ 36B082C7A764A34FB1DC72D975870B61, 572CB632D9FDC1183F7BF8BFCBC51765C647945E0C13D1C91ADE3D0E76DF83BC ] srv C:\Windows\system32\DRIVERS\srv.sys 19:58:37.0738 0x1274 srv - ok 19:58:37.0752 0x1274 [ F5849909D4B29B4E3D4445F943E5C7E3, 3FCA1423753716FE1AFDD27EE1E13C4D779A3C976185B5C998EF1A9A39BFC186 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:58:37.0775 0x1274 srv2 - ok 19:58:37.0783 0x1274 [ FABC49666708EA562549E78E6FBF3191, BE1FEBFC259308B39C727915C41A67CD50720A6E2A68D148F4F2F926AED43B02 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:58:37.0797 0x1274 srvnet - ok 19:58:37.0804 0x1274 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:58:37.0819 0x1274 SSDPSRV - ok 19:58:37.0825 0x1274 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:58:37.0839 0x1274 SstpSvc - ok 19:58:37.0866 0x1274 [ 04F9B53224689BB3638CC2D3DA721E5C, D073C8D5CEFD59CC3D4834A6B92EA8FE113A73C400C27BB6B3D215522FAE17C3 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 19:58:37.0900 0x1274 Steam Client Service - ok 19:58:37.0904 0x1274 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys 19:58:37.0913 0x1274 stexstor - ok 19:58:37.0927 0x1274 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll 19:58:37.0951 0x1274 stisvc - ok 19:58:37.0956 0x1274 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys 19:58:37.0966 0x1274 storahci - ok 19:58:37.0969 0x1274 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 19:58:37.0978 0x1274 storflt - ok 19:58:37.0982 0x1274 [ 0EDD1F4D470C775740625B06A60C9DD5, 94964D0A793B1C984E87095249EE383A5E669D05BA6BF9F655587887E6CE3C19 ] stornvme C:\Windows\system32\drivers\stornvme.sys 19:58:37.0990 0x1274 stornvme - ok 19:58:37.0993 0x1274 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll 19:58:38.0004 0x1274 StorSvc - ok 19:58:38.0007 0x1274 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys 19:58:38.0016 0x1274 storvsc - ok 19:58:38.0019 0x1274 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll 19:58:38.0029 0x1274 svsvc - ok 19:58:38.0032 0x1274 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys 19:58:38.0039 0x1274 swenum - ok 19:58:38.0054 0x1274 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll 19:58:38.0078 0x1274 swprv - ok 19:58:38.0103 0x1274 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\Windows\system32\sysmain.dll 19:58:38.0138 0x1274 SysMain - ok 19:58:38.0147 0x1274 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll 19:58:38.0162 0x1274 SystemEventsBroker - ok 19:58:38.0168 0x1274 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:58:38.0181 0x1274 TabletInputService - ok 19:58:38.0185 0x1274 [ BD2F92D26B4B6F8D43B9AD997B1A7E4F, C1553BB9908761EA946611D867466EA4E47ECDA3D09587C8026C88B7E8CCC779 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 19:58:38.0192 0x1274 tap0901 - ok 19:58:38.0201 0x1274 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll 19:58:38.0217 0x1274 TapiSrv - ok 19:58:38.0262 0x1274 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:58:38.0326 0x1274 Tcpip - ok 19:58:38.0374 0x1274 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:58:38.0433 0x1274 TCPIP6 - ok 19:58:38.0440 0x1274 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:58:38.0450 0x1274 tcpipreg - ok 19:58:38.0456 0x1274 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:58:38.0466 0x1274 tdx - ok 19:58:38.0470 0x1274 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys 19:58:38.0478 0x1274 terminpt - ok 19:58:38.0500 0x1274 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll 19:58:38.0532 0x1274 TermService - ok 19:58:38.0537 0x1274 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll 19:58:38.0547 0x1274 Themes - ok 19:58:38.0551 0x1274 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll 19:58:38.0560 0x1274 THREADORDER - ok 19:58:38.0568 0x1274 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll 19:58:38.0583 0x1274 TimeBroker - ok 19:58:38.0590 0x1274 