|
Plagegeister aller Art und deren Bekämpfung: Photo.scr mit TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.10.2016, 11:26 | #1 |
| Photo.scr mit Trojaner Hallo zusammen, seit einiger Zeit haben wir hier ein merkwürdiges Phänomen. Wenn eine Kollegin auf unserer NAS Dateien umbenennt, oder anderweitig dort arbeitet, erscheinen immer wieder Dateien mit dem Namen Photo.scr. Darin verbirgt sich anscheinend ein Trojaner (TR/BitCoinMiner.fra, manchmal auch andere). Wir bekommen aber nicht heraus, woher das kommt. Der Virenscanner Avira meldet sich auf ihrem Rechner nicht. Wenn ich aber die NAS kontrolliere, wird er immer mit meinem Avira gefunden. Ihr Rechner scheint auch sauber zu sein, denn wir haben drei verschiedene Rescue-CDs drüber laufen lassen. Außerdem habe ich über unser Netzwerk den Rechner auch scannen lassen. Nichts! Könnt ihr uns da irgendwie weiterhelfen? Wir haben hier keine eigene EDV-Abteilung und müssen alles selber machen.
__________________ Mit freundlichen Grüßen Ralf Pappers |
06.10.2016, 10:22 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Photo.scr mit TrojanerMein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
07.10.2016, 08:07 | #3 |
| Photo.scr mit Trojaner Hallo Jürgen,
__________________Vielen Dank für Deine Rückmeldung. Da der Rechner ständig in Betrieb ist, komme ich erst nächsten Donnerstag dazu. Ich melde mich dann auf jeden Fall. Vielen Dank.
__________________ |
07.10.2016, 14:48 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Photo.scr mit Trojaner OK.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
12.10.2016, 09:30 | #5 |
| Photo.scr mit Trojaner Hallo Jürgen, könnten wir auch zwei oder drei Rechner untersuchen? Oder müssen wir dazu jeweils einen eigenen Thread aufmachen.
__________________ Mit freundlichen Grüßen Ralf Pappers |
12.10.2016, 18:57 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Photo.scr mit Trojaner Nacheinander geht das schon. Aber nicht gleichzeitig.
__________________ --> Photo.scr mit Trojaner |
13.10.2016, 07:58 | #7 |
| Photo.scr mit Trojaner OK, dann der erste Rechner (Bettina-PC). FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2016 durchgeführt von Administrator (Administrator) auf BETTINA-PC (13-10-2016 08:43:54) Gestartet von C:\Users\Administrator\Desktop Geladene Profile: Mike & Hestia & Administrator (Verfügbare Profile: Mike & Hestia & Bettina Petrik & Administrator) Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\FreeCommander\FreeCommander.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] () HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) HKLM-x32\...\Run: [Olympus DSS UpdateManager] => C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\UpdateManager.exe [201216 2012-02-10] (OLYMPUS IMAGING CORP.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917584 2016-10-06] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29645440 2016-09-12] (Skype Technologies S.A.) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd) HKU\S-1-5-21-2205359317-3694346121-2510905243-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd) HKU\S-1-5-21-2205359317-3694346121-2510905243-1003\...\Run: [Amazon Music] => C:\Users\hestia\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] () HKU\S-1-5-21-2205359317-3694346121-2510905243-1003\...\MountPoints2: {0d328e83-1b2d-11e5-8261-001fd04626b9} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-2205359317-3694346121-2510905243-500\...\Run: [EEDSpeedLauncher] => C:\Windows\system32\eed_ec.dll [3159040 2013-10-03] () HKU\S-1-5-21-2205359317-3694346121-2510905243-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => C:\Windows\system32\eed_ec.dll [3159040 2013-10-03] () IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 4.lnk [2016-02-18] ShortcutTarget: Device Detector 4.lnk -> C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2016-06-07] ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.) GroupPolicyScripts: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DFB28A0E-80F8-4C5F-A206-D62D2BF7A5F0}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-02-06] (IObit) BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-11-04] (Nuance Communications, Inc.) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-11-04] (Nuance Communications, Inc.) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Keine Datei Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Keine Datei Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hQz7LY6Z.default [2016-08-18] FF Extension: (Avira Browser Safety) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hQz7LY6Z.default\Extensions\abs@avira.com [2016-08-18] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-11-04] (Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-11-04] (Nuance Communications, Inc.) Chrome: ======= CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2016-01-04] CHR Extension: (Google Präsentationen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-04] CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-04] CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-04] CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-04] CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-04] CHR Extension: (Google Tabellen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-04] CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-04] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-04] CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-04] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1086040 2016-10-06] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-06] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1489240 2016-10-06] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG) R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2014-11-04] (Nuance Communications, Inc.) R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [66088 2016-03-03] (Haufe-Lexware GmbH & Co. KG) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit) S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174080 2012-02-10] (OLYMPUS IMAGING CORP.) [Datei ist nicht signiert] R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH) S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [149832 2016-10-06] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [153392 2016-10-06] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-07-18] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-07-18] (Avira Operations GmbH & Co. KG) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-13] (REALiX(tm)) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-10-13 08:43 - 2016-10-13 08:45 - 00017189 _____ C:\Users\Administrator\Desktop\FRST.txt 2016-10-13 08:42 - 2016-10-13 08:43 - 00000000 ____D C:\FRST 2016-10-13 08:42 - 2016-10-12 10:24 - 02407424 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2016-10-12 10:20 - 2016-10-01 02:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-10-12 10:20 - 2016-09-30 09:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-10-12 10:20 - 2016-09-30 08:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-10-12 10:20 - 2016-09-30 08:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-10-12 10:20 - 2016-09-30 07:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-10-12 10:20 - 2016-09-30 07:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-10-12 10:20 - 2016-09-30 07:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-10-12 10:20 - 2016-09-30 07:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-10-12 10:20 - 2016-09-30 07:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-10-12 10:20 - 2016-09-30 07:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-10-12 10:20 - 2016-09-30 06:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-10-12 10:20 - 2016-09-30 06:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-10-12 10:20 - 2016-09-17 19:02 - 01446400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-10-12 10:20 - 2016-09-14 03:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-10-12 10:20 - 2016-09-13 01:48 - 00085680 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-10-12 10:20 - 2016-09-09 16:17 - 04170752 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-10-12 10:20 - 2016-09-09 15:38 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-10-12 10:20 - 2016-09-08 16:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-10-12 10:20 - 2016-09-08 16:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2016-10-12 10:20 - 2016-09-08 00:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2016-10-12 10:20 - 2016-09-07 23:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2016-10-12 10:20 - 2016-09-07 23:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2016-10-12 10:20 - 2016-08-31 19:22 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-10-12 10:20 - 2016-08-25 22:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2016-10-12 10:20 - 2016-08-25 21:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll 2016-10-12 10:20 - 2016-08-12 23:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-10-12 10:20 - 2016-08-12 22:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-10-12 10:20 - 2016-08-12 03:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2016-10-12 10:20 - 2016-08-12 03:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2016-10-12 10:20 - 2016-08-03 17:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll 2016-10-12 10:20 - 2016-08-03 17:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll 2016-10-12 10:20 - 2016-07-30 19:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2016-10-12 10:20 - 2016-07-30 18:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2016-10-12 10:19 - 2016-09-30 08:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-10-12 10:19 - 2016-09-30 08:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-10-12 10:19 - 2016-09-30 07:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-10-12 10:19 - 2016-09-30 07:41 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-10-12 10:19 - 2016-09-30 07:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-10-12 10:19 - 2016-09-30 07:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-10-12 10:19 - 2016-09-30 07:33 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-10-12 10:19 - 2016-09-30 07:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-10-12 10:19 - 2016-09-30 07:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-10-12 10:19 - 2016-09-30 07:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-10-12 10:19 - 2016-09-30 07:11 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-10-12 10:19 - 2016-09-30 07:06 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-10-12 10:19 - 2016-09-30 07:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-10-12 10:19 - 2016-09-30 07:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-10-12 10:19 - 2016-09-30 06:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-10-12 10:19 - 2016-09-30 06:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-10-12 10:19 - 2016-09-17 20:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll 2016-10-12 10:19 - 2016-09-17 19:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-10-12 10:19 - 2016-09-17 19:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll 2016-10-12 10:19 - 2016-09-17 19:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-10-12 10:19 - 2016-09-14 03:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-10-12 10:19 - 2016-09-14 03:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-10-12 10:19 - 2016-09-14 03:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-10-12 10:19 - 2016-09-13 00:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll 2016-10-12 10:19 - 2016-09-12 23:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll 2016-10-12 10:19 - 2016-09-08 22:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys 2016-10-12 10:19 - 2016-09-07 23:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2016-10-12 10:19 - 2016-09-07 23:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2016-10-12 10:19 - 2016-08-31 18:33 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-10-12 10:19 - 2016-08-13 02:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-10-12 10:19 - 2016-08-13 02:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys 2016-10-12 10:19 - 2016-08-13 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys 2016-10-12 10:19 - 2016-08-13 02:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys 2016-10-12 10:19 - 2016-08-13 00:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll 2016-10-12 10:19 - 2016-08-13 00:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2016-10-12 10:19 - 2016-08-12 23:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll 2016-10-12 10:19 - 2016-08-11 20:33 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys 2016-10-12 10:19 - 2016-08-11 20:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys 2016-10-12 10:19 - 2016-08-11 20:33 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys 2016-10-12 10:19 - 2016-08-11 19:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe 2016-10-12 10:19 - 2016-08-11 15:39 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml 2016-10-12 10:19 - 2016-08-11 07:46 - 00420184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2016-10-12 10:19 - 2016-08-03 17:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll 2016-10-12 10:19 - 2016-08-03 17:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll 2016-10-12 10:19 - 2016-07-26 15:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS 2016-10-12 10:19 - 2016-07-26 15:40 - 00162850 _____ C:\Windows\system32\C_932.NLS 2016-10-12 10:19 - 2016-07-23 20:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll 2016-10-12 10:19 - 2016-07-23 20:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll 2016-10-12 10:16 - 2016-08-27 21:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-10-12 10:15 - 2016-08-27 21:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-10-12 10:15 - 2016-08-27 21:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe 2016-10-12 10:15 - 2016-08-27 20:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-10-12 10:15 - 2016-08-27 20:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-10-12 10:15 - 2016-08-27 20:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe 2016-10-12 10:15 - 2016-08-27 18:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2016-10-12 10:15 - 2016-08-27 18:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2016-10-12 10:15 - 2016-08-27 18:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2016-10-12 10:15 - 2016-08-27 17:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2016-10-12 10:15 - 2016-08-21 00:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-10-12 10:15 - 2016-08-21 00:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-10-10 09:32 - 2016-10-13 08:41 - 00000000 ____D C:\Users\Public\Documents\AdobeGC 2016-10-06 15:42 - 2016-10-06 15:41 - 00023640 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys 2016-10-05 18:21 - 2016-10-05 18:21 - 06647224 _____ (Tim Kosse) C:\Users\Bettina Petrik\Downloads\FileZilla_3.22.1_win64-setup.exe 2016-09-26 11:12 - 2016-10-04 19:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-09-21 13:46 - 2016-09-21 13:46 - 06662856 _____ (Tim Kosse) C:\Users\Bettina Petrik\Downloads\FileZilla_3.21.0_win64-setup.exe 2016-09-15 12:24 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2016-09-15 12:24 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-09-15 12:24 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2016-09-15 12:24 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-09-15 12:24 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-09-15 12:24 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-09-15 12:24 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-09-15 12:24 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-09-15 12:24 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-09-15 12:24 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-09-15 12:24 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-09-15 12:22 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-09-15 12:22 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-09-15 12:22 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-09-15 12:22 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-09-15 12:22 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-09-15 12:22 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-09-15 12:22 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-09-15 12:22 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-09-15 12:22 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-09-15 12:22 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2016-09-15 12:22 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-09-15 12:22 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-09-15 12:22 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll 2016-09-15 12:22 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll 2016-09-15 12:22 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll 2016-09-15 12:22 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2016-09-15 12:22 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2016-09-15 12:22 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll 2016-09-15 12:22 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll 2016-09-15 12:22 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys 2016-09-15 12:22 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll 2016-09-15 12:22 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll 2016-09-15 12:22 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll 2016-09-15 12:22 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll 2016-09-15 12:22 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2016-09-15 12:22 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll 2016-09-15 12:22 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll 2016-09-15 12:22 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll 2016-09-15 12:22 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2016-09-15 12:22 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll 2016-09-15 12:22 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll 2016-09-15 12:22 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll 2016-09-15 12:22 - 2016-07-07 22:11 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-09-15 12:22 - 2016-07-07 22:11 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-09-15 12:22 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll 2016-09-15 12:22 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll 2016-09-15 12:22 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll 2016-09-15 12:22 - 2016-07-04 07:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2016-09-15 12:22 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe 2016-09-15 12:22 - 2016-07-04 05:33 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2016-09-15 12:22 - 2016-07-04 05:02 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2016-09-15 12:22 - 2016-07-04 04:19 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2016-09-15 12:22 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll 2016-09-15 12:22 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll 2016-09-15 12:22 - 2016-01-10 19:08 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-10-13 08:46 - 2015-02-06 14:08 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2205359317-3694346121-2510905243-500 2016-10-13 08:43 - 2015-07-06 12:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-10-13 08:41 - 2015-12-23 14:47 - 00002273 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk 2016-10-13 08:41 - 2015-08-20 15:39 - 00000386 _____ C:\Windows\Tasks\CGBWJTANO1.job 2016-10-13 08:41 - 2015-02-17 12:21 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-10-13 08:36 - 2015-02-17 12:21 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-10-13 08:34 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-13 08:34 - 2013-08-22 16:44 - 00785544 _____ C:\Windows\system32\FNTCACHE.DAT 2016-10-13 08:34 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2016-10-13 08:33 - 2016-01-18 09:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-10-13 08:33 - 2016-01-18 09:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-10-12 22:39 - 2015-02-13 13:31 - 00000000 ____D C:\Windows\system32\appraiser 2016-10-12 22:39 - 2014-11-21 13:07 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-10-12 22:38 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2016-10-12 22:36 - 2016-01-05 09:35 - 00000000 ____D C:\Users\Bettina Petrik\Documents\Outlook-Dateien 2016-10-12 22:30 - 2016-01-06 09:56 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Roaming\Skype 2016-10-12 21:56 - 2016-01-05 16:36 - 00000000 ____D C:\ProgramData\Lexware 2016-10-12 21:53 - 2016-01-06 11:03 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2262533E-8C4B-42F8-972E-8B42A62B47AD} 2016-10-12 21:36 - 2016-01-06 16:40 - 00000000 ____D C:\Users\Bettina Petrik\Desktop\temp 2016-10-12 21:36 - 2015-02-06 15:37 - 00000000 ____D C:\ProgramData\ProductData 2016-10-12 13:22 - 2016-01-05 09:56 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2205359317-3694346121-2510905243-1004 2016-10-12 12:28 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2016-10-12 12:13 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2016-10-12 12:05 - 2014-11-21 06:04 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2016-10-12 12:04 - 2015-02-10 12:43 - 00000000 ____D C:\Windows\system32\MRT 2016-10-12 11:43 - 2015-02-10 12:43 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-10-12 11:41 - 2016-01-18 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-10-12 11:23 - 2015-02-06 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-10-12 09:24 - 2016-03-03 18:40 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Local\FreePDF_XP 2016-10-11 20:35 - 2016-01-05 09:34 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Roaming\ClassicShell 2016-10-11 19:30 - 2016-01-08 10:52 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Roaming\FileZilla 2016-10-11 19:11 - 2016-01-05 09:29 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Local\Packages 2016-10-11 11:43 - 2015-07-06 12:54 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-10-11 11:43 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-10-11 11:43 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-10 09:28 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2016-10-07 17:35 - 2016-01-05 09:35 - 00000000 ____D C:\Users\Bettina Petrik\Documents\Calibre-Bibliothek 2016-10-07 10:38 - 2016-01-28 11:56 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Roaming\vlc 2016-10-07 10:37 - 2016-01-07 10:45 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Local\CrashDumps 2016-10-07 09:30 - 2015-02-23 15:09 - 00000000 ____D C:\ProgramData\Skype 2016-10-06 15:43 - 2016-08-18 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-10-06 15:41 - 2016-08-18 10:27 - 00153392 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2016-10-06 15:41 - 2016-08-18 10:27 - 00149832 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2016-10-06 12:06 - 2013-08-22 15:25 - 00000253 _____ C:\Windows\win.ini 2016-10-05 10:19 - 2016-01-04 12:19 - 00000432 _____ C:\Windows\BRWMARK.INI 2016-10-04 19:58 - 2015-06-15 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-10-04 10:28 - 2015-06-11 12:28 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-01 02:15 - 2014-11-21 13:15 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-10-01 02:15 - 2014-11-21 13:15 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-29 13:29 - 2015-07-03 10:27 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-26 16:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2016-09-26 09:09 - 2015-02-10 16:43 - 00000000 ____D C:\iFuB 2016-09-22 10:57 - 2014-11-21 05:35 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-22 10:57 - 2014-11-21 04:45 - 00764340 _____ C:\Windows\system32\perfh007.dat 2016-09-22 10:57 - 2014-11-21 04:45 - 00159160 _____ C:\Windows\system32\perfc007.dat 2016-09-21 09:26 - 2015-04-30 18:40 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-09-19 17:08 - 2015-02-19 14:05 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-19 09:14 - 2015-02-06 15:38 - 00000000 ____D C:\ProgramData\IObit 2016-09-16 04:08 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup 2016-09-16 04:08 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\setup 2016-09-16 03:06 - 2014-11-21 05:13 - 00000000 ____D C:\Windows\ShellNew 2016-09-15 11:32 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-13 14:09 - 2016-01-05 16:40 - 00000141 _____ C:\Windows\ODBC.INI ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-02-06 14:07 - 2016-01-05 09:28 - 0024210 _____ () C:\Users\Administrator\AppData\Roaming\Notepad2.ini Einige Dateien in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\avgnt.exe C:\Users\Administrator\AppData\Local\Temp\ose00000.exe C:\Users\Bettina Petrik\AppData\Local\Temp\avgnt.exe C:\Users\Bettina Petrik\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-10-10 10:03 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 10-10-2016 durchgeführt von Administrator (13-10-2016 08:46:53) Gestartet von C:\Users\Administrator\Desktop Windows 8.1 Pro (Update) (X64) (2015-02-06 11:53:56) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2205359317-3694346121-2510905243-500 - Administrator - Enabled) => C:\Users\Administrator Bettina Petrik (S-1-5-21-2205359317-3694346121-2510905243-1004 - Administrator - Enabled) => C:\Users\Bettina Petrik Gast (S-1-5-21-2205359317-3694346121-2510905243-501 - Limited - Disabled) Hestia (S-1-5-21-2205359317-3694346121-2510905243-1003 - Administrator - Enabled) => C:\Users\hestia Mike (S-1-5-21-2205359317-3694346121-2510905243-1002 - Administrator - Enabled) => C:\Users\Mike ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated) Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.1.0.122 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-2205359317-3694346121-2510905243-1003\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.22.54 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden Benutzerhandbuch anzeigen (HKLM-x32\...\View User Guide) (Version: 3.60.02.0 - ) Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0400 - Brother Industries, Ltd.) ByteScout BarCode Generator 3.22.643 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Generator_is1) (Version: - Bytescout Software) calibre (HKLM-x32\...\{EEFFE01E-F594-42EE-815D-50B8A17985B7}) (Version: 2.49.0 - Kovid Goyal) calibre 64bit (HKLM\...\{DBF2A8AA-9EE9-454D-8958-F74F1FCB0789}) (Version: 2.41.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5118 - CDBurnerXP) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.) Driver Booster 3.0 (HKLM-x32\...\Driver Booster_is1) (Version: 3.0 - IObit) EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version: - SEIKO EPSON Corporation) FileZilla Client 3.17.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.17.0.1 - Tim Kosse) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.16) (Version: 9.16 - Artifex Software Inc.) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.30 - IObit) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.138 - PandoraTV) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LamedropXPd3 3.0.2 (HKLM-x32\...\LamedropXPd_0) (Version: 3.0.2 - Strange World Productions) Lexware Info Service (x32 Version: 16.00.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (HKLM-x32\...\{6FF55A3A-4E59-4CF8-9248-2EE747168B3E}) (Version: 5.01.00.0040 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (x32 Version: 22.04.00.0043 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware PDF-Export 5 (x32 Version: 5.00.01.0009 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware warenwirtschaft pro 2016 (HKLM-x32\...\{88cf1ef8-29c4-4d08-a5a1-17153f4f64b0}) (Version: 16.0.0.93 - Haufe-Lexware GmbH & Co.KG) Lexware warenwirtschaft pro 2016 (x32 Version: 16.02.00.0348 - Haufe-Lexware GmbH & Co.KG) Hidden LibreOffice 5.0.4.2 (HKLM-x32\...\{14B5DDCF-61C4-4F1E-A621-844685D60B5A}) (Version: 5.0.4.2 - The Document Foundation) MAGIX Screenshare (HKLM-x32\...\{AEDB01F3-380C-4BF8-BC8A-AB04AB9EB7D9}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Speed burnR (MSI) (HKLM-x32\...\{A9DCBD16-308D-454E-A563-191673A51D52}) (Version: 7.0.2.6 - MAGIX AG) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 49.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 de)) (Version: 49.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla) Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25 - Florian Balmer) Olympus DSS Player Standard (HKLM-x32\...\{FC2163E8-8676-4918-B7FC-F5EF4F8C022D}) (Version: 2.0.0 - OLYMPUS IMAGING CORP.) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd) Samplitude Music Studio 17 (HKLM-x32\...\MAGIX_MSI_ms17dlx) (Version: 17.0.0.0 - MAGIX AG) Samplitude Music Studio 17 (x32 Version: 17.0.0.0 - MAGIX AG) Hidden Samsung CLX-6260 Series (HKLM-x32\...\Samsung CLX-6260 Series) (Version: 1.11 (09.12.2013) - Samsung Electronics Co., Ltd.) Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.61 (10.04.2013) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.73.00(03.10.2013) - Samsung Electronics Co., Ltd.) Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.10.11 (01.07.2013) - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (x32 Version: 1.00.56.01 - Samsung Electronics Co., Ltd.) Hidden SecurityUtility (HKLM-x32\...\SecurityUtility) (Version: - ) <==== ACHTUNG Sigil 0.8.4 (HKLM\...\Sigil_is1) (Version: - John Schember) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer) TeamViewer 8 Host (HKLM-x32\...\TeamViewer 8 Host) (Version: 8.0.44109 - TeamViewer) Topaz Clean 3 (64-bit) (HKLM\...\{FA85C599-2569-4C48-9AA6-2B8D8F029FA7}) (Version: 3.0.1 - Topaz Labs) Topaz Clean 3 (HKLM-x32\...\{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}) (Version: 3.0.1 - Topaz Labs) Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version: - Microsoft) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) XnViewMP 0.78 (HKLM\...\XnViewMP_is1) (Version: 0.78 - Gougelet Pierre-e) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {112AA8D2-4373-4F3E-9B64-FC0E2C7C0AF3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {2D0833B5-6624-48D7-AF2F-BCD9B989BB3A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {387DDB5A-C810-4634-8645-F51C704A86EF} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-09-24] (IObit) Task: {4FFD2E01-A38C-439C-91B0-1088D28F8833} - System32\Tasks\Uninstaller_SkipUac_Hestia => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-02] (IObit) Task: {7008A314-991B-4029-A7FE-2FA23436AEF7} - System32\Tasks\CGBWJTANO1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ACHTUNG Task: {707CEF69-5484-4727-9B33-92B211B979C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd) Task: {801C7D1F-013C-4BBC-BAC3-3ECF887416B7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-17] (Google Inc.) Task: {80CBD3F2-85AA-4E3A-967A-AC4B7FD891D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {99DA58EF-A018-4143-978F-64230B66285D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-17] (Google Inc.) Task: {A2436F51-48BA-4A15-9085-09FF83DCF84C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2205359317-3694346121-2510905243-1002 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe Task: {CC07A2F2-5CC9-48C9-A656-9AAFED1DC265} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-11] (Adobe Systems Incorporated) Task: {CC9F60EB-BB23-41F7-8C8A-EE7EC9BAAF87} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {DBC49CD5-00AF-4132-A042-5555709F20B5} - System32\Tasks\Driver Booster SkipUAC (Hestia) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-10-08] (IObit) Task: {E03CD020-D88E-4A0A-8C5C-79DEA73FF926} - System32\Tasks\AdobeAAMUpdater-1.0-macs1-pc-Hestia => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated) Task: {E1ED2A5E-1157-4025-8421-7A5A20DA7497} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-10-12] (Microsoft Corporation) Task: {EEF68766-9576-4C0D-B094-5A694C0AF721} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-02] (IObit) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\CGBWJTANO1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Uninstaller_SkipUac_Hestia.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-06-15 14:48 - 2012-06-21 07:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll 2016-01-12 13:47 - 2012-01-10 06:15 - 00034304 _____ () C:\Windows\System32\ssy3clm.dll 2015-09-11 20:02 - 2015-09-11 20:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2015-02-06 15:37 - 2015-02-06 15:37 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [157] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-2205359317-3694346121-2510905243-1003\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-2205359317-3694346121-2510905243-500\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == HKLM\...\StartupApproved\Run32: => "ISUSPM" HKLM\...\StartupApproved\Run32: => "DNS7reminder" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\StartupApproved\Run: => "ISUSPM" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{9FDE90AF-5F30-46AC-895A-71733C1DE101}] => (Allow) LPort=51001 FirewallRules: [{C02A3233-2AE0-451A-B719-4ABC95C449AB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{B733F22E-7FFF-46B2-A987-FDB38E6DA102}] => (Allow) LPort=2869 FirewallRules: [{840CFD59-9882-47F1-BF26-C25BBDB7011F}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{60196EAF-C6FD-428B-B11E-D5DE6BAAED28}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{ACA2A19C-2D2B-46F5-82B3-D03BD73D346C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{0BB31E3A-0261-4A74-945F-5AD175BCFB5A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{FC3C9C51-A0AD-49AF-B620-9B9930779102}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{58640613-D557-4547-9120-9D68177430DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4ED59AF3-7CDB-4584-8834-3A4FA22CC196}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3A9BCD86-CA98-4870-94AE-138AFA27140A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6BF329C6-0705-42C6-B240-AAD1F39231BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F119AAAA-C206-463E-A970-9ADA27B9703C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{47D1B63D-649B-409A-9FF4-CE890B8C3526}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{2FE323EB-777A-4CAD-B3FE-E3BF30FFDAFC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{2307BF92-CB9C-4700-92D7-F9AC0714A53D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{46D9559C-3535-41DA-9A64-CD02B40E5A1E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{F9F53FF3-BD89-44E3-9880-B03DD618A5A1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{3F7EC46B-1530-4485-8629-AB245A07B525}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{E714DA8F-AB29-4320-B20F-DE02C751ABDB}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{C9040B1E-233D-47F5-8B64-4408CFE056BB}] => (Allow) C:\Windows\twain_32\Samsung\CLX6260\SCNSearch\USDAgent.exe FirewallRules: [{1EB8E5DF-0075-464F-9539-2F69C1CDD992}] => (Allow) C:\Windows\twain_32\Samsung\CLX6260\SCNSearch\USDAgent.exe FirewallRules: [{F10DC833-625C-440B-9F09-2930A4AA109A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{1CD84411-3A76-47E0-947E-24C3A2C69CC5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{D9B4E54E-C03B-4320-B28C-4FA623990D03}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\TranscriptionModule.exe FirewallRules: [{5F6448B5-6846-4E2E-ADE1-195C796437C6}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\TranscriptionModule.exe FirewallRules: [{428428B6-B4E0-4C8A-9B10-D2EE25F4E755}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\TranscriptionModule.exe FirewallRules: [{B58E18C5-0882-4F07-A160-31B18ED0C5F2}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\TranscriptionModule.exe FirewallRules: [{7BB1CAF4-E49B-48B4-9AC9-4A405E0BE2CA}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\UpdateManager.exe FirewallRules: [{8D129AFC-EFD9-4A79-9B35-C903CD2DB54D}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\UpdateManager.exe FirewallRules: [{84D39C11-74D2-4E0F-9A7A-C088F7448E81}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{27A9F4A3-B778-4FEA-84C1-1E4686B8A73B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{29EFD480-8307-41E6-BC63-680FBC8C96A9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{C74C296B-9AB0-41FA-818F-9771E5300BD0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{8BC456B7-C94E-47F2-88EA-CD8A9A5EC424}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{00689724-76F6-43A8-AA40-8DBA536213ED}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{8BAE0708-7C80-4693-9606-36CA1FB12A9C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{0B65D7BF-6ABD-4A2A-AE4E-DE17C71A449C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{998AA831-39E7-426A-921D-D3E0C61E8FC2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{CC388AFF-2ACD-4C17-B320-F5893AFB7A23}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{B33B1C65-46E2-4F44-BBFD-962E181815E0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{E976CC59-2C66-4FB3-9A51-1539DF6E428D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [TCP Query User{0F9FB39F-E9B9-411F-AB4B-AF937FF2C46B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{D3C2E146-BD7A-47D5-BBAF-CB3AE24AA53D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{33851204-C1CB-4F36-B7D6-FD36492AD1A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wiederherstellungspunkte ========================= 21-09-2016 11:39:23 Windows Update 28-09-2016 15:46:53 Geplanter Prüfpunkt 06-10-2016 10:50:35 Geplanter Prüfpunkt 12-10-2016 11:13:35 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Serieller PCI-Anschluss Description: Serieller PCI-Anschluss Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (10/12/2016 11:14:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (10/12/2016 11:13:37 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2205359317-3694346121-2510905243-500.