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\Windows\system32\drivers\tpm.sys 19:58:38.0601 0x1274 TPM - ok 19:58:38.0606 0x1274 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll 19:58:38.0618 0x1274 TrkWks - ok 19:58:38.0623 0x1274 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:58:38.0634 0x1274 TrustedInstaller - ok 19:58:38.0639 0x1274 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:58:38.0650 0x1274 TsUsbFlt - ok 19:58:38.0653 0x1274 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys 19:58:38.0663 0x1274 TsUsbGD - ok 19:58:38.0669 0x1274 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:58:38.0681 0x1274 tunnel - ok 19:58:38.0685 0x1274 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 19:58:38.0693 0x1274 uagp35 - ok 19:58:38.0698 0x1274 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys 19:58:38.0708 0x1274 UASPStor - ok 19:58:38.0716 0x1274 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys 19:58:38.0734 0x1274 UCX01000 - ok 19:58:38.0745 0x1274 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:58:38.0760 0x1274 udfs - ok 19:58:38.0764 0x1274 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys 19:58:38.0772 0x1274 UEFI - ok 19:58:38.0778 0x1274 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:58:38.0789 0x1274 UI0Detect - ok 19:58:38.0792 0x1274 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:58:38.0801 0x1274 uliagpkx - ok 19:58:38.0805 0x1274 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys 19:58:38.0815 0x1274 umbus - ok 19:58:38.0818 0x1274 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys 19:58:38.0826 0x1274 UmPass - ok 19:58:38.0835 0x1274 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll 19:58:38.0851 0x1274 UmRdpService - ok 19:58:38.0862 0x1274 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll 19:58:38.0880 0x1274 upnphost - ok 19:58:38.0887 0x1274 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys 19:58:38.0899 0x1274 usbccgp - ok 19:58:38.0905 0x1274 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys 19:58:38.0916 0x1274 usbcir - ok 19:58:38.0922 0x1274 [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci C:\Windows\System32\drivers\usbehci.sys 19:58:38.0933 0x1274 usbehci - ok 19:58:38.0943 0x1274 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\Windows\System32\drivers\usbhub.sys 19:58:38.0962 0x1274 usbhub - ok 19:58:38.0976 0x1274 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys 19:58:38.0996 0x1274 USBHUB3 - ok 19:58:39.0000 0x1274 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\Windows\System32\drivers\usbohci.sys 19:58:39.0011 0x1274 usbohci - ok 19:58:39.0015 0x1274 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys 19:58:39.0026 0x1274 usbprint - ok 19:58:39.0029 0x1274 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:58:39.0039 0x1274 usbscan - ok 19:58:39.0046 0x1274 [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS 19:58:39.0057 0x1274 USBSTOR - ok 19:58:39.0061 0x1274 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\Windows\System32\drivers\usbuhci.sys 19:58:39.0070 0x1274 usbuhci - ok 19:58:39.0078 0x1274 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 19:58:39.0091 0x1274 usbvideo - ok 19:58:39.0102 0x1274 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS 19:58:39.0118 0x1274 USBXHCI - ok 19:58:39.0123 0x1274 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe 19:58:39.0131 0x1274 VaultSvc - ok 19:58:39.0136 0x1274 [ 0E3C4F20B2CE21168F3242D9CAC6CBF2, 1BD5E1A2000EBC1C335A8960ACDCD08BDC8230F533A80D086D2EE6FE4990EA02 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 19:58:39.0147 0x1274 VBoxUSBMon - ok 19:58:39.0151 0x1274 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:58:39.0158 0x1274 vdrvroot - ok 19:58:39.0183 0x1274 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\Windows\System32\vds.exe 19:58:39.0219 0x1274 vds - ok 19:58:39.0226 0x1274 