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {f4025367-433a-41a5-ba53-f8f689a63179} Error: (10/10/2016 09:25:56 AM) (Source: Avira Service Host) (EventID: 0) (User: ) Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ArgumentException: userSid bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(String userSid, String serviceIdentifier) bei Avira.OE.BrowserExtensionConnector.BrowserExtensionConnector.InitializeMonitors(Session userSession) bei Avira.OE.BrowserExtensionConnector.BrowserExtensionConnector.OnApplicationDictionaryChanged(Object sender, DesktopApplicationDictionaryChangedEventArgs e) bei System.EventHandler`1.Invoke(Object sender, TEventArgs e) bei Avira.OE.WinCore.EventHandlerExtensions.SafeInvoke[T](EventHandler`1 eventHandler, Object sender, T eventArgs) bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid) bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason) bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(Object sender, SessionChangeEventArgs args) bei Avira.OE.WinCore.EventHandlerExtensions.SafeInvoke[T](EventHandler`1 eventHandler, Object sender, T eventArgs) b... Error: (10/07/2016 10:37:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.2.1.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: libqt4_plugin.dll, Version: 2.2.1.0, Zeitstempel: 0xa2d0a2c0 Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000076310b ID des fehlerhaften Prozesses: 0x1050 Startzeit der fehlerhaften Anwendung: 0x01d22075e2bb3b9b Pfad der fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls: C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll Berichtskennung: 50764091-8c69-11e6-82af-001fd04626b9 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (10/06/2016 10:50:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (10/06/2016 10:50:38 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2205359317-3694346121-2510905243-500.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {48954ee0-baad-462e-bb94-92f3c1de6ce0} Error: (10/06/2016 09:35:30 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt. Error: (10/05/2016 05:57:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18233, Zeitstempel: 0x56bb4e1d Ausnahmecode: 0xc0000008 Fehleroffset: 0x0003c31c ID des fehlerhaften Prozesses: 0x1334 Startzeit der fehlerhaften Anwendung: 0x01d21f0f0ef796b8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5edc8f43-8b14-11e6-82af-001fd04626b9 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (10/05/2016 12:07:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18233, Zeitstempel: 0x56bb4e1d Ausnahmecode: 0xc0000008 Fehleroffset: 0x0003c31c ID des fehlerhaften Prozesses: 0x630 Startzeit der fehlerhaften Anwendung: 0x01d21ef044bc190f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 8ade5ad7-8ae3-11e6-82af-001fd04626b9 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (10/04/2016 07:53:47 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Event-ID 0 Systemfehler: ============= Error: (10/12/2016 11:13:50 AM) (Source: DCOM) (EventID: 10010) (User: BETTINA-PC) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/12/2016 09:21:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst BFE erreicht. Error: (10/11/2016 10:39:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Appinfo erreicht. Error: (10/11/2016 07:16:27 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (10/11/2016 03:31:12 AM) (Source: DCOM) (EventID: 10010) (User: BETTINA-PC) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/11/2016 03:30:42 AM) (Source: DCOM) (EventID: 10010) (User: BETTINA-PC) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/10/2016 10:42:47 PM) (Source: DCOM) (EventID: 10010) (User: BETTINA-PC) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/10/2016 09:20:24 PM) (Source: DCOM) (EventID: 10010) (User: BETTINA-PC) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/10/2016 08:44:23 PM) (Source: DCOM) (EventID: 10010) (User: BETTINA-PC) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/10/2016 08:43:52 PM) (Source: DCOM) (EventID: 10010) (User: BETTINA-PC) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. CodeIntegrity: =================================== Date: 2016-08-18 05:09:04.059 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:03.793 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:03.528 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:03.262 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:03.012 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:02.747 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:02.481 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:02.224 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:01.943 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:01.117 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Prozentuale Nutzung des RAM: 48% Installierter physikalischer RAM: 3327.23 MB Verfügbarer physikalischer RAM: 1721.82 MB Summe virtueller Speicher: 5503.23 MB Verfügbarer virtueller Speicher: 3887.02 MB ==================== Laufwerke ================================ Drive c: (Disk-C) (Fixed) (Total:297.75 GB) (Free:170.24 GB) NTFS Drive p: () (Network) (Total:923.76 GB) (Free:368.69 GB) Drive s: () (Network) (Total:923.76 GB) (Free:368.69 GB) ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: EF5F568E) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================
__________________ Mit freundlichen Grüßen Ralf Pappers |
13.10.2016, 18:49 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Photo.scr mit Trojaner Schritt 1 Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
14.10.2016, 07:42 | #9 |
| Photo.scr mit Trojaner Hallo, es wurde etwas gefunden. Hier der Report: Code:
ATTFilter 08:32:23.0543 0x1344 TDSS rootkit removing tool 3.1.0.11 Aug 5 2016 12:13:31 08:32:43.0735 0x1344 ============================================================ 08:32:43.0735 0x1344 Current date / time: 2016/10/14 08:32:43.0735 08:32:43.0735 0x1344 SystemInfo: 08:32:43.0735 0x1344 08:32:43.0735 0x1344 OS Version: 6.3.9600 ServicePack: 0.0 08:32:43.0735 0x1344 Product type: Workstation 08:32:43.0735 0x1344 ComputerName: BETTINA-PC 08:32:43.0735 0x1344 UserName: Administrator 08:32:43.0735 0x1344 Windows directory: C:\Windows 08:32:43.0735 0x1344 System windows directory: C:\Windows 08:32:43.0735 0x1344 Running under WOW64 08:32:43.0735 0x1344 Processor architecture: Intel x64 08:32:43.0735 0x1344 Number of processors: 2 08:32:43.0735 0x1344 Page size: 0x1000 08:32:43.0735 0x1344 Boot type: Normal boot 08:32:43.0735 0x1344 CodeIntegrityOptions = 0x00000001 08:32:43.0736 0x1344 ============================================================ 08:32:44.0132 0x1344 KLMD registered as C:\Windows\system32\drivers\24898365.sys 08:32:44.0132 0x1344 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18505, osProperties = 0x19 08:32:45.0078 0x1344 System UUID: {E602CA5E-55E4-DA1A-880B-B7E0DF8E0A22} 08:32:46.0092 0x1344 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:32:46.0101 0x1344 ============================================================ 08:32:46.0102 0x1344 \Device\Harddisk0\DR0: 08:32:46.0102 0x1344 MBR partitions: 08:32:46.0102 0x1344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000 08:32:46.0102 0x1344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x2537E800 08:32:46.0102 0x1344 ============================================================ 08:32:46.0119 0x1344 C: <-> \Device\Harddisk0\DR0\Partition2 08:32:46.0119 0x1344 ============================================================ 08:32:46.0119 0x1344 Initialize success 08:32:46.0119 0x1344 ============================================================ 08:33:32.0711 0x14d8 ============================================================ 08:33:32.0711 0x14d8 Scan started 08:33:32.0711 0x14d8 Mode: Manual; SigCheck; TDLFS; 08:33:32.0711 0x14d8 ============================================================ 08:33:32.0711 0x14d8 KSN ping started 08:33:32.0836 0x14d8 KSN ping finished: true 08:33:36.0953 0x14d8 ================ Scan system memory ======================== 08:33:36.0953 0x14d8 System memory - ok 08:33:36.0953 0x14d8 ================ Scan services ============================= 08:33:37.0081 0x14d8 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys 08:33:37.0316 0x14d8 1394ohci - ok 08:33:37.0375 0x14d8 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys 08:33:37.0387 0x14d8 3ware - ok 08:33:37.0421 0x14d8 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys 08:33:37.0450 0x14d8 ACPI - ok 08:33:37.0467 0x14d8 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys 08:33:37.0478 0x14d8 acpiex - ok 08:33:37.0492 0x14d8 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys 08:33:37.0525 0x14d8 acpipagr - ok 08:33:37.0541 0x14d8 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys 08:33:37.0618 0x14d8 AcpiPmi - ok 08:33:37.0622 0x14d8 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys 08:33:37.0658 0x14d8 acpitime - ok 08:33:37.0808 0x14d8 [ DC00FD73505DAEDD99CAF4533B0C05BD, 2863D1F0587B79254FBE093C191C73892768CF2AC59BEF97745EE66CEE3473AF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 08:33:37.0817 0x14d8 AdobeARMservice - ok 08:33:37.0903 0x14d8 [ 1E30AB3A4D3EB916FF6C1B71B9F2331A, 4D1D703CD16FAE5096A8897DDC69C925FA3BFF1F45E1EA55898BF251AF0D3E9A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 08:33:37.0913 0x14d8 AdobeFlashPlayerUpdateSvc - ok 08:33:37.0956 0x14d8 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS 08:33:37.0995 0x14d8 ADP80XX - ok 08:33:38.0030 0x14d8 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 08:33:38.0126 0x14d8 AeLookupSvc - ok 08:33:38.0180 0x14d8 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\Windows\system32\drivers\afd.sys 08:33:38.0338 0x14d8 AFD - ok 08:33:38.0363 0x14d8 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys 08:33:38.0377 0x14d8 agp440 - ok 08:33:38.0489 0x14d8 [ 021D06851E7AFF5C314039DF813608F3, 081B14840F4AD428B4407AA2E639369A45D174D9507BD107F33FE3A94FB8F8EC ] AGSService C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe 08:33:38.0562 0x14d8 AGSService - ok 08:33:38.0609 0x14d8 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys 08:33:38.0694 0x14d8 ahcache - ok 08:33:38.0719 0x14d8 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe 08:33:38.0795 0x14d8 ALG - ok 08:33:38.0822 0x14d8 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys 08:33:38.0884 0x14d8 AmdK8 - ok 08:33:38.0904 0x14d8 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys 08:33:38.0942 0x14d8 AmdPPM - ok 08:33:38.0975 0x14d8 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys 08:33:38.0987 0x14d8 amdsata - ok 08:33:39.0001 0x14d8 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 08:33:39.0018 0x14d8 amdsbs - ok 08:33:39.0029 0x14d8 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys 08:33:39.0039 0x14d8 amdxata - ok 08:33:39.0141 0x14d8 [ 1B534F5AE93CA21DBA5FF502F5353B66, DCA07FD29FEF0FD3025DD12E3B047B99D4FAD387E37A84C3859D12C1ECD1080B ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe 08:33:39.0236 0x14d8 AntiVirMailService - ok 08:33:39.0277 0x14d8 [ 0511A349A99745B0811B94A008C639BE, E0FA78704957562C66C83E730882560F71C92E297B67DB6A9D2954DA23154826 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe 08:33:39.0291 0x14d8 AntiVirSchedulerService - ok 08:33:39.0335 0x14d8 [ 0511A349A99745B0811B94A008C639BE, E0FA78704957562C66C83E730882560F71C92E297B67DB6A9D2954DA23154826 ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe 08:33:39.0349 0x14d8 AntiVirService - ok 08:33:39.0421 0x14d8 [ AAD3327DE3F2C90421E5BBFA4E63B6BA, 25E6BEAD80898F7422973EABAB2AAADE0A760F7B5CFCC3714966B464135640CB ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe 08:33:39.0563 0x14d8 AntiVirWebService - ok 08:33:39.0592 0x14d8 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys 08:33:39.0696 0x14d8 AppID - ok 08:33:39.0732 0x14d8 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\Windows\System32\appidsvc.dll 08:33:39.0757 0x14d8 AppIDSvc - ok 08:33:39.0792 0x14d8 [ 734622FBA766DBD65B1803549B24A04A, 3B6872B87A60D4DA265D3B8AB0561A929CFE2C097419183E93D3843422363C89 ] Appinfo C:\Windows\System32\appinfo.dll 08:33:39.0913 0x14d8 Appinfo - ok 08:33:39.0950 0x14d8 [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10ED387A2B99EC216 ] AppMgmt C:\Windows\System32\appmgmts.dll 08:33:40.0018 0x14d8 AppMgmt - ok 08:33:40.0050 0x14d8 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll 08:33:40.0124 0x14d8 AppReadiness - ok 08:33:40.0197 0x14d8 [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll 08:33:40.0353 0x14d8 AppXSvc - ok 08:33:40.0385 0x14d8 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys 08:33:40.0398 0x14d8 arcsas - ok 08:33:40.0409 0x14d8 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys 08:33:40.0418 0x14d8 atapi - ok 08:33:40.0457 0x14d8 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll 08:33:40.0563 0x14d8 AudioEndpointBuilder - ok 08:33:40.0607 0x14d8 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\Windows\System32\Audiosrv.dll 08:33:40.0662 0x14d8 Audiosrv - ok 08:33:40.0693 0x14d8 [ 5735D7587D7793B75E136B5974108602, 19CD312C78D45E8A05B183321141140C638CC2B717A359043832E73C3117CC91 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 08:33:40.0703 0x14d8 avgntflt - ok 08:33:40.0741 0x14d8 [ E73A2960A54F83B96415BAE10E66CCB2, C44CE2A638D2CB219A0BCDFEE2855E14A9BEAB032788D7661992735726EFC983 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 08:33:40.0750 0x14d8 avipbb - ok 08:33:40.0831 0x14d8 [ A177265C1777ABE56B22D921F91DDC38, D4E9C5BFC65063EDA015723058805B03C51F5B7456B404A4548CEC8DF6A3F7B7 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe 08:33:40.0968 0x14d8 Avira.ServiceHost - ok 08:33:40.0999 0x14d8 [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 08:33:41.0007 0x14d8 avkmgr - ok 08:33:41.0024 0x14d8 [ 899D89FDF015BBAF628076987D74C295, 7534A10F652FBE559431B9B1C6BC13874E8BC7438D7AFD7553F96811FD3E59BD ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys 08:33:41.0046 0x14d8 avnetflt - ok 08:33:41.0080 0x14d8 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll 08:33:41.0139 0x14d8 AxInstSV - ok 08:33:41.0189 0x14d8 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 08:33:41.0218 0x14d8 b06bdrv - ok 08:33:41.0234 0x14d8 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys 08:33:41.0309 0x14d8 BasicDisplay - ok 08:33:41.0313 0x14d8 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys 08:33:41.0371 0x14d8 BasicRender - ok 08:33:41.0387 0x14d8 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys 08:33:41.0394 0x14d8 bcmfn2 - ok 08:33:41.0443 0x14d8 [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC C:\Windows\System32\bdesvc.dll 08:33:41.0546 0x14d8 BDESVC - ok 08:33:41.0567 0x14d8 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys 08:33:41.0717 0x14d8 Beep - ok 08:33:41.0775 0x14d8 [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE C:\Windows\System32\bfe.dll 08:33:41.0906 0x14d8 BFE - ok 08:33:41.0946 0x14d8 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll 08:33:42.0075 0x14d8 BITS - ok 08:33:42.0104 0x14d8 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys 08:33:42.0180 0x14d8 bowser - ok 08:33:42.0204 0x14d8 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll 08:33:42.0327 0x14d8 BrokerInfrastructure - ok 08:33:42.0361 0x14d8 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll 08:33:42.0429 0x14d8 Browser - ok 08:33:42.0446 0x14d8 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys 08:33:42.0507 0x14d8 BthAvrcpTg - ok 08:33:42.0537 0x14d8 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys 08:33:42.0638 0x14d8 BthHFEnum - ok 08:33:42.0656 0x14d8 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys 08:33:42.0692 0x14d8 bthhfhid - ok 08:33:42.0743 0x14d8 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll 08:33:42.0829 0x14d8 BthHFSrv - ok 08:33:42.0844 0x14d8 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys 08:33:42.0961 0x14d8 BTHMODEM - ok 08:33:42.0980 0x14d8 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll 08:33:43.0043 0x14d8 bthserv - ok 08:33:43.0067 0x14d8 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 08:33:43.0135 0x14d8 cdfs - ok 08:33:43.0157 0x14d8 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys 08:33:43.0188 0x14d8 cdrom - ok 08:33:43.0242 0x14d8 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\Windows\System32\certprop.dll 08:33:43.0304 0x14d8 CertPropSvc - ok 08:33:43.0325 0x14d8 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys 08:33:43.0354 0x14d8 circlass - ok 08:33:43.0395 0x14d8 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\Windows\system32\drivers\CLFS.sys 08:33:43.0422 0x14d8 CLFS - ok 08:33:43.0455 0x14d8 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys 08:33:43.0518 0x14d8 CmBatt - ok 08:33:43.0574 0x14d8 [ 5CBF8B3E27D824D2AA2A34AFB406F1D0, 955AF1307C02D2B4DEEB150F37F77B8631C0F3C450037C233E9E27D6571B0265 ] CNG C:\Windows\system32\Drivers\cng.sys 08:33:43.0605 0x14d8 CNG - ok 08:33:43.0623 0x14d8 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys 08:33:43.0650 0x14d8 CompositeBus - ok 08:33:43.0655 0x14d8 COMSysApp - ok 08:33:43.0677 0x14d8 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys 08:33:43.0727 0x14d8 condrv - ok 08:33:43.0757 0x14d8 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll 08:33:43.0837 0x14d8 CryptSvc - ok 08:33:43.0887 0x14d8 [ 0270B74E1A81AB3A3E977A88B2B0438D, 0FB26EF768B5D925A4284179D43E2724D0748E54446573AC1323314733A64C66 ] CSC C:\Windows\system32\drivers\csc.sys 08:33:43.0950 0x14d8 CSC - ok 08:33:43.0995 0x14d8 [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A332B31F2C0F8EB ] CscService C:\Windows\System32\cscsvc.dll 08:33:44.0091 0x14d8 CscService - ok 08:33:44.0123 0x14d8 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\Windows\system32\drivers\dam.sys 08:33:44.0133 0x14d8 dam - ok 08:33:44.0196 0x14d8 [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] DcomLaunch C:\Windows\system32\rpcss.dll 08:33:44.0371 0x14d8 DcomLaunch - ok 08:33:44.0413 0x14d8 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll 08:33:44.0494 0x14d8 defragsvc - ok 08:33:44.0529 0x14d8 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll 08:33:44.0593 0x14d8 DeviceAssociationService - ok 08:33:44.0617 0x14d8 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll 08:33:44.0685 0x14d8 DeviceInstall - ok 08:33:44.0725 0x14d8 [ FBFF94FC1FE0699A6BC5ACE270AB9EA1, 7D67E7BE539D9D515A1A6B9282C72114310E874DD1FE51E71F002DBB0E1439FB ] Dfsc C:\Windows\system32\Drivers\dfsc.sys 08:33:44.0851 0x14d8 Dfsc - ok 08:33:44.0886 0x14d8 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll 08:33:44.0967 0x14d8 Dhcp - ok 08:33:45.0044 0x14d8 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\Windows\system32\diagtrack.dll 08:33:45.0141 0x14d8 DiagTrack - ok 08:33:45.0180 0x14d8 [ 8B1E62881D5AC68E673CD94B136B34AC, A0C50F17041E43AC07B67A74F2C408820316201439F47CDEA37A4F5891CC0E6F ] disk C:\Windows\system32\drivers\disk.sys 08:33:45.0204 0x14d8 disk - ok 08:33:45.0240 0x14d8 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys 08:33:45.0307 0x14d8 dmvsc - ok 08:33:45.0350 0x14d8 [ 561CBB163EB3C8221D9B1D7D1E5CA477, 4D235E73CC127769A257B31A92180552276EC8DDD991F1106815FADEF385E72D ] Dnscache C:\Windows\System32\dnsrslvr.dll 08:33:45.0445 0x14d8 Dnscache - ok 08:33:45.0479 0x14d8 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll 08:33:45.0553 0x14d8 dot3svc - ok 08:33:45.0571 0x14d8 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\Windows\system32\dps.dll 08:33:45.0587 0x14d8 DPS - ok 08:33:45.0614 0x14d8 [ AAAF50AE816E5B847551E55CF32F4B79, 096F4F2E57A43CAA8F7B2A504D21C4DFD6DE6E138657B138F90058D7667F9AC7 ] DragonLoggerService C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe 08:33:45.0625 0x14d8 DragonLoggerService - ok 08:33:45.0639 0x14d8 [ B41D6BFC215E38485FAB7F64F2567270, 68A901F00BF3B7FD08D06D8C1694AC2A381B9F7993142AC7282C98A9C0B6E606 ] DragonSvc C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe 08:33:45.0653 0x14d8 DragonSvc - ok 08:33:45.0680 0x14d8 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 08:33:45.0690 0x14d8 drmkaud - ok 08:33:45.0711 0x14d8 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll 08:33:45.0745 0x14d8 DsmSvc - ok 08:33:45.0835 0x14d8 [ F74B839FA0F4E6060CA1DA6B8DA17941, EF493E1F55FCD6A8C32B3D5D5809B7EFCCC9829E9A347522D1E6FE080D41BF37 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 08:33:45.0905 0x14d8 DXGKrnl - ok 08:33:45.0936 0x14d8 [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress C:\Windows\system32\DRIVERS\e1i63x64.sys 08:33:45.0983 0x14d8 e1iexpress - ok 08:33:46.0014 0x14d8 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll 08:33:46.0091 0x14d8 Eaphost - ok 08:33:46.0220 0x14d8 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys 08:33:46.0340 0x14d8 ebdrv - ok 08:33:46.0378 0x14d8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe 08:33:46.0390 0x14d8 EFS - ok 08:33:46.0412 0x14d8 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys 08:33:46.0425 0x14d8 EhStorClass - ok 08:33:46.0447 0x14d8 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys 08:33:46.0460 0x14d8 EhStorTcgDrv - ok 08:33:46.0470 0x14d8 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys 08:33:46.0496 0x14d8 ErrDev - ok 08:33:46.0557 0x14d8 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll 08:33:46.0646 0x14d8 EventSystem - ok 08:33:46.0684 0x14d8 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys 08:33:46.0863 0x14d8 exfat - ok 08:33:46.0897 0x14d8 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys 08:33:46.0925 0x14d8 fastfat - ok 08:33:46.0963 0x14d8 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe 08:33:47.0029 0x14d8 Fax - ok 08:33:47.0048 0x14d8 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys 08:33:47.0059 0x14d8 fdc - ok 08:33:47.0095 0x14d8 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll 08:33:47.0160 0x14d8 fdPHost - ok 08:33:47.0179 0x14d8 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll 08:33:47.0205 0x14d8 FDResPub - ok 08:33:47.0224 0x14d8 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll 08:33:47.0320 0x14d8 fhsvc - ok 08:33:47.0335 0x14d8 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 08:33:47.0347 0x14d8 FileInfo - ok 08:33:47.0375 0x14d8 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys 08:33:47.0410 0x14d8 Filetrace - ok 08:33:47.0431 0x14d8 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys 08:33:47.0455 0x14d8 flpydisk - ok 08:33:47.0491 0x14d8 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 08:33:47.0529 0x14d8 FltMgr - ok 08:33:47.0643 0x14d8 [ 1EFEF3B4EF2B241263F0F791EA128598, B6CADC254B0779E43E0D6AB6125A7E7ED8FF50C3158911681BA7B43160A08176 ] FontCache C:\Windows\system32\FntCache.dll 08:33:47.0754 0x14d8 FontCache - ok 08:33:47.0857 0x14d8 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:33:47.0953 0x14d8 FontCache3.0.0.0 - ok 08:33:47.0970 0x14d8 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 08:33:47.0980 0x14d8 FsDepends - ok 08:33:47.0996 0x14d8 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 08:33:48.0052 0x14d8 Fs_Rec - ok 08:33:48.0095 0x14d8 [ D4AB6EE3D715BC44C00277FD934FAACF, DE8A8B14D7BA73BA1B5A833DE193CA65EDFE512A57D84F4F2CE19D9646D97F4E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 08:33:48.0125 0x14d8 fvevol - ok 08:33:48.0138 0x14d8 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys 08:33:48.0195 0x14d8 FxPPM - ok 08:33:48.0216 0x14d8 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 08:33:48.0227 0x14d8 gagp30kx - ok 08:33:48.0259 0x14d8 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys 08:33:48.0324 0x14d8 gencounter - ok 08:33:48.0347 0x14d8 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys 08:33:48.0376 0x14d8 GPIOClx0101 - ok 08:33:48.0431 0x14d8 [ 9678FD4747A4F2E2318245EE6099482E, C76AE30E8BA77DC330F9CFE5ECEA58FAE0995396742923B564A2257DE24D7B32 ] gpsvc C:\Windows\System32\gpsvc.dll 08:33:48.0567 0x14d8 gpsvc - ok 08:33:48.0612 0x14d8 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 08:33:48.0620 0x14d8 gupdate - ok 08:33:48.0629 0x14d8 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 08:33:48.0636 0x14d8 gupdatem - ok 08:33:48.0666 0x14d8 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 08:33:48.0716 0x14d8 HdAudAddService - ok 08:33:48.0745 0x14d8 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys 08:33:48.0828 0x14d8 HDAudBus - ok 08:33:48.0865 0x14d8 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys 08:33:48.0900 0x14d8 HidBatt - ok 08:33:48.0950 0x14d8 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys 08:33:49.0038 0x14d8 HidBth - ok 08:33:49.0052 0x14d8 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys 08:33:49.0081 0x14d8 hidi2c - ok 08:33:49.0115 0x14d8 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys 08:33:49.0143 0x14d8 HidIr - ok 08:33:49.0171 0x14d8 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll 08:33:49.0248 0x14d8 hidserv - ok 08:33:49.0282 0x14d8 [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb C:\Windows\System32\drivers\hidusb.sys 08:33:49.0370 0x14d8 HidUsb - ok 08:33:49.0391 0x14d8 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll 08:33:49.0454 0x14d8 hkmsvc - ok 08:33:49.0496 0x14d8 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll 08:33:49.0568 0x14d8 HomeGroupListener - ok 08:33:49.0635 0x14d8 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 08:33:49.0692 0x14d8 HomeGroupProvider - ok 08:33:49.0722 0x14d8 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 08:33:49.0734 0x14d8 HpSAMD - ok 08:33:49.0795 0x14d8 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\Windows\system32\drivers\HTTP.sys 08:33:49.0842 0x14d8 HTTP - ok 08:33:49.0996 0x14d8 [ E5805896A55D4166C20F216249F40FA3, F426BF60D5B916E7A778EF24C49FE1FFE1B2977C2ABD2977FD5C38C6E6CB139F ] HWiNFO32 C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS 08:33:50.0004 0x14d8 HWiNFO32 - ok 08:33:50.0019 0x14d8 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 08:33:50.0029 0x14d8 hwpolicy - ok 08:33:50.0053 0x14d8 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys 08:33:50.0095 0x14d8 hyperkbd - ok 08:33:50.0114 0x14d8 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys 08:33:50.0125 0x14d8 HyperVideo - ok 08:33:50.0175 0x14d8 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\Windows\System32\drivers\i8042prt.sys 08:33:50.0286 0x14d8 i8042prt - ok 08:33:50.0304 0x14d8 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 08:33:50.0312 0x14d8 iaLPSSi_GPIO - ok 08:33:50.0332 0x14d8 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys 08:33:50.0342 0x14d8 iaLPSSi_I2C - ok 08:33:50.0369 0x14d8 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys 08:33:50.0405 0x14d8 iaStorAV - ok 08:33:50.0426 0x14d8 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 08:33:50.0453 0x14d8 iaStorV - ok 08:33:50.0457 0x14d8 IEEtwCollectorService - ok 08:33:50.0744 0x14d8 [ 83915E05E168AB63B48302F7DC5D8E00, CD7300A5FFD5A8CE47690CDC1223F4693C536D5667F842CA457CC8716AA3F618 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 08:33:51.0106 0x14d8 igfx - ok 08:33:51.0187 0x14d8 [ 5697FD05EC6915A1E7193D658D8D6E05, 0179C3AF29880AA21F609CB471034EA5FA49324ACCE12736866675C037EBEC7A ] IKEEXT C:\Windows\System32\ikeext.dll 08:33:51.0276 0x14d8 IKEEXT - ok 08:33:51.0319 0x14d8 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys 08:33:51.0329 0x14d8 intelide - ok 08:33:51.0369 0x14d8 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\Windows\system32\drivers\intelpep.sys 08:33:51.0379 0x14d8 intelpep - ok 08:33:51.0403 0x14d8 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys 08:33:51.0451 0x14d8 intelppm - ok 08:33:51.0468 0x14d8 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:33:51.0569 0x14d8 IpFilterDriver - ok 08:33:51.0644 0x14d8 [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 08:33:51.0752 0x14d8 iphlpsvc - ok 08:33:51.0791 0x14d8 [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys 08:33:51.0849 0x14d8 IPMIDRV - ok 08:33:51.0876 0x14d8 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 08:33:51.0923 0x14d8 IPNAT - ok 08:33:51.0938 0x14d8 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys 08:33:51.0968 0x14d8 IRENUM - ok 08:33:51.0988 0x14d8 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys 08:33:51.0997 0x14d8 isapnp - ok 08:33:52.0022 0x14d8 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys 08:33:52.0049 0x14d8 iScsiPrt - ok 08:33:52.0070 0x14d8 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\Windows\System32\drivers\kbdclass.sys 08:33:52.0082 0x14d8 kbdclass - ok 08:33:52.0090 0x14d8 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys 08:33:52.0142 0x14d8 kbdhid - ok 08:33:52.0155 0x14d8 [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr C:\Windows\system32\drivers\kbldfltr.sys 08:33:52.0165 0x14d8 kbldfltr - ok 08:33:52.0184 0x14d8 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys 08:33:52.0255 0x14d8 kdnic - ok 08:33:52.0283 0x14d8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe 08:33:52.0296 0x14d8 KeyIso - ok 08:33:52.0335 0x14d8 [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 08:33:52.0346 0x14d8 KSecDD - ok 08:33:52.0393 0x14d8 [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 08:33:52.0408 0x14d8 KSecPkg - ok 08:33:52.0423 0x14d8 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 08:33:52.0435 0x14d8 ksthunk - ok 08:33:52.0464 0x14d8 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll 08:33:52.0551 0x14d8 KtmRm - ok 08:33:52.0589 0x14d8 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll 08:33:52.0672 0x14d8 LanmanServer - ok 08:33:52.0734 0x14d8 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 08:33:52.0784 0x14d8 LanmanWorkstation - ok 08:33:52.0845 0x14d8 [ 808AEDFB82408AF854A32EFBF54F7066, CBD0E6F367BD6DEE1A2C9F6754BC3BE18AFD5715D3D69399D3104406127BB32A ] Lexware_Update_Service C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe 08:33:52.0855 0x14d8 Lexware_Update_Service - ok 08:33:52.0913 0x14d8 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll 08:33:53.0011 0x14d8 lfsvc - ok 08:33:53.0146 0x14d8 [ 337FA50FFDED5E2BC94B36BF625AB681, BC77CCED8F2B52D26C7A2D7960FB5C1690F5D7E41013644C9226A85C9FF4FA2C ] LiveUpdateSvc C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe 08:33:53.0247 0x14d8 LiveUpdateSvc - ok 08:33:53.0269 0x14d8 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 08:33:53.0283 0x14d8 lltdio - ok 08:33:53.0319 0x14d8 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll 08:33:53.0392 0x14d8 lltdsvc - ok 08:33:53.0412 0x14d8 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll 08:33:53.0468 0x14d8 lmhosts - ok 08:33:53.0487 0x14d8 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 08:33:53.0499 0x14d8 LSI_SAS - ok 08:33:53.0514 0x14d8 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 08:33:53.0526 0x14d8 LSI_SAS2 - ok 08:33:53.0533 0x14d8 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys 08:33:53.0544 0x14d8 LSI_SAS3 - ok 08:33:53.0551 0x14d8 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys 08:33:53.0561 0x14d8 LSI_SSS - ok 08:33:53.0596 0x14d8 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\Windows\System32\lsm.dll 08:33:53.0706 0x14d8 LSM - ok 08:33:53.0722 0x14d8 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys 08:33:53.0784 0x14d8 luafv - ok 08:33:53.0798 0x14d8 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys 08:33:53.0809 0x14d8 megasas - ok 08:33:53.0837 0x14d8 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys 08:33:53.0866 0x14d8 megasr - ok 08:33:53.0894 0x14d8 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll 08:33:54.0023 0x14d8 MMCSS - ok 08:33:54.0039 0x14d8 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys 08:33:54.0052 0x14d8 Modem - ok 08:33:54.0079 0x14d8 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys 08:33:54.0146 0x14d8 monitor - ok 08:33:54.0163 0x14d8 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\Windows\System32\drivers\mouclass.sys 08:33:54.0174 0x14d8 mouclass - ok 08:33:54.0225 0x14d8 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\Windows\System32\drivers\mouhid.sys 08:33:54.0269 0x14d8 mouhid - ok 08:33:54.0302 0x14d8 [ 24DABC0A77FAFDC0E379AB3B30F61BB6, E66624ABBF1D742879035F9161F9D3713DE7B759B3D3CF8B96C9E397A02FCF82 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 08:33:54.0314 0x14d8 mountmgr - ok 08:33:54.0368 0x14d8 [ CBCC3A1E47A664CCCBC7A25081C4D88B, BDE4510CED8EF3BB091118FEA8AEB61F0DB402C9B53615A4824896DF9DE3030E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 08:33:54.0381 0x14d8 MozillaMaintenance - ok 08:33:54.0399 0x14d8 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 08:33:54.0490 0x14d8 mpsdrv - ok 08:33:54.0551 0x14d8 [ D1418745A5472F3930A288E05B9E2C05, 95785F0FA7EE239459C0288DB37E9E54648029FD6FE45A61E6343526D67FFA32 ] MpsSvc C:\Windows\system32\mpssvc.dll 08:33:54.0620 0x14d8 MpsSvc - ok 08:33:54.0685 0x14d8 [ 3F818C1518DA702C8F10259095C9BDE0, B98C1A6F9A3C01A10503B2B2C45CC89AFF17B346B15990F4DB4820F68BDC62C8 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 08:33:54.0785 0x14d8 MRxDAV - ok 08:33:54.0826 0x14d8 [ 3AF30CEB99E581E2FADA0B5FC4B551D8, 59BDE83C10D6F31E13B81FC317F1DE0E00793FBA288EAF844E29CFA0EB184502 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 08:33:55.0016 0x14d8 mrxsmb - ok 08:33:55.0063 0x14d8 [ 15D7AF1A26CCEBA32DF21A8E2098F463, 84390806AD3A9651DAB803E9257EEE851B898ED2AB56D8936E8C9F6B41967243 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:33:55.0223 0x14d8 mrxsmb10 - ok 08:33:55.0240 0x14d8 [ 0790EEB1EC199F8BE8259E47B373ED23, F9330F43B40675CCB60804182EF04BFBA3837ED14C798788A4B27D65A646D1C7 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:33:55.0266 0x14d8 mrxsmb20 - ok 08:33:55.0293 0x14d8 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys 08:33:55.0319 0x14d8 MsBridge - ok 08:33:55.0353 0x14d8 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe 08:33:55.0415 0x14d8 MSDTC - ok 08:33:55.0441 0x14d8 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys 08:33:55.0468 0x14d8 Msfs - ok 08:33:55.0488 0x14d8 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys 08:33:55.0499 0x14d8 msgpiowin32 - ok 08:33:55.0514 0x14d8 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 08:33:55.0543 0x14d8 mshidkmdf - ok 08:33:55.0560 0x14d8 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys 08:33:55.0583 0x14d8 mshidumdf - ok 08:33:55.0604 0x14d8 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 08:33:55.0614 0x14d8 msisadrv - ok 08:33:55.0646 0x14d8 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\Windows\system32\iscsiexe.dll 08:33:55.0720 0x14d8 MSiSCSI - ok 08:33:55.0725 0x14d8 msiserver - ok 08:33:55.0751 0x14d8 [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66D121655AF27614 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll 08:33:55.0763 0x14d8 MsKeyboardFilter - ok 08:33:55.0793 0x14d8 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 08:33:55.0818 0x14d8 MSKSSRV - ok 08:33:55.0842 0x14d8 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys 08:33:55.0907 0x14d8 MsLldp - ok 08:33:55.0925 0x14d8 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 08:33:55.0949 0x14d8 MSPCLOCK - ok 08:33:55.0970 0x14d8 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 08:33:56.0002 0x14d8 MSPQM - ok 