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys 19:58:39.0237 0x1274 VerifierExt - ok 19:58:39.0253 0x1274 [ 5DB4AFA10A488EC4DDB3DA09B0425BE5, 480AFB6A6BCC95E86C5087C3D9DCD6058D48659A5A63F524A0B9ED3A8FEF6B9B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys 19:58:39.0281 0x1274 vhdmp - ok 19:58:39.0284 0x1274 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys 19:58:39.0292 0x1274 viaide - ok 19:58:39.0296 0x1274 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys 19:58:39.0305 0x1274 vmbus - ok 19:58:39.0309 0x1274 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys 19:58:39.0317 0x1274 VMBusHID - ok 19:58:39.0330 0x1274 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll 19:58:39.0350 0x1274 vmicguestinterface - ok 19:58:39.0361 0x1274 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll 19:58:39.0379 0x1274 vmicheartbeat - ok 19:58:39.0390 0x1274 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll 19:58:39.0408 0x1274 vmickvpexchange - ok 19:58:39.0419 0x1274 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll 19:58:39.0437 0x1274 vmicrdv - ok 19:58:39.0449 0x1274 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll 19:58:39.0466 0x1274 vmicshutdown - ok 19:58:39.0478 0x1274 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll 19:58:39.0495 0x1274 vmictimesync - ok 19:58:39.0507 0x1274 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll 19:58:39.0526 0x1274 vmicvss - ok 19:58:39.0531 0x1274 [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:58:39.0540 0x1274 volmgr - ok 19:58:39.0550 0x1274 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:58:39.0565 0x1274 volmgrx - ok 19:58:39.0576 0x1274 [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:58:39.0591 0x1274 volsnap - ok 19:58:39.0595 0x1274 [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci C:\Windows\System32\drivers\vpci.sys 19:58:39.0604 0x1274 vpci - ok 19:58:39.0610 0x1274 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 19:58:39.0621 0x1274 vsmraid - ok 19:58:39.0649 0x1274 [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS C:\Windows\system32\vssvc.exe 19:58:39.0686 0x1274 VSS - ok 19:58:39.0696 0x1274 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys 19:58:39.0710 0x1274 VSTXRAID - ok 19:58:39.0714 0x1274 [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 19:58:39.0724 0x1274 vwifibus - ok 19:58:39.0728 0x1274 [ 29AB43937FFDA0B0FB56984226E698C6, 6A1A559964FE5D594E54988C46149969E6FFD5A8D5A6862E14648B608794CC29 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 19:58:39.0738 0x1274 vwififlt - ok 19:58:39.0741 0x1274 [ 8B8624A93E3F88CB923AEB05B6313227, 2856B63CD376BF2B1A9129581E7B9207588D4EAFD29A2C8D98F176FEAFDE26A9 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 19:58:39.0749 0x1274 vwifimp - ok 19:58:39.0760 0x1274 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\Windows\system32\w32time.dll 19:58:39.0778 0x1274 W32Time - ok 19:58:39.0782 0x1274 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys 19:58:39.0792 0x1274 WacomPen - ok 19:58:39.0821 0x1274 [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine C:\Windows\system32\wbengine.exe 19:58:39.0862 0x1274 wbengine - ok 19:58:39.0874 0x1274 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:58:39.0893 0x1274 WbioSrvc - ok 19:58:39.0903 0x1274 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll 19:58:39.0921 0x1274 Wcmsvc - ok 19:58:39.0932 0x1274 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:58:39.0950 0x1274 wcncsvc - ok 19:58:39.0954 0x1274 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:58:39.0965 0x1274 WcsPlugInService - ok 19:58:39.0968 0x1274 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys 19:58:39.0976 0x1274 WdBoot - ok 19:58:39.0993 0x1274 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:58:40.0016 0x1274 Wdf01000 - ok 19:58:40.0025 0x1274 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys 19:58:40.0039 0x1274 WdFilter - ok 19:58:40.0043 0x1274 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:58:40.0056 0x1274 WdiServiceHost - ok 19:58:40.0059 0x1274 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:58:40.0071 0x1274 WdiSystemHost - ok 19:58:40.0076 0x1274 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys 19:58:40.0085 0x1274 WdNisDrv - ok 19:58:40.0088 0x1274 WdNisSvc - ok 19:58:40.0095 0x1274 [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient C:\Windows\System32\webclnt.dll 19:58:40.0110 0x1274 WebClient - ok 19:58:40.0118 0x1274 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:58:40.0132 0x1274 Wecsvc - ok 19:58:40.0136 0x1274 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll 19:58:40.0145 0x1274 WEPHOSTSVC - ok 19:58:40.0149 0x1274 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:58:40.0164 0x1274 wercplsupport - ok 19:58:40.0169 0x1274 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll 19:58:40.0182 0x1274 WerSvc - ok 19:58:40.0187 0x1274 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys 19:58:40.0197 0x1274 WFPLWFS - ok 19:58:40.0203 0x1274 [ 42C5DC0D7236CF8C0ADE3BEE2CA1443C, 051EED3F9A9C424D52ED106173A91AFD04A0D9355F96E5B0D8D3C09C4DA16ECF ] wgsslvpnsrc C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe 19:58:40.0208 0x1274 wgsslvpnsrc - detected UnsignedFile.Multi.Generic ( 1 ) 19:58:40.0347 0x1274 Detect skipped due to KSN trusted 19:58:40.0347 0x1274 wgsslvpnsrc - ok 19:58:40.0352 0x1274 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll 19:58:40.0363 0x1274 WiaRpc - ok 19:58:40.0366 0x1274 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:58:40.0374 0x1274 WIMMount - ok 19:58:40.0376 0x1274 WinDefend - ok 19:58:40.0394 0x1274 [ 0E70990EC2E5D2331AA5E88DB0CFB826, 79DFF565C3FCBC691E8FEB669CEC00E340FD2A2AFA4488D23A7CC63A2A98A5C1 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll 19:58:40.0421 0x1274 WinHttpAutoProxySvc - ok 19:58:40.0431 0x1274 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:58:40.0445 0x1274 Winmgmt - ok 19:58:40.0491 0x1274 [ 427873F889F2F508BE8BE982219CE578, CA8DCFB774BF0F747295A7A0CB46A6177DE12AD6BD58266182206C41A3C9001E ] WinRM C:\Windows\system32\WsmSvc.dll 19:58:40.0555 0x1274 WinRM - ok 19:58:40.0566 0x1274 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 19:58:40.0577 0x1274 WinUsb - ok 19:58:40.0606 0x1274 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll 19:58:40.0647 0x1274 WlanSvc - ok 19:58:40.0678 0x1274 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll 19:58:40.0721 0x1274 wlidsvc - ok 19:58:40.0725 0x1274 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys 19:58:40.0734 0x1274 WmiAcpi - ok 19:58:40.0741 0x1274 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:58:40.0754 0x1274 wmiApSrv - ok 19:58:40.0756 0x1274 WMPNetworkSvc - ok 19:58:40.0763 0x1274 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys 19:58:40.0773 0x1274 Wof - ok 19:58:40.0805 0x1274 [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc C:\Windows\system32\workfolderssvc.dll 19:58:40.0847 0x1274 workfolderssvc - ok 19:58:40.0852 0x1274 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys 19:58:40.0861 0x1274 wpcfltr - ok 19:58:40.0864 0x1274 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:58:40.0874 0x1274 WPCSvc - ok 19:58:40.0878 0x1274 [ DBDCE2378F65F0A07D4644AC103037E7, 99714F0CD31297C9831BAF04768F467F6E0BF710C859CEDCA83069226BF1A68A ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:58:40.0890 0x1274 WPDBusEnum - ok 19:58:40.0893 0x1274 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys 19:58:40.0901 0x1274 WpdUpFltr - ok 19:58:40.0904 0x1274 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:58:40.0915 0x1274 ws2ifsl - ok 19:58:40.0921 0x1274 [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc C:\Windows\System32\wscsvc.dll 19:58:40.0934 0x1274 wscsvc - ok 19:58:40.0936 0x1274 WSearch - ok 19:58:40.0997 