08:33:56.0039 0x14d8 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 08:33:56.0067 0x14d8 MsRPC - ok 08:33:56.0081 0x14d8 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys 08:33:56.0092 0x14d8 mssmbios - ok 08:33:56.0106 0x14d8 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 08:33:56.0128 0x14d8 MSTEE - ok 08:33:56.0145 0x14d8 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys 08:33:56.0173 0x14d8 MTConfig - ok 08:33:56.0209 0x14d8 [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup C:\Windows\system32\Drivers\mup.sys 08:33:56.0222 0x14d8 Mup - ok 08:33:56.0238 0x14d8 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys 08:33:56.0249 0x14d8 mvumis - ok 08:33:56.0278 0x14d8 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll 08:33:56.0306 0x14d8 napagent - ok 08:33:56.0324 0x14d8 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 08:33:56.0399 0x14d8 NativeWifiP - ok 08:33:56.0439 0x14d8 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll 08:33:56.0500 0x14d8 NcaSvc - ok 08:33:56.0516 0x14d8 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll 08:33:56.0566 0x14d8 NcbService - ok 08:33:56.0601 0x14d8 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll 08:33:56.0652 0x14d8 NcdAutoSetup - ok 08:33:56.0724 0x14d8 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\Windows\system32\drivers\ndis.sys 08:33:56.0784 0x14d8 NDIS - ok 08:33:56.0805 0x14d8 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 08:33:56.0819 0x14d8 NdisCap - ok 08:33:56.0844 0x14d8 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys 08:33:56.0876 0x14d8 NdisImPlatform - ok 08:33:56.0915 0x14d8 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 08:33:57.0015 0x14d8 NdisTapi - ok 08:33:57.0031 0x14d8 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 08:33:57.0085 0x14d8 Ndisuio - ok 08:33:57.0102 0x14d8 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys 08:33:57.0129 0x14d8 NdisVirtualBus - ok 08:33:57.0164 0x14d8 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 08:33:57.0211 0x14d8 NdisWan - ok 08:33:57.0218 0x14d8 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys 08:33:57.0230 0x14d8 NdisWanLegacy - ok 08:33:57.0265 0x14d8 [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 08:33:57.0347 0x14d8 NDProxy - ok 08:33:57.0378 0x14d8 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys 08:33:57.0437 0x14d8 Ndu - ok 08:33:57.0452 0x14d8 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 08:33:57.0481 0x14d8 NetBIOS - ok 08:33:57.0625 0x14d8 [ 9DC17B7D9D84C37C102D379FCC7D4942, D522022ED4395686837E96F57EE29F8065FB749D1195B60D2A406FB33F696C09 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 08:33:57.0770 0x14d8 NetBT - ok 08:33:57.0796 0x14d8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe 08:33:57.0825 0x14d8 Netlogon - ok 08:33:57.0860 0x14d8 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll 08:33:57.0900 0x14d8 Netman - ok 08:33:57.0935 0x14d8 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll 08:33:57.0991 0x14d8 netprofm - ok 08:33:58.0073 0x14d8 [ 91307C4F3AA4E42404BC4F513CCD5430, FD829B655EFA813EA88AFFC0D8AB8E7924CC8456A063278F9490F055BC7874F0 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys 08:33:58.0147 0x14d8 netr28ux - ok 08:33:58.0218 0x14d8 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:33:58.0322 0x14d8 NetTcpPortSharing - ok 08:33:58.0354 0x14d8 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\Windows\System32\drivers\netvsc63.sys 08:33:58.0415 0x14d8 netvsc - ok 08:33:58.0446 0x14d8 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll 08:33:58.0538 0x14d8 NlaSvc - ok 08:33:58.0567 0x14d8 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys 08:33:58.0594 0x14d8 Npfs - ok 08:33:58.0619 0x14d8 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys 08:33:58.0693 0x14d8 npsvctrig - ok 08:33:58.0715 0x14d8 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll 08:33:58.0791 0x14d8 nsi - ok 08:33:58.0811 0x14d8 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 08:33:58.0836 0x14d8 nsiproxy - ok 08:33:58.0931 0x14d8 [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 08:33:59.0006 0x14d8 Ntfs - ok 08:33:59.0019 0x14d8 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys 08:33:59.0077 0x14d8 Null - ok 08:33:59.0119 0x14d8 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys 08:33:59.0134 0x14d8 nvraid - ok 08:33:59.0148 0x14d8 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys 08:33:59.0161 0x14d8 nvstor - ok 08:33:59.0179 0x14d8 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 08:33:59.0192 0x14d8 nv_agp - ok 08:33:59.0294 0x14d8 [ E00B4C7004C029F24FCC103DF40CE366, CAEC840FF3EB5114BFEDF607F9DA3C5C6C295D35BAD5FCC3D0589FE1AA9ECFE0 ] Olympus DVR Service C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe 08:33:59.0312 0x14d8 Olympus DVR Service - detected UnsignedFile.Multi.Generic ( 1 ) 08:33:59.0513 0x14d8 Olympus DVR Service ( UnsignedFile.Multi.Generic ) - warning 08:33:59.0665 0x14d8 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:33:59.0676 0x14d8 ose - ok 08:33:59.0716 0x14d8 [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:33:59.0730 0x14d8 ose64 - ok 08:33:59.0756 0x14d8 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 08:33:59.0809 0x14d8 p2pimsvc - ok 08:33:59.0848 0x14d8 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll 08:33:59.0904 0x14d8 p2psvc - ok 08:33:59.0944 0x14d8 [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport C:\Windows\System32\drivers\parport.sys 08:34:00.0066 0x14d8 Parport - ok 08:34:00.0094 0x14d8 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys 08:34:00.0107 0x14d8 partmgr - ok 08:34:00.0152 0x14d8 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\Windows\System32\pcasvc.dll 08:34:00.0195 0x14d8 PcaSvc - ok 08:34:00.0236 0x14d8 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys 08:34:00.0253 0x14d8 pci - ok 08:34:00.0277 0x14d8 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys 08:34:00.0286 0x14d8 pciide - ok 08:34:00.0309 0x14d8 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 08:34:00.0323 0x14d8 pcmcia - ok 08:34:00.0333 0x14d8 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys 08:34:00.0343 0x14d8 pcw - ok 08:34:00.0383 0x14d8 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\Windows\system32\drivers\pdc.sys 08:34:00.0395 0x14d8 pdc - ok 08:34:00.0424 0x14d8 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 08:34:00.0484 0x14d8 PEAUTH - ok 08:34:00.0556 0x14d8 [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC30D6D7A07475D83 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 08:34:00.0660 0x14d8 PeerDistSvc - ok 08:34:00.0727 0x14d8 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe 08:34:00.0823 0x14d8 PerfHost - ok 08:34:00.0900 0x14d8 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\Windows\system32\pla.dll 08:34:00.0961 0x14d8 pla - ok 08:34:00.0982 0x14d8 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 08:34:01.0000 0x14d8 PlugPlay - ok 08:34:01.0028 0x14d8 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 08:34:01.0042 0x14d8 PNRPAutoReg - ok 08:34:01.0063 0x14d8 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 08:34:01.0080 0x14d8 PNRPsvc - ok 08:34:01.0128 0x14d8 [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 08:34:01.0185 0x14d8 PolicyAgent - ok 08:34:01.0214 0x14d8 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\Windows\system32\umpo.dll 08:34:01.0288 0x14d8 Power - ok 08:34:01.0447 0x14d8 [ F6EA63145C20A23732AD2CA1EBA65FA1, 0DD1164D37C1500258E9CCCE458778A3DA196D9A65919B2672E3C88383068F52 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll 08:34:01.0826 0x14d8 PrintNotify - ok 08:34:01.0884 0x14d8 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys 08:34:01.0927 0x14d8 Processor - ok 08:34:01.0966 0x14d8 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\Windows\system32\profsvc.dll 08:34:02.0066 0x14d8 ProfSvc - ok 08:34:02.0095 0x14d8 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 08:34:02.0109 0x14d8 Psched - ok 08:34:02.0133 0x14d8 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll 08:34:02.0190 0x14d8 QWAVE - ok 08:34:02.0207 0x14d8 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 08:34:02.0231 0x14d8 QWAVEdrv - ok 08:34:02.0246 0x14d8 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 08:34:02.0271 0x14d8 RasAcd - ok 08:34:02.0300 0x14d8 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll 08:34:02.0327 0x14d8 RasAuto - ok 08:34:02.0369 0x14d8 [ 15C0034561FE5B03FA376F1A6232478B, 0F9B5C2BD7D8803FF3C5ED957D3F0859F2A59B74510E4659FBF05EDCBF230208 ] RasMan C:\Windows\System32\rasmans.dll 08:34:02.0466 0x14d8 RasMan - ok 08:34:02.0494 0x14d8 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 08:34:02.0525 0x14d8 RasPppoe - ok 08:34:02.0568 0x14d8 [ D67ED4AB59D1EF66B05AD1A81AC28B26, 72E750A9A6B484D8BEDE52FA6DABEF4D95765DE491152E1F6C856D0590B50C28 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 08:34:02.0671 0x14d8 rdbss - ok 08:34:02.0691 0x14d8 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys 08:34:02.0749 0x14d8 rdpbus - ok 08:34:02.0775 0x14d8 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 08:34:02.0861 0x14d8 RDPDR - ok 08:34:02.0885 0x14d8 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 08:34:02.0900 0x14d8 RdpVideoMiniport - ok 08:34:02.0945 0x14d8 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 08:34:02.0997 0x14d8 rdyboost - ok 08:34:03.0042 0x14d8 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\Windows\system32\drivers\ReFS.sys 08:34:03.0158 0x14d8 ReFS - ok 08:34:03.0206 0x14d8 [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess C:\Windows\System32\mprdim.dll 08:34:03.0249 0x14d8 RemoteAccess - ok 08:34:03.0273 0x14d8 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll 08:34:03.0316 0x14d8 RemoteRegistry - ok 08:34:03.0333 0x14d8 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 08:34:03.0367 0x14d8 RpcEptMapper - ok 08:34:03.0400 0x14d8 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe 08:34:03.0435 0x14d8 RpcLocator - ok 08:34:03.0508 0x14d8 [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] RpcSs C:\Windows\system32\rpcss.dll 08:34:03.0534 0x14d8 RpcSs - ok 08:34:03.0551 0x14d8 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 08:34:03.0581 0x14d8 rspndr - ok 08:34:03.0612 0x14d8 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys 08:34:03.0636 0x14d8 s3cap - ok 08:34:03.0668 0x14d8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe 08:34:03.0679 0x14d8 SamSs - ok 08:34:03.0730 0x14d8 [ 3DDB778E3E4F7FC9C03D5E50CD41C437, 153C31E06204D0D5FF8CCE90EACB8AF4F09C262354B9F5E08EB66BA61554E67D ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe 08:34:03.0755 0x14d8 Samsung Network Fax Server - ok 08:34:03.0791 0x14d8 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 08:34:03.0804 0x14d8 sbp2port - ok 08:34:03.0842 0x14d8 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll 08:34:03.0877 0x14d8 SCardSvr - ok 08:34:03.0897 0x14d8 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll 08:34:03.0933 0x14d8 ScDeviceEnum - ok 08:34:03.0953 0x14d8 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 08:34:03.0984 0x14d8 scfilter - ok 08:34:04.0051 0x14d8 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\Windows\system32\schedsvc.dll 08:34:04.0137 0x14d8 Schedule - ok 08:34:04.0182 0x14d8 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\Windows\System32\certprop.dll 08:34:04.0200 0x14d8 SCPolicySvc - ok 08:34:04.0345 0x14d8 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\Windows\System32\drivers\sdbus.sys 08:34:04.0397 0x14d8 sdbus - ok 08:34:04.0484 0x14d8 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys 08:34:04.0538 0x14d8 sdstor - ok 08:34:04.0587 0x14d8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 08:34:05.0308 0x14d8 secdrv - ok 08:34:05.0357 0x14d8 [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\Windows\system32\seclogon.dll 08:34:05.0454 0x14d8 seclogon - ok 08:34:05.0516 0x14d8 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll 08:34:05.0567 0x14d8 SENS - ok 08:34:05.0651 0x14d8 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 08:34:05.0718 0x14d8 SensrSvc - ok 08:34:05.0751 0x14d8 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys 08:34:05.0766 0x14d8 SerCx - ok 08:34:05.0857 0x14d8 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys 08:34:05.0911 0x14d8 SerCx2 - ok 08:34:05.0964 0x14d8 [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum C:\Windows\System32\drivers\serenum.sys 08:34:06.0029 0x14d8 Serenum - ok 08:34:06.0116 0x14d8 [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial C:\Windows\System32\drivers\serial.sys 08:34:06.0196 0x14d8 Serial - ok 08:34:06.0271 0x14d8 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\Windows\System32\drivers\sermouse.sys 08:34:06.0362 0x14d8 sermouse - ok 08:34:06.0528 0x14d8 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\Windows\system32\sessenv.dll 08:34:06.0721 0x14d8 SessionEnv - ok 08:34:06.0790 0x14d8 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys 08:34:06.0870 0x14d8 sfloppy - ok 08:34:07.0017 0x14d8 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll 08:34:07.0083 0x14d8 SharedAccess - ok 08:34:07.0334 0x14d8 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll 08:34:07.0611 0x14d8 ShellHWDetection - ok 08:34:07.0652 0x14d8 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 08:34:07.0666 0x14d8 SiSRaid2 - ok 08:34:07.0726 0x14d8 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 08:34:07.0758 0x14d8 SiSRaid4 - ok 08:34:08.0083 0x14d8 [ 4E6FAEE3F259DAC82213D935785991FB, ADA019AD261BBEAE78495B508B4D375BEC1005DF119F20897D29C3C613A0CA46 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 08:34:08.0192 0x14d8 SkypeUpdate - ok 08:34:08.0282 0x14d8 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll 08:34:08.0637 0x14d8 smphost - ok 08:34:08.0702 0x14d8 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 08:34:08.0779 0x14d8 SNMPTRAP - ok 08:34:09.0035 0x14d8 [ B312191DCBECE3C07DF9A99DE433B126, D9D9028331C703CE9B9EC75772D29BB04FE43B3A7895F8CBB3AC701CA0548F8D ] spaceport C:\Windows\system32\drivers\spaceport.sys 08:34:09.0127 0x14d8 spaceport - ok 08:34:09.0151 0x14d8 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys 08:34:09.0169 0x14d8 SpbCx - ok 08:34:09.0390 0x14d8 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\Windows\System32\spoolsv.exe 08:34:09.0646 0x14d8 Spooler - ok 08:34:10.0788 0x14d8 [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc C:\Windows\system32\sppsvc.exe 08:34:11.0066 0x14d8 sppsvc - ok 08:34:11.0206 0x14d8 [ 36B082C7A764A34FB1DC72D975870B61, 572CB632D9FDC1183F7BF8BFCBC51765C647945E0C13D1C91ADE3D0E76DF83BC ] srv C:\Windows\system32\DRIVERS\srv.sys 08:34:11.0501 0x14d8 srv - ok 08:34:11.0701 0x14d8 [ F5849909D4B29B4E3D4445F943E5C7E3, 3FCA1423753716FE1AFDD27EE1E13C4D779A3C976185B5C998EF1A9A39BFC186 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 08:34:11.0976 0x14d8 srv2 - ok 08:34:12.0078 0x14d8 [ FABC49666708EA562549E78E6FBF3191, BE1FEBFC259308B39C727915C41A67CD50720A6E2A68D148F4F2F926AED43B02 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 08:34:12.0180 0x14d8 srvnet - ok 08:34:12.0283 0x14d8 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 08:34:12.0335 0x14d8 SSDPSRV - ok 08:34:12.0422 0x14d8 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys 08:34:12.0485 0x14d8 SSPORT - ok 08:34:12.0574 0x14d8 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll 08:34:12.0693 0x14d8 SstpSvc - ok 08:34:12.0737 0x14d8 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys 08:34:12.0753 0x14d8 stexstor - ok 08:34:12.0992 0x14d8 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll 08:34:13.0237 0x14d8 stisvc - ok 08:34:13.0323 0x14d8 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys 08:34:13.0352 0x14d8 storahci - ok 08:34:13.0421 0x14d8 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 08:34:13.0511 0x14d8 storflt - ok 08:34:13.0593 0x14d8 [ 0EDD1F4D470C775740625B06A60C9DD5, 94964D0A793B1C984E87095249EE383A5E669D05BA6BF9F655587887E6CE3C19 ] stornvme C:\Windows\system32\drivers\stornvme.sys 08:34:13.0606 0x14d8 stornvme - ok 08:34:13.0683 0x14d8 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll 08:34:13.0837 0x14d8 StorSvc - ok 08:34:13.0872 0x14d8 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys 08:34:13.0891 0x14d8 storvsc - ok 08:34:13.0955 0x14d8 [ 74B2D810FC976CCDB80193AB8BFBF281, 67D2016AF2311A0D5EC7EBE8F2A089C48BCB7F14472E1FF954377AF7ACBBC800 ] storvsp C:\Windows\System32\drivers\storvsp.sys 08:34:14.0139 0x14d8 storvsp - ok 08:34:14.0225 0x14d8 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll 08:34:14.0296 0x14d8 svsvc - ok 08:34:14.0339 0x14d8 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys 08:34:14.0351 0x14d8 swenum - ok 08:34:14.0549 0x14d8 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll 08:34:14.0676 0x14d8 swprv - ok 08:34:14.0958 0x14d8 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\Windows\system32\sysmain.dll 08:34:15.0120 0x14d8 SysMain - ok 08:34:15.0199 0x14d8 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll 08:34:15.0662 0x14d8 SystemEventsBroker - ok 08:34:15.0757 0x14d8 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll 08:34:15.0838 0x14d8 TabletInputService - ok 08:34:15.0867 0x14d8 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll 08:34:15.0940 0x14d8 TapiSrv - ok 08:34:16.0026 0x14d8 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 08:34:16.0136 0x14d8 Tcpip - ok 08:34:16.0475 0x14d8 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 08:34:16.0538 0x14d8 TCPIP6 - ok 08:34:16.0611 0x14d8 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 08:34:16.0695 0x14d8 tcpipreg - ok 08:34:16.0732 0x14d8 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 08:34:16.0757 0x14d8 tdx - ok 08:34:17.0166 0x14d8 [ E1E13735B6D2FE4FFEAEB91989B9C46F, 32CCCDD17C72ECBD96BB15B9362AD5BC0B173E95F9A4045F084719A5E956932B ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 08:34:17.0387 0x14d8 TeamViewer - ok 08:34:17.0793 0x14d8 [ 49219B921E6FE4D6C002965AADAE5C60, 927B601C743481D74C15E42A6D85C03B62C387FCD68CCDA21FFD05AA23AD5255 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe 08:34:18.0350 0x14d8 TeamViewer8 - ok 08:34:18.0425 0x14d8 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys 08:34:18.0437 0x14d8 terminpt - ok 08:34:18.0541 0x14d8 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll 08:34:18.0623 0x14d8 TermService - ok 08:34:18.0698 0x14d8 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll 08:34:18.0734 0x14d8 Themes - ok 08:34:18.0770 0x14d8 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll 08:34:18.0789 0x14d8 THREADORDER - ok 08:34:18.0830 0x14d8 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll 08:34:18.0942 0x14d8 TimeBroker - ok 08:34:18.0986 0x14d8 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\Windows\system32\drivers\tpm.sys 08:34:19.0001 0x14d8 TPM - ok 08:34:19.0072 0x14d8 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll 08:34:19.0130 0x14d8 TrkWks - ok 08:34:19.0182 0x14d8 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 08:34:19.0281 0x14d8 TrustedInstaller - ok 08:34:19.0304 0x14d8 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 08:34:19.0388 0x14d8 TsUsbFlt - ok 08:34:19.0427 0x14d8 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys 08:34:19.0516 0x14d8 TsUsbGD - ok 08:34:19.0572 0x14d8 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 08:34:19.0646 0x14d8 tunnel - ok 08:34:19.0669 0x14d8 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 08:34:19.0682 0x14d8 uagp35 - ok 08:34:19.0708 0x14d8 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys 08:34:19.0720 0x14d8 UASPStor - ok 08:34:19.0740 0x14d8 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys 08:34:19.0757 0x14d8 UCX01000 - ok 08:34:19.0797 0x14d8 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\Windows\system32\DRIVERS\udfs.sys 08:34:19.0940 0x14d8 udfs - ok 08:34:19.0967 0x14d8 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys 08:34:19.0978 0x14d8 UEFI - ok 08:34:20.0027 0x14d8 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe 08:34:20.0065 0x14d8 UI0Detect - ok 08:34:20.0094 0x14d8 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 08:34:20.0105 0x14d8 uliagpkx - ok 08:34:20.0126 0x14d8 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys 08:34:20.0138 0x14d8 umbus - ok 08:34:20.0161 0x14d8 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys 08:34:20.0191 0x14d8 UmPass - ok 08:34:20.0223 0x14d8 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll 08:34:20.0369 0x14d8 UmRdpService - ok 08:34:20.0405 0x14d8 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll 08:34:20.0449 0x14d8 upnphost - ok 08:34:20.0487 0x14d8 [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 08:34:20.0546 0x14d8 usbaudio - ok 08:34:20.0582 0x14d8 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys 08:34:20.0623 0x14d8 usbccgp - ok 08:34:20.0655 0x14d8 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys 08:34:20.0681 0x14d8 usbcir - ok 08:34:20.0716 0x14d8 [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci C:\Windows\System32\drivers\usbehci.sys 08:34:20.0728 0x14d8 usbehci - ok 08:34:20.0801 0x14d8 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\Windows\System32\drivers\usbhub.sys 08:34:20.0843 0x14d8 usbhub - ok 08:34:20.0973 0x14d8 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys 08:34:21.0027 0x14d8 USBHUB3 - ok 08:34:21.0059 0x14d8 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\Windows\System32\drivers\usbohci.sys 08:34:21.0155 0x14d8 usbohci - ok 08:34:21.0176 0x14d8 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys 08:34:21.0209 0x14d8 usbprint - ok 08:34:21.0250 0x14d8 [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS 08:34:21.0265 0x14d8 USBSTOR - ok 08:34:21.0307 0x14d8 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\Windows\System32\drivers\usbuhci.sys 08:34:21.0329 0x14d8 usbuhci - ok 08:34:21.0376 0x14d8 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS 08:34:21.0401 0x14d8 USBXHCI - ok 08:34:21.0415 0x14d8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe 08:34:21.0426 0x14d8 VaultSvc - ok 08:34:21.0444 0x14d8 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 08:34:21.0455 0x14d8 vdrvroot - ok 08:34:21.0503 0x14d8 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\Windows\System32\vds.exe 08:34:21.0595 0x14d8 vds - ok 08:34:21.0605 0x14d8 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys 08:34:21.0626 0x14d8 VerifierExt - ok 08:34:21.0679 0x14d8 [ 5DB4AFA10A488EC4DDB3DA09B0425BE5, 480AFB6A6BCC95E86C5087C3D9DCD6058D48659A5A63F524A0B9ED3A8FEF6B9B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys 08:34:21.0705 0x14d8 vhdmp - ok 08:34:21.0724 0x14d8 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys 08:34:21.0738 0x14d8 viaide - ok 08:34:21.0759 0x14d8 [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid C:\Windows\System32\drivers\Vid.sys 08:34:21.0827 0x14d8 Vid - ok 08:34:21.0843 0x14d8 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys 08:34:21.0854 0x14d8 vmbus - ok 08:34:21.0873 0x14d8 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys 08:34:21.0884 0x14d8 VMBusHID - ok 08:34:21.0905 0x14d8 [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr C:\Windows\System32\drivers\vmbusr.sys 08:34:21.0919 0x14d8 vmbusr - ok 08:34:21.0959 0x14d8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll 08:34:22.0084 0x14d8 vmicguestinterface - ok 08:34:22.0098 0x14d8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll 08:34:22.0118 0x14d8 vmicheartbeat - ok 08:34:22.0133 0x14d8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll 08:34:22.0153 0x14d8 vmickvpexchange - ok 08:34:22.0227 0x14d8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll 08:34:22.0246 0x14d8 vmicrdv - ok 08:34:22.0299 0x14d8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll 08:34:22.0319 0x14d8 vmicshutdown - ok 08:34:22.0384 0x14d8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll 08:34:22.0403 0x14d8 vmictimesync - ok 08:34:22.0452 0x14d8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll 08:34:22.0472 0x14d8 vmicvss - ok 08:34:22.0534 0x14d8 [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr C:\Windows\system32\drivers\volmgr.sys 08:34:22.0561 0x14d8 volmgr - ok 08:34:22.0586 0x14d8 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 08:34:22.0614 0x14d8 volmgrx - ok 08:34:22.0700 0x14d8 [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap C:\Windows\system32\drivers\volsnap.sys 08:34:22.0727 0x14d8 volsnap - ok 08:34:22.0760 0x14d8 [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci C:\Windows\System32\drivers\vpci.sys 08:34:22.0771 0x14d8 vpci - ok 08:34:22.0789 0x14d8 [ BEE38B3B44364E01BF28640EE8B5617E, 72A2515F68031FA98DFCA9BB9E595D2306FB9ECE5F36869486C46E35C845F844 ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys 08:34:22.0875 0x14d8 vpcivsp - ok 08:34:22.0900 0x14d8 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 08:34:22.0915 0x14d8 vsmraid - ok 08:34:23.0106 0x14d8 [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS C:\Windows\system32\vssvc.exe 08:34:23.0249 0x14d8 VSS - ok 08:34:23.0271 0x14d8 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys 08:34:23.0288 0x14d8 VSTXRAID - ok 08:34:23.0324 0x14d8 [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 08:34:23.0413 0x14d8 vwifibus - ok 08:34:23.0447 0x14d8 [ 29AB43937FFDA0B0FB56984226E698C6, 6A1A559964FE5D594E54988C46149969E6FFD5A8D5A6862E14648B608794CC29 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 08:34:23.0487 0x14d8 vwififlt - ok 08:34:23.0502 0x14d8 [ 8B8624A93E3F88CB923AEB05B6313227, 2856B63CD376BF2B1A9129581E7B9207588D4EAFD29A2C8D98F176FEAFDE26A9 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 08:34:23.0513 0x14d8 vwifimp - ok 08:34:23.0540 0x14d8 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\Windows\system32\w32time.dll 08:34:23.0610 0x14d8 W32Time - ok 08:34:23.0662 0x14d8 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys 08:34:23.0706 0x14d8 WacomPen - ok 08:34:23.0760 0x14d8 [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine C:\Windows\system32\wbengine.exe 08:34:23.0898 0x14d8 wbengine - ok 08:34:23.0931 0x14d8 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 08:34:24.0009 0x14d8 WbioSrvc - ok 08:34:24.0034 0x14d8 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll 08:34:24.0074 0x14d8 Wcmsvc - ok 08:34:24.0104 0x14d8 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll 08:34:24.0131 0x14d8 wcncsvc - ok 08:34:24.0147 0x14d8 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 08:34:24.0189 0x14d8 WcsPlugInService - ok 08:34:24.0227 0x14d8 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys 08:34:24.0237 0x14d8 WdBoot - ok 08:34:24.0277 0x14d8 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 08:34:24.0314 0x14d8 Wdf01000 - ok 08:34:24.0342 0x14d8 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys 08:34:24.0358 0x14d8 WdFilter - ok 08:34:24.0386 0x14d8 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll 08:34:24.0414 0x14d8 WdiServiceHost - ok 08:34:24.0419 0x14d8 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll 08:34:24.0433 0x14d8 WdiSystemHost - ok 08:34:24.0457 0x14d8 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys 08:34:24.0477 0x14d8 WdNisDrv - ok 08:34:24.0533 0x14d8 WdNisSvc - ok 08:34:24.0609 0x14d8 [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient C:\Windows\System32\webclnt.dll 08:34:24.0666 0x14d8 WebClient - ok 08:34:24.0700 0x14d8 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll 08:34:24.0747 0x14d8 Wecsvc - ok 08:34:24.0770 0x14d8 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll 08:34:24.0794 0x14d8 WEPHOSTSVC - ok 08:34:24.0815 0x14d8 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll 08:34:24.0891 0x14d8 wercplsupport - ok 08:34:24.0907 0x14d8 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll 08:34:24.0936 0x14d8 WerSvc - ok 08:34:24.0981 0x14d8 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys 08:34:25.0009 0x14d8 WFPLWFS - ok 08:34:25.0029 0x14d8 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll 08:34:25.0080 0x14d8 WiaRpc - ok 08:34:25.0104 0x14d8 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 08:34:25.0118 0x14d8 WIMMount - ok 08:34:25.0120 0x14d8 WinDefend - ok 08:34:25.0180 0x14d8 [ 0E70990EC2E5D2331AA5E88DB0CFB826, 79DFF565C3FCBC691E8FEB669CEC00E340FD2A2AFA4488D23A7CC63A2A98A5C1 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll 08:34:25.0257 0x14d8 WinHttpAutoProxySvc - ok 08:34:25.0358 0x14d8 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 08:34:25.0434 0x14d8 Winmgmt - ok 08:34:25.0662 0x14d8 [ 427873F889F2F508BE8BE982219CE578, CA8DCFB774BF0F747295A7A0CB46A6177DE12AD6BD58266182206C41A3C9001E ] WinRM C:\Windows\system32\WsmSvc.dll 08:34:25.0844 0x14d8 WinRM - ok 08:34:25.0887 0x14d8 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 08:34:25.0940 0x14d8 WinUsb - ok 08:34:26.0003 0x14d8 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll 08:34:26.0085 0x14d8 WlanSvc - ok 08:34:26.0169 0x14d8 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll 08:34:26.0319 0x14d8 wlidsvc - ok 08:34:26.0342 0x14d8 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys 08:34:26.0353 0x14d8 WmiAcpi - ok 08:34:26.0373 0x14d8 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 08:34:26.0404 0x14d8 wmiApSrv - ok 08:34:26.0430 0x14d8 WMPNetworkSvc - ok 08:34:26.0442 0x14d8 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys 08:34:26.0456 0x14d8 Wof - ok 08:34:26.0687 0x14d8 [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc C:\Windows\system32\workfolderssvc.dll 08:34:26.0828 0x14d8 workfolderssvc - ok 08:34:26.0864 0x14d8 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys 08:34:26.0875 0x14d8 wpcfltr - ok 08:34:26.0895 0x14d8 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll 08:34:26.0929 0x14d8 WPCSvc - ok 08:34:26.0971 0x14d8 [ DBDCE2378F65F0A07D4644AC103037E7, 99714F0CD31297C9831BAF04768F467F6E0BF710C859CEDCA83069226BF1A68A ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 08:34:27.0040 0x14d8 WPDBusEnum - ok 08:34:27.0055 0x14d8 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys 08:34:27.0065 0x14d8 WpdUpFltr - ok 08:34:27.0077 0x14d8 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 08:34:27.0107 0x14d8 ws2ifsl - ok 08:34:27.0144 0x14d8 [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc C:\Windows\System32\wscsvc.dll 08:34:27.0197 0x14d8 wscsvc - ok 08:34:27.0222 0x14d8 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys 08:34:27.0234 0x14d8 WSDPrintDevice - ok 08:34:27.0255 0x14d8 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys 08:34:27.0311 0x14d8 WSDScan - ok 08:34:27.0315 0x14d8 WSearch - ok 08:34:27.0662 0x14d8 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll 08:34:27.0811 0x14d8 WSService - ok 08:34:28.0231 0x14d8 [ F3F60C88A6BBC8D0C68FE5B1C91181AF, AF9A4D282CD4BB1127BC3F48AB89DC294408D96F7906553C636F37D1503CFA48 ] wuauserv C:\Windows\system32\wuaueng.dll 08:34:28.0568 0x14d8 wuauserv - ok 08:34:28.0621 0x14d8 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 08:34:28.0686 0x14d8 WudfPf - ok 08:34:28.0723 0x14d8 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys 08:34:28.0779 0x14d8 WUDFRd - ok 08:34:28.0806 0x14d8 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys 08:34:28.0819 0x14d8 WUDFSensorLP - ok 08:34:28.0874 0x14d8 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 08:34:28.0907 0x14d8 wudfsvc - ok 08:34:28.0940 0x14d8 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys 08:34:28.0954 0x14d8 WUDFWpdFs - ok 08:34:28.0981 0x14d8 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys 08:34:28.0994 0x14d8 WUDFWpdMtp - ok 08:34:29.0083 0x14d8 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll 08:34:29.0155 0x14d8 WwanSvc - ok 08:34:29.0161 0x14d8 ================ Scan global =============================== 08:34:29.0302 0x14d8 [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\Windows\system32\basesrv.dll 08:34:29.0370 0x14d8 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll 08:34:29.0443 0x14d8 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll 08:34:29.0552 0x14d8 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe 08:34:29.0618 0x14d8 [ Global ] - ok 08:34:29.0618 0x14d8 ================ Scan MBR ================================== 08:34:29.0635 0x14d8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 08:34:34.0033 0x14d8 \Device\Harddisk0\DR0 - ok 08:34:34.0034 0x14d8 ================ Scan VBR ================================== 08:34:34.0056 0x14d8 [ 3E1C3E61A4ACC82DFD49FB125AF63354 ] \Device\Harddisk0\DR0\Partition1 08:34:34.0109 0x14d8 \Device\Harddisk0\DR0\Partition1 - ok 08:34:34.0138 0x14d8 [ 33AB0C4B2285B1868B52B523DC282904 ] \Device\Harddisk0\DR0\Partition2 08:34:34.0180 0x14d8 \Device\Harddisk0\DR0\Partition2 - ok 08:34:34.0181 0x14d8 ================ Scan generic autorun ====================== 08:34:34.0320 0x14d8 [ 690EB331346D7ADFDA18E50042DEA4B4, 0C219D7A5FCD4E0252C815373E67F843DBD7356FAE7AB836C451068B51438FE7 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe 08:34:34.0332 0x14d8 Classic Start Menu - detected UnsignedFile.Multi.Generic ( 1 ) 08:34:34.0466 0x14d8 Detect skipped due to KSN trusted 08:34:34.0466 0x14d8 Classic Start Menu - ok 08:34:35.0124 0x14d8 [ 5A9CDFF0CEDFA8061D0DE6B6C2547F51, 76CDEF7A94D90D79CFA105E492E53350F7545900FEF651CD0D18B3163B812AD2 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 08:34:35.0139 0x14d8 AdobeAAMUpdater-1.0 - ok 08:34:35.0242 0x14d8 [ B1964E8776FD7633F149788F5B2A71CB, E30AC137B9DC2D3456499E0BB3B1955D2E0F7FFDB11E7A290A9DA25C76F4FAF8 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 08:34:35.0255 0x14d8 CDAServer - ok 08:34:35.0669 0x14d8 [ 3D1D33DE714636AEAB4AC18291D254F6, 8C9ECD5818F48B90FAEFBEC896F795DDE45CCE73BB11901E90E035F179037117 ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe 08:34:35.0760 0x14d8 Adobe Creative Cloud - ok 08:34:35.0854 0x14d8 [ 2B282A4050FE3B4B70EF9E3070BBFF78, 019B667781F5CE411AEB569EAA4095FA2B9942E43A6A1DFC6EEBB2DA214131FE ] C:\Program Files (x86)\FreePDF_XP\fpassist.exe 08:34:35.0865 0x14d8 FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 ) 08:34:36.0005 0x14d8 Detect skipped due to KSN trusted 08:34:36.0005 0x14d8 FreePDF Assistant - ok 08:34:36.0465 0x14d8 [ 8C1AD6601F0081D6B1E94263CA3625BA, A84E4D96625995A873C23D2B0EEB19EDA01EFF4BBB7F00DBFDEB7B41AEDE4C9C ] C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\UpdateManager.exe 08:34:36.0489 0x14d8 Olympus DSS UpdateManager - detected UnsignedFile.Multi.Generic ( 1 ) 08:34:36.0623 0x14d8 Olympus DSS UpdateManager ( UnsignedFile.Multi.Generic ) - warning 08:34:36.0623 0x14d8 Force sending object to P2P due to detect: C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\UpdateManager.exe 08:34:36.0796 0x14d8 Object send P2P result: true 08:34:37.0059 0x14d8 [ E127B5D81CE968CD3858AF6BDCADEC7C, AF426B8259E2801679A8E3FAE42B617D0DA1D4E834DF0F7B1FD93AB5E64CBE34 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe 08:34:37.0066 0x14d8 Avira SystrayStartTrigger - ok 08:34:37.0307 0x14d8 [ E49A23D41A1F29D67EE24F1E3C29B8D0, D1CAD57BBA9361DCC537E3627EE1D30C83F017BA04D8A6A2A0D8B1D81D7800FD ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe 08:34:37.0330 0x14d8 avgnt - ok 08:34:37.0640 0x14d8 [ 542C2B58BCCA8A3B2CCE4EA754F1640F, F4272F1C1B4C730B57DFFB441B43911FBEE7B0A8D044438F483375E45993934F ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe 08:34:37.0732 0x14d8 ISUSPM - ok 08:34:37.0827 0x14d8 GoogleDriveSync - ok 08:34:37.0894 0x14d8 Skype - ok 08:34:39.0060 0x14d8 [ 794CE28547E38EB2AA09D8BEDA03F611, 03C4D6F86C3B94F053F6F8A6BF399410FCA01871C32957A069084F7314FF1C27 ] C:\Program Files\CCleaner\CCleaner64.exe 08:34:39.0327 0x14d8 CCleaner Monitoring - ok 08:34:40.0304 0x14d8 [ 794CE28547E38EB2AA09D8BEDA03F611, 03C4D6F86C3B94F053F6F8A6BF399410FCA01871C32957A069084F7314FF1C27 ] C:\Program Files\CCleaner\CCleaner64.exe 08:34:40.0466 0x14d8 CCleaner Monitoring - ok 08:34:41.0030 0x14d8 [ B097DDC359318BD7DC1F1DC246935E04, 12364A1D47BD350217799119F39428A9F4C163AC33252264BE5D0476C8F380D7 ] C:\Users\hestia\AppData\Local\Amazon Music\Amazon Music Helper.exe 08:34:41.0436 0x14d8 Amazon Music - ok 08:34:41.0446 0x14d8 Skype - ok 08:34:42.0100 0x14d8 [ 794CE28547E38EB2AA09D8BEDA03F611, 03C4D6F86C3B94F053F6F8A6BF399410FCA01871C32957A069084F7314FF1C27 ] C:\Program Files\CCleaner\CCleaner64.exe 08:34:42.0263 0x14d8 CCleaner Monitoring - ok 08:34:42.0281 0x14d8 EEDSpeedLauncher - ok 08:34:42.0285 0x14d8 EEDSpeedLauncher - ok 08:34:42.0285 0x14d8 Waiting for KSN requests completion. In queue: 10 08:34:43.0379 0x14d8 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.22.49 ), 0x41000 ( enabled : updated ) 08:34:43.0488 0x14d8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated ) 08:34:43.0491 0x14d8 Win FW state via NFP2: enabled ( trusted ) 08:34:43.0562 0x14d8 ============================================================ 08:34:43.0562 0x14d8 Scan finished 08:34:43.0562 0x14d8 ============================================================ 08:34:43.0570 0x1544 Detected object count: 2 08:34:43.0570 0x1544 Actual detected object count: 2 08:35:11.0949 0x1544 Olympus DVR Service ( UnsignedFile.Multi.Generic ) - skipped by user 08:35:11.0949 0x1544 Olympus DVR Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:35:11.0949 0x1544 Olympus DSS UpdateManager ( UnsignedFile.Multi.Generic ) - skipped by user 08:35:11.0949 0x1544 Olympus DSS UpdateManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:39:12.0737 0x1ae0 Deinitialize success
__________________ Mit freundlichen Grüßen Ralf Pappers |
14.10.2016, 17:03 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | Photo.scr mit Trojaner Fund ist nicht gleich "Fund"... Schritt 1 Bitte deinstalliere folgende Programme: SecurityUtility Versuche es bei Windows 8 mit der Windowstaste + X über . Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter. Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus: Schritt 2 Downloade Dir bitte AdwCleaner auf Deinen Desktop.
Schritt 3
Schritt 4 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
17.10.2016, 09:09 | #11 |
| Photo.scr mit Trojaner Hallo, hier die Ergebnisse: ADWCleaner Protokoll: Code:
ATTFilter # AdwCleaner v6.021 - Bericht erstellt am 17/10/2016 um 08:50:41 # Aktualisiert am 06/10/2016 von ToolsLib # Datenbank : 2016-10-16.1 [Server] # Betriebssystem : Windows 8.1 Pro (X64) # Benutzername : Administrator - BETTINA-PC # Gestartet von : C:\Users\Administrator\Desktop\AdwCleaner_6.021.exe # Modus: Löschen # Unterstützung : https://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** [-] Ordner gelöscht: C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8 [#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\7b24ec7cc000461ebe26d116b88142c8 ***** [ Dateien ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814} [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\SecurityUtility ***** [ Browser ] ***** [-] Firefox Einstellungen bereinigt: [-] [C:\Users\Hestia\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: omiga-plus [-] [C:\Users\Hestia\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: search.conduit.com [-] [C:\Users\Hestia\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: conduit.search [-] [C:\Users\Hestia\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: search.conduit.com_ [-] [C:\Users\Hestia\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: my.daemon-search.com [-] [C:\Users\Hestia\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: daemon-search.com [-] [C:\Users\Hestia\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Gelöscht: hxxp://www.startfenster.com [-] [C:\Users\Hestia\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Gelöscht: hxxp://isearch.omiga-plus.com/?type=hp&ts=1405174706&from=kmp&uid=HitachiXHTS547550A9E384_J2110051DRYTSADRYTSAX ************************* :: "Tracing" Schlüssel gelöscht :: Winsock Einstellungen zurückgesetzt :: "Prefetch" Dateien gelöscht :: Proxy Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2432 Bytes] - [17/10/2016 08:50:41] C:\AdwCleaner\AdwCleaner[S0].txt - [2719 Bytes] - [17/10/2016 08:48:09] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2578 Bytes] ########## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 17.10.2016 Suchlaufzeit: 08:59 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.10.17.01 Rootkit-Datenbank: v2016.09.26.02 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Administrator Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 452145 Abgelaufene Zeit: 54 Min., 10 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) FRST.txt FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2016 durchgeführt von Administrator (Administrator) auf BETTINA-PC (17-10-2016 10:01:00) Gestartet von C:\Users\Administrator\Desktop Geladene Profile: Mike & Hestia & Administrator & (Verfügbare Profile: Mike & Hestia & Bettina Petrik & Administrator) Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\FreeCommander\FreeCommander.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] () HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) HKLM-x32\...\Run: [Olympus DSS UpdateManager] => C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\UpdateManager.exe [201216 2012-02-10] (OLYMPUS IMAGING CORP.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917584 2016-10-06] (Avira Operations GmbH & Co. KG) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EEDSpeedLauncher] => C:\Windows\system32\eed_ec.dll [3159040 2013-10-03] () HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29645440 2016-09-12] (Skype Technologies S.A.) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29645440 2016-09-12] (Skype Technologies S.A.) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd) HKU\S-1-5-21-2205359317-3694346121-2510905243-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd) HKU\S-1-5-21-2205359317-3694346121-2510905243-1003\...\Run: [Amazon Music] => C:\Users\hestia\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] () HKU\S-1-5-21-2205359317-3694346121-2510905243-1003\...\MountPoints2: {0d328e83-1b2d-11e5-8261-001fd04626b9} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-2205359317-3694346121-2510905243-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd) HKU\S-1-5-21-2205359317-3694346121-2510905243-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\hestia\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] () HKU\S-1-5-21-2205359317-3694346121-2510905243-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0d328e83-1b2d-11e5-8261-001fd04626b9} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-2205359317-3694346121-2510905243-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29645440 2016-09-12] (Skype Technologies S.A.) HKU\S-1-5-21-2205359317-3694346121-2510905243-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd) HKU\S-1-5-21-2205359317-3694346121-2510905243-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EEDSpeedLauncher] => C:\Windows\system32\eed_ec.dll [3159040 2013-10-03] () HKU\S-1-5-21-2205359317-3694346121-2510905243-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {be0be1bc-adf5-11e4-824e-806e6f6e6963} - "D:\wubi.exe" HKU\S-1-5-21-2205359317-3694346121-2510905243-500\...\Run: [EEDSpeedLauncher] => C:\Windows\system32\eed_ec.dll [3159040 2013-10-03] () HKU\S-1-5-21-2205359317-3694346121-2510905243-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation) HKU\S-1-5-21-2205359317-3694346121-2510905243-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EEDSpeedLauncher] => C:\Windows\system32\eed_ec.dll [3159040 2013-10-03] () HKU\S-1-5-21-2205359317-3694346121-2510905243-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => C:\Windows\system32\eed_ec.dll [3159040 2013-10-03] () IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 4.lnk [2016-02-18] ShortcutTarget: Device Detector 4.lnk -> C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2016-06-07] ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DFB28A0E-80F8-4C5F-A206-D62D2BF7A5F0}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2205359317-3694346121-2510905243-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://shop.ifub-verlag.de/ BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-02-06] (IObit) BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-11-04] (Nuance Communications, Inc.) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-11-04] (Nuance Communications, Inc.) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Keine Datei Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Keine Datei Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hQz7LY6Z.default [2016-08-18] FF Extension: (Avira Browser Safety) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hQz7LY6Z.default\Extensions\abs@avira.com [2016-08-18] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-11-04] (Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-11-04] (Nuance Communications, Inc.) Chrome: ======= CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2016-01-04] CHR Extension: (Google Präsentationen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-04] CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-04] CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-04] CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-04] CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-04] CHR Extension: (Google Tabellen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-04] CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-04] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-04] CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-04] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1086040 2016-10-06] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-06] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1489240 2016-10-06] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG) R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2014-11-04] (Nuance Communications, Inc.) R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [66088 2016-03-03] (Haufe-Lexware GmbH & Co. KG) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit) S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174080 2012-02-10] (OLYMPUS IMAGING CORP.) [Datei ist nicht signiert] R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH) S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [149832 2016-10-06] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [153392 2016-10-06] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-07-18] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-07-18] (Avira Operations GmbH & Co. KG) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-13] (REALiX(tm)) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-10-17 09:59 - 2016-10-17 10:00 - 00001203 _____ C:\Users\Administrator\Desktop\mbam.txt 2016-10-17 08:58 - 2016-10-17 08:58 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-10-17 08:57 - 2016-10-17 08:57 - 00001015 _____ C:\Users\Administrator\Desktop\AdwCleaner[C0].txt - Verknüpfung.lnk 2016-10-17 08:43 - 2016-10-17 08:50 - 00000000 ____D C:\AdwCleaner 2016-10-17 08:43 - 2016-10-17 08:40 - 03874368 _____ C:\Users\Administrator\Desktop\AdwCleaner_6.021.exe 2016-10-14 08:35 - 2016-10-14 08:35 - 00108725 _____ C:\Users\Administrator\Desktop\TDSSKiller-Report.txt 2016-10-14 08:32 - 2016-10-17 10:02 - 00019869 _____ C:\Users\Administrator\Desktop\FRST.txt 2016-10-14 08:32 - 2016-10-14 08:39 - 00217540 _____ C:\TDSSKiller.3.1.0.11_14.10.2016_08.32.23_log.txt 2016-10-14 08:32 - 2016-10-14 08:27 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Administrator\Desktop\tdsskiller.exe 2016-10-14 08:32 - 2016-10-13 08:47 - 00039264 _____ C:\Users\Administrator\Desktop\Addition.txt 2016-10-13 08:42 - 2016-10-17 10:01 - 00000000 ____D C:\FRST 2016-10-13 08:42 - 2016-10-17 10:00 - 02406912 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2016-10-12 10:20 - 2016-10-01 02:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-10-12 10:20 - 2016-09-30 09:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-10-12 10:20 - 2016-09-30 08:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-10-12 10:20 - 2016-09-30 08:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-10-12 10:20 - 2016-09-30 07:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-10-12 10:20 - 2016-09-30 07:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-10-12 10:20 - 2016-09-30 07:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-10-12 10:20 - 2016-09-30 07:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-10-12 10:20 - 2016-09-30 07:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-10-12 10:20 - 2016-09-30 07:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-10-12 10:20 - 2016-09-30 06:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-10-12 10:20 - 2016-09-30 06:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-10-12 10:20 - 2016-09-17 19:02 - 01446400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-10-12 10:20 - 2016-09-14 03:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-10-12 10:20 - 2016-09-13 01:48 - 00085680 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-10-12 10:20 - 2016-09-09 16:17 - 04170752 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-10-12 10:20 - 2016-09-09 15:38 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-10-12 10:20 - 2016-09-09 15:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-10-12 10:20 - 2016-09-08 16:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-10-12 10:20 - 2016-09-08 16:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2016-10-12 10:20 - 2016-09-08 00:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2016-10-12 10:20 - 2016-09-07 23:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2016-10-12 10:20 - 2016-09-07 23:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2016-10-12 10:20 - 2016-08-31 19:22 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-10-12 10:20 - 2016-08-25 22:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2016-10-12 10:20 - 2016-08-25 21:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll 2016-10-12 10:20 - 2016-08-12 23:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-10-12 10:20 - 2016-08-12 22:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-10-12 10:20 - 2016-08-12 03:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2016-10-12 10:20 - 2016-08-12 03:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2016-10-12 10:20 - 2016-08-03 17:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll 2016-10-12 10:20 - 2016-08-03 17:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll 2016-10-12 10:20 - 2016-07-30 19:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2016-10-12 10:20 - 2016-07-30 18:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2016-10-12 10:19 - 2016-09-30 08:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-10-12 10:19 - 2016-09-30 08:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-10-12 10:19 - 2016-09-30 07:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-10-12 10:19 - 2016-09-30 07:41 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-10-12 10:19 - 2016-09-30 07:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-10-12 10:19 - 2016-09-30 07:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-10-12 10:19 - 2016-09-30 07:33 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-10-12 10:19 - 2016-09-30 07:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-10-12 10:19 - 2016-09-30 07:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-10-12 10:19 - 2016-09-30 07:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-10-12 10:19 - 2016-09-30 07:11 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-10-12 10:19 - 2016-09-30 07:06 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-10-12 10:19 - 2016-09-30 07:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-10-12 10:19 - 2016-09-30 07:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-10-12 10:19 - 2016-09-30 06:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-10-12 10:19 - 2016-09-30 06:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-10-12 10:19 - 2016-09-17 20:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll 2016-10-12 10:19 - 2016-09-17 19:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-10-12 10:19 - 2016-09-17 19:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll 2016-10-12 10:19 - 2016-09-17 19:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-10-12 10:19 - 2016-09-14 03:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-10-12 10:19 - 2016-09-14 03:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-10-12 10:19 - 2016-09-14 03:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-10-12 10:19 - 2016-09-13 00:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll 2016-10-12 10:19 - 2016-09-12 23:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll 2016-10-12 10:19 - 2016-09-08 22:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys 2016-10-12 10:19 - 2016-09-07 23:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2016-10-12 10:19 - 2016-09-07 23:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2016-10-12 10:19 - 2016-08-31 18:33 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-10-12 10:19 - 2016-08-13 02:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-10-12 10:19 - 2016-08-13 02:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys 2016-10-12 10:19 - 2016-08-13 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys 2016-10-12 10:19 - 2016-08-13 02:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys 2016-10-12 10:19 - 2016-08-13 00:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll 2016-10-12 10:19 - 2016-08-13 00:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2016-10-12 10:19 - 2016-08-12 23:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll 2016-10-12 10:19 - 2016-08-11 20:33 - 00096256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys 2016-10-12 10:19 - 2016-08-11 20:33 - 00083456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys 2016-10-12 10:19 - 2016-08-11 20:33 - 00023040 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys 2016-10-12 10:19 - 2016-08-11 19:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe 2016-10-12 10:19 - 2016-08-11 15:39 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml 2016-10-12 10:19 - 2016-08-11 07:46 - 00420184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2016-10-12 10:19 - 2016-08-03 17:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll 2016-10-12 10:19 - 2016-08-03 17:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll 2016-10-12 10:19 - 2016-07-26 15:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS 2016-10-12 10:19 - 2016-07-26 15:40 - 00162850 _____ C:\Windows\system32\C_932.NLS 2016-10-12 10:19 - 2016-07-23 20:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll 2016-10-12 10:19 - 2016-07-23 20:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll 2016-10-12 10:16 - 2016-08-27 21:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-10-12 10:15 - 2016-08-27 21:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-10-12 10:15 - 2016-08-27 21:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe 2016-10-12 10:15 - 2016-08-27 20:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-10-12 10:15 - 2016-08-27 20:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-10-12 10:15 - 2016-08-27 20:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe 2016-10-12 10:15 - 2016-08-27 18:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2016-10-12 10:15 - 2016-08-27 18:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2016-10-12 10:15 - 2016-08-27 18:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2016-10-12 10:15 - 2016-08-27 17:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2016-10-12 10:15 - 2016-08-21 00:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-10-12 10:15 - 2016-08-21 00:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-10-10 09:32 - 2016-10-17 09:05 - 00000000 ____D C:\Users\Public\Documents\AdobeGC 2016-10-06 15:42 - 2016-10-06 15:41 - 00023640 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys 2016-10-05 18:21 - 2016-10-05 18:21 - 06647224 _____ (Tim Kosse) C:\Users\Bettina Petrik\Downloads\FileZilla_3.22.1_win64-setup.exe 2016-09-26 11:12 - 2016-10-04 19:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-09-21 13:46 - 2016-09-21 13:46 - 06662856 _____ (Tim Kosse) C:\Users\Bettina Petrik\Downloads\FileZilla_3.21.0_win64-setup.exe ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-10-17 10:00 - 2015-02-06 14:07 - 00024210 _____ C:\Users\Administrator\AppData\Roaming\Notepad2.ini 2016-10-17 10:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2016-10-17 09:59 - 2016-08-04 13:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-10-17 09:43 - 2015-07-06 12:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-10-17 09:36 - 2015-02-17 12:21 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-10-17 09:03 - 2015-02-06 14:08 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2205359317-3694346121-2510905243-500 2016-10-17 08:58 - 2016-08-04 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-10-17 08:58 - 2016-08-04 13:32 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-10-17 08:58 - 2015-02-06 13:20 - 00000000 ____D C:\!