0x1274 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll 19:58:41.0087 0x1274 WSService - ok 19:58:41.0154 0x1274 [ F3F60C88A6BBC8D0C68FE5B1C91181AF, AF9A4D282CD4BB1127BC3F48AB89DC294408D96F7906553C636F37D1503CFA48 ] wuauserv C:\Windows\system32\wuaueng.dll 19:58:41.0235 0x1274 wuauserv - ok 19:58:41.0243 0x1274 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:58:41.0255 0x1274 WudfPf - ok 19:58:41.0261 0x1274 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys 19:58:41.0274 0x1274 WUDFRd - ok 19:58:41.0279 0x1274 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:58:41.0290 0x1274 wudfsvc - ok 19:58:41.0297 0x1274 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys 19:58:41.0309 0x1274 WUDFWpdFs - ok 19:58:41.0315 0x1274 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys 19:58:41.0328 0x1274 WUDFWpdMtp - ok 19:58:41.0340 0x1274 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll 19:58:41.0359 0x1274 WwanSvc - ok 19:58:41.0368 0x1274 [ D3D9CB4BA15C1854294517AA8954E201, DFBB6E1A5FF01123FEAD6EFFA67F4A0203792AFDF82EAFFC2DA981A584896542 ] XQHDrv C:\Windows\system32\DRIVERS\XQHDrv.sys 19:58:41.0380 0x1274 XQHDrv - ok 19:58:41.0388 0x1274 ================ Scan global =============================== 19:58:41.0392 0x1274 [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\Windows\system32\basesrv.dll 19:58:41.0399 0x1274 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll 19:58:41.0407 0x1274 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll 19:58:41.0418 0x1274 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe 19:58:41.0427 0x1274 [ Global ] - ok 19:58:41.0427 0x1274 ================ Scan MBR ================================== 19:58:41.0429 0x1274 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 19:58:41.0448 0x1274 \Device\Harddisk0\DR0 - ok 19:58:41.0448 0x1274 ================ Scan VBR ================================== 19:58:41.0450 0x1274 [ 26CE77DACE65E535CC0AE2A4C5402A6C ] \Device\Harddisk0\DR0\Partition1 19:58:41.0451 0x1274 \Device\Harddisk0\DR0\Partition1 - ok 19:58:41.0453 0x1274 [ 47E73EEDA86B3720B4BB5D953CD5D057 ] \Device\Harddisk0\DR0\Partition2 19:58:41.0454 0x1274 \Device\Harddisk0\DR0\Partition2 - ok 19:58:41.0456 0x1274 [ F9F664790FCD645E827C062D5B28E579 ] \Device\Harddisk0\DR0\Partition3 19:58:41.0456 0x1274 \Device\Harddisk0\DR0\Partition3 - ok 19:58:41.0458 0x1274 [ 4BF2ADE632E9C670186C74E8465AE617 ] \Device\Harddisk0\DR0\Partition4 19:58:41.0459 0x1274 \Device\Harddisk0\DR0\Partition4 - ok 19:58:41.0461 0x1274 [ 4541964B2AF1F3A72485FC375A1B06AF ] \Device\Harddisk0\DR0\Partition5 19:58:41.0462 0x1274 \Device\Harddisk0\DR0\Partition5 - ok 19:58:41.0463 0x1274 ================ Scan generic autorun ====================== 19:58:41.0468 0x1274 [ 889E56C58F5AC4242E395E3AD5F7780C, 35AA891112BE86C28C6AF8DF44BFEE342BAB7BDA877917C9B6466204091B9ADE ] C:\Program Files\Classic Shell\ClassicStartMenu.exe 19:58:41.0480 0x1274 Classic Start Menu - ok 19:58:41.0601 0x1274 [ 47CCAA466AD206FFE34C6C9CA3279BC7, 4B7A4779A4EDB8AFE4CF860316EF949EAD2AEE6D56258F2D12924404F9D67A3B ] c:\program files\emsisoft anti-malware\a2guard.exe 19:58:41.0757 0x1274 emsisoft anti-malware - ok 19:58:41.0780 0x1274 [ 73F1B07CF82235B25BCC3E9A7522ACCB, 47221B8DFF5A44050AFB0AB5A249FEECE36BE2E000D6529E099128EEDFA647DA ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe 19:58:41.0801 0x1274 StartCCC - ok 19:58:41.0848 0x1274 [ 1A774CBE54318A3411539BA10D47BEF5, 99CDBD90429FCAFA1C814E49EFF1160E8DC7D43B8F82E8AC33116BE7D42DBA9B ] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe 19:58:41.0905 0x1274 Malwarebytes Anti-Exploit - ok 19:58:41.0914 0x1274 [ 812EC7C5892262386C2B47E1083D456A, 06FC1D6D0F1D8C3C6E09E50C02FF75A50443F429BE3339909E416B29A255E8CC ] C:\Program Files (x86)\PDF24\pdf24.exe 19:58:41.0925 0x1274 PDFPrint - ok 19:58:41.0974 0x1274 [ 6F4E4E5B2C2B9922ED022CBA4266B375, 6B646D7ED0E14F21DC52FB6701837A8C1553AE4F4BD89682F21BB8B23161BB03 ] C:\Program Files (x86)\Steam\steam.exe 19:58:42.0033 0x1274 Steam - ok 19:58:42.0037 0x1274 Skype - ok 19:58:42.0039 0x1274 Waiting for KSN requests completion. In queue: 110 19:58:43.0057 0x1274 AV detected via SS2: Emsisoft Anti-Malware, C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe ( 11.10.0.6563 ), 0x41000 ( enabled : updated ) 19:58:43.0058 0x1274 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated ) 19:58:43.0067 0x1274 Win FW state via NFP2: enabled ( trusted ) 19:58:43.0185 0x1274 ============================================================ 19:58:43.0185 0x1274 Scan finished 19:58:43.0185 0x1274 ============================================================ 19:58:43.0194 0x179c Detected object count: 0 19:58:43.0194 0x179c Actual detected object count: 0 |
25.09.2016, 19:09 | #4 | |
/// TB-Ausbilder /// Anleitungs-Guru | Fremder Amazonzugriff - Verstecktes auf dem PC ?Zitat:
Schritt 1 Downloade Dir HitmanProauf Deinen Desktop: HitmanPro-32 Bit Version HitmanPro-64 Bit Version
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
25.09.2016, 19:19 | #5 |
| Fremder Amazonzugriff - Verstecktes auf dem PC ? Eine der stornierten war auch der Hubschrauber.. das andere so'n 300€ Helm aus dem Shop.. - Vermutlich, damit ich es nicht so mitbekomme doch so'n kleiner Heli? Log: Code:
ATTFilter HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : EXPLOOLPXE Windows . . . . . . . : 6.3.0.9600.X64/8 User name . . . . . . : ExploolpxE\Explo UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2016-09-25 20:17:15 Scan mode . . . . . . : Normal Scan duration . . . . : 1m 15s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 2 Objects scanned . . . : 1.565.199 Files scanned . . . . : 46.504 Remnants scanned . . : 401.410 files / 1.117.285 keys Suspicious files ____________________________________________________________ C:\Users\Explo\Desktop\FRST64(1).exe Size . . . . . . . : 2.402.816 bytes Age . . . . . . . : 0.2 days (2016-09-25 16:35:29) Entropy . . . . . : 7.6 SHA-256 . . . . . : EDE8A29D9DECB62C4DDC853B9584C74AAD20E3FFCA13CAAAF1908A0ABE623224 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\Explo\Downloads\FRST64.exe Size . . . . . . . : 2.396.160 bytes Age . . . . . . . : 35.9 days (2016-08-20 23:32:13) Entropy . . . . . : 7.6 SHA-256 . . . . . : BA59A1750AEA48A6B469BC524609F7D601D0F213106211C3098D26F07D203FC9 Needs elevation . : Yes Fuzzy . . . . . . : 22.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. |
26.09.2016, 12:08 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Fremder Amazonzugriff - Verstecktes auf dem PC ? Hast mal ne Phishing-Mail bekommen und Deine Login-Daten eingegeben? Man bekommt doch bei jeder Bestellung auch ne Email? Hast die erhalten? Kann amazon nicht die Login-Details erfassen? Klassische Malware sehe ich keine...
__________________ --> Fremder Amazonzugriff - Verstecktes auf dem PC ? |
26.09.2016, 15:09 | #7 |
| Fremder Amazonzugriff - Verstecktes auf dem PC ? Das Problem war, dass meine Mailadresse geändert wurde. Dazu bekam ich auch eine Mail. Allerdings dachte ich anfangs, dass das Phishing sei, weil es absolut nicht nach Amazon aussah. Ich gehe von einem zu leichten Passwort aus. (Zugegebenermaßen war das recht einfach gewählt. ) .. Nur komisch, "warum ich" und warum dann nur sowas kleines für 25€ Nun ja. Danke für den Check auf jedenfall! :-) |
26.09.2016, 20:45 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Fremder Amazonzugriff - Verstecktes auf dem PC ? Und dann auch noch an Dich selbst...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Fremder Amazonzugriff - Verstecktes auf dem PC ? |
.dll, administrator, cpu, defender, down, explorer, firefox, firewall, flash player, malware, monitor, mozilla, office 365, programme, prozesse, registry, rundll, scan, services.exe, software, svchost.exe, system, ublock, ublock origin, udp, updates, windows, winlogon.exe |