_Test 2016-10-17 08:56 - 2015-02-17 12:21 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-10-17 08:53 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-17 08:52 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2016-10-17 08:41 - 2015-02-06 14:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell 2016-10-14 22:07 - 2016-01-05 09:35 - 00000000 ____D C:\Users\Bettina Petrik\Documents\Outlook-Dateien 2016-10-14 21:51 - 2016-01-06 09:56 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Roaming\Skype 2016-10-14 21:13 - 2016-01-05 09:34 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Roaming\ClassicShell 2016-10-14 21:12 - 2016-01-08 10:52 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Roaming\FileZilla 2016-10-14 17:28 - 2016-01-05 09:29 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Local\Packages 2016-10-14 17:12 - 2016-01-06 11:03 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2262533E-8C4B-42F8-972E-8B42A62B47AD} 2016-10-14 15:14 - 2016-01-06 16:40 - 00000000 ____D C:\Users\Bettina Petrik\Desktop\temp 2016-10-14 13:59 - 2016-01-05 09:56 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2205359317-3694346121-2510905243-1004 2016-10-14 04:15 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2016-10-13 15:47 - 2016-03-03 18:40 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Local\FreePDF_XP 2016-10-13 08:55 - 2015-07-03 10:26 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-10-13 08:53 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-10-13 08:41 - 2015-12-23 14:47 - 00002273 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk 2016-10-13 08:34 - 2013-08-22 16:44 - 00785544 _____ C:\Windows\system32\FNTCACHE.DAT 2016-10-13 08:34 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2016-10-13 08:33 - 2016-01-18 09:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-10-13 08:33 - 2016-01-18 09:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-10-12 22:39 - 2015-02-13 13:31 - 00000000 ____D C:\Windows\system32\appraiser 2016-10-12 22:39 - 2014-11-21 13:07 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-10-12 22:38 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2016-10-12 21:56 - 2016-01-05 16:36 - 00000000 ____D C:\ProgramData\Lexware 2016-10-12 21:36 - 2015-02-06 15:37 - 00000000 ____D C:\ProgramData\ProductData 2016-10-12 12:13 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2016-10-12 12:05 - 2014-11-21 06:04 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2016-10-12 12:04 - 2015-02-10 12:43 - 00000000 ____D C:\Windows\system32\MRT 2016-10-12 11:43 - 2015-02-10 12:43 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-10-12 11:41 - 2016-01-18 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-10-12 11:23 - 2015-02-06 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-10-11 11:43 - 2015-07-06 12:54 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-10-11 11:43 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-10-11 11:43 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-07 17:35 - 2016-01-05 09:35 - 00000000 ____D C:\Users\Bettina Petrik\Documents\Calibre-Bibliothek 2016-10-07 10:38 - 2016-01-28 11:56 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Roaming\vlc 2016-10-07 10:37 - 2016-01-07 10:45 - 00000000 ____D C:\Users\Bettina Petrik\AppData\Local\CrashDumps 2016-10-07 09:30 - 2015-02-23 15:09 - 00000000 ____D C:\ProgramData\Skype 2016-10-06 15:43 - 2016-08-18 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-10-06 15:41 - 2016-08-18 10:27 - 00153392 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2016-10-06 15:41 - 2016-08-18 10:27 - 00149832 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2016-10-06 12:06 - 2013-08-22 15:25 - 00000253 _____ C:\Windows\win.ini 2016-10-05 10:19 - 2016-01-04 12:19 - 00000432 _____ C:\Windows\BRWMARK.INI 2016-10-04 19:58 - 2015-06-15 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-10-04 10:28 - 2015-06-11 12:28 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-01 02:15 - 2014-11-21 13:15 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-10-01 02:15 - 2014-11-21 13:15 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-29 13:29 - 2015-07-03 10:27 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-26 09:09 - 2015-02-10 16:43 - 00000000 ____D C:\iFuB 2016-09-22 10:57 - 2014-11-21 05:35 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-22 10:57 - 2014-11-21 04:45 - 00764340 _____ C:\Windows\system32\perfh007.dat 2016-09-22 10:57 - 2014-11-21 04:45 - 00159160 _____ C:\Windows\system32\perfc007.dat 2016-09-21 09:26 - 2015-04-30 18:40 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-09-19 17:08 - 2015-02-19 14:05 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-19 09:14 - 2015-02-06 15:38 - 00000000 ____D C:\ProgramData\IObit ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-02-06 14:07 - 2016-10-17 10:00 - 0024210 _____ () C:\Users\Administrator\AppData\Roaming\Notepad2.ini Einige Dateien in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\avgnt.exe C:\Users\Administrator\AppData\Local\Temp\libeay32.dll C:\Users\Administrator\AppData\Local\Temp\msvcr120.dll C:\Users\Administrator\AppData\Local\Temp\ose00000.exe C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll C:\Users\Bettina Petrik\AppData\Local\Temp\avgnt.exe C:\Users\Bettina Petrik\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-10-10 10:03 ==================== Ende von FRST.txt ============================ Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16-10-2016 durchgeführt von Administrator (17-10-2016 10:02:22) Gestartet von C:\Users\Administrator\Desktop Windows 8.1 Pro (Update) (X64) (2015-02-06 11:53:56) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2205359317-3694346121-2510905243-500 - Administrator - Enabled) => C:\Users\Administrator Bettina Petrik (S-1-5-21-2205359317-3694346121-2510905243-1004 - Administrator - Enabled) => C:\Users\Bettina Petrik Gast (S-1-5-21-2205359317-3694346121-2510905243-501 - Limited - Disabled) Hestia (S-1-5-21-2205359317-3694346121-2510905243-1003 - Administrator - Enabled) => C:\Users\hestia Mike (S-1-5-21-2205359317-3694346121-2510905243-1002 - Administrator - Enabled) => C:\Users\Mike ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated) Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.1.0.122 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-2205359317-3694346121-2510905243-1003\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-2205359317-3694346121-2510905243-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.22.54 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden Benutzerhandbuch anzeigen (HKLM-x32\...\View User Guide) (Version: 3.60.02.0 - ) Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0400 - Brother Industries, Ltd.) ByteScout BarCode Generator 3.22.643 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Generator_is1) (Version: - Bytescout Software) calibre (HKLM-x32\...\{EEFFE01E-F594-42EE-815D-50B8A17985B7}) (Version: 2.49.0 - Kovid Goyal) calibre 64bit (HKLM\...\{DBF2A8AA-9EE9-454D-8958-F74F1FCB0789}) (Version: 2.41.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5118 - CDBurnerXP) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.) Driver Booster 3.0 (HKLM-x32\...\Driver Booster_is1) (Version: 3.0 - IObit) EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version: - SEIKO EPSON Corporation) FileZilla Client 3.17.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.17.0.1 - Tim Kosse) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.16) (Version: 9.16 - Artifex Software Inc.) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.30 - IObit) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.138 - PandoraTV) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LamedropXPd3 3.0.2 (HKLM-x32\...\LamedropXPd_0) (Version: 3.0.2 - Strange World Productions) Lexware Info Service (x32 Version: 16.00.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (HKLM-x32\...\{6FF55A3A-4E59-4CF8-9248-2EE747168B3E}) (Version: 5.01.00.0040 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (x32 Version: 22.04.00.0043 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware PDF-Export 5 (x32 Version: 5.00.01.0009 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware warenwirtschaft pro 2016 (HKLM-x32\...\{88cf1ef8-29c4-4d08-a5a1-17153f4f64b0}) (Version: 16.0.0.93 - Haufe-Lexware GmbH & Co.KG) Lexware warenwirtschaft pro 2016 (x32 Version: 16.02.00.0348 - Haufe-Lexware GmbH & Co.KG) Hidden LibreOffice 5.0.4.2 (HKLM-x32\...\{14B5DDCF-61C4-4F1E-A621-844685D60B5A}) (Version: 5.0.4.2 - The Document Foundation) MAGIX Screenshare (HKLM-x32\...\{AEDB01F3-380C-4BF8-BC8A-AB04AB9EB7D9}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Speed burnR (MSI) (HKLM-x32\...\{A9DCBD16-308D-454E-A563-191673A51D52}) (Version: 7.0.2.6 - MAGIX AG) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2205359317-3694346121-2510905243-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 49.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 de)) (Version: 49.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla) Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25 - Florian Balmer) Olympus DSS Player Standard (HKLM-x32\...\{FC2163E8-8676-4918-B7FC-F5EF4F8C022D}) (Version: 2.0.0 - OLYMPUS IMAGING CORP.) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd) Samplitude Music Studio 17 (HKLM-x32\...\MAGIX_MSI_ms17dlx) (Version: 17.0.0.0 - MAGIX AG) Samplitude Music Studio 17 (x32 Version: 17.0.0.0 - MAGIX AG) Hidden Samsung CLX-6260 Series (HKLM-x32\...\Samsung CLX-6260 Series) (Version: 1.11 (09.12.2013) - Samsung Electronics Co., Ltd.) Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.61 (10.04.2013) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.73.00(03.10.2013) - Samsung Electronics Co., Ltd.) Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.10.11 (01.07.2013) - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (x32 Version: 1.00.56.01 - Samsung Electronics Co., Ltd.) Hidden Sigil 0.8.4 (HKLM\...\Sigil_is1) (Version: - John Schember) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer) TeamViewer 8 Host (HKLM-x32\...\TeamViewer 8 Host) (Version: 8.0.44109 - TeamViewer) Topaz Clean 3 (64-bit) (HKLM\...\{FA85C599-2569-4C48-9AA6-2B8D8F029FA7}) (Version: 3.0.1 - Topaz Labs) Topaz Clean 3 (HKLM-x32\...\{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}) (Version: 3.0.1 - Topaz Labs) Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version: - Microsoft) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) XnViewMP 0.78 (HKLM\...\XnViewMP_is1) (Version: 0.78 - Gougelet Pierre-e) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {112AA8D2-4373-4F3E-9B64-FC0E2C7C0AF3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {2D0833B5-6624-48D7-AF2F-BCD9B989BB3A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {387DDB5A-C810-4634-8645-F51C704A86EF} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-09-24] (IObit) Task: {4FFD2E01-A38C-439C-91B0-1088D28F8833} - System32\Tasks\Uninstaller_SkipUac_Hestia => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-02] (IObit) Task: {707CEF69-5484-4727-9B33-92B211B979C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd) Task: {801C7D1F-013C-4BBC-BAC3-3ECF887416B7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-17] (Google Inc.) Task: {80CBD3F2-85AA-4E3A-967A-AC4B7FD891D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {99DA58EF-A018-4143-978F-64230B66285D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-17] (Google Inc.) Task: {A2436F51-48BA-4A15-9085-09FF83DCF84C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2205359317-3694346121-2510905243-1002 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe Task: {CC07A2F2-5CC9-48C9-A656-9AAFED1DC265} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-11] (Adobe Systems Incorporated) Task: {CC9F60EB-BB23-41F7-8C8A-EE7EC9BAAF87} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {DBC49CD5-00AF-4132-A042-5555709F20B5} - System32\Tasks\Driver Booster SkipUAC (Hestia) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-10-08] (IObit) Task: {E03CD020-D88E-4A0A-8C5C-79DEA73FF926} - System32\Tasks\AdobeAAMUpdater-1.0-macs1-pc-Hestia => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated) Task: {E1ED2A5E-1157-4025-8421-7A5A20DA7497} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-10-12] (Microsoft Corporation) Task: {EEF68766-9576-4C0D-B094-5A694C0AF721} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-02] (IObit) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Uninstaller_SkipUac_Hestia.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-06-15 14:48 - 2012-06-21 07:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll 2016-01-12 13:47 - 2012-01-10 06:15 - 00034304 _____ () C:\Windows\System32\ssy3clm.dll 2016-05-09 09:22 - 2016-05-09 09:22 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2015-09-11 20:02 - 2015-09-11 20:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2015-02-06 15:37 - 2015-02-06 15:37 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [157] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-2205359317-3694346121-2510905243-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-2205359317-3694346121-2510905243-1003\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-2205359317-3694346121-2510905243-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-2205359317-3694346121-2510905243-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Bettina Petrik\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp HKU\S-1-5-21-2205359317-3694346121-2510905243-500\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-2205359317-3694346121-2510905243-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == HKLM\...\StartupApproved\Run32: => "ISUSPM" HKLM\...\StartupApproved\Run32: => "DNS7reminder" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-2205359317-3694346121-2510905243-1002\...\StartupApproved\Run: => "ISUSPM" HKU\S-1-5-21-2205359317-3694346121-2510905243-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "ISUSPM" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{9FDE90AF-5F30-46AC-895A-71733C1DE101}] => (Allow) LPort=51001 FirewallRules: [{C02A3233-2AE0-451A-B719-4ABC95C449AB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{B733F22E-7FFF-46B2-A987-FDB38E6DA102}] => (Allow) LPort=2869 FirewallRules: [{840CFD59-9882-47F1-BF26-C25BBDB7011F}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{60196EAF-C6FD-428B-B11E-D5DE6BAAED28}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{ACA2A19C-2D2B-46F5-82B3-D03BD73D346C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{0BB31E3A-0261-4A74-945F-5AD175BCFB5A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{FC3C9C51-A0AD-49AF-B620-9B9930779102}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{58640613-D557-4547-9120-9D68177430DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4ED59AF3-7CDB-4584-8834-3A4FA22CC196}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3A9BCD86-CA98-4870-94AE-138AFA27140A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6BF329C6-0705-42C6-B240-AAD1F39231BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F119AAAA-C206-463E-A970-9ADA27B9703C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{47D1B63D-649B-409A-9FF4-CE890B8C3526}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{2FE323EB-777A-4CAD-B3FE-E3BF30FFDAFC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{2307BF92-CB9C-4700-92D7-F9AC0714A53D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{46D9559C-3535-41DA-9A64-CD02B40E5A1E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{F9F53FF3-BD89-44E3-9880-B03DD618A5A1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{3F7EC46B-1530-4485-8629-AB245A07B525}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{E714DA8F-AB29-4320-B20F-DE02C751ABDB}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{C9040B1E-233D-47F5-8B64-4408CFE056BB}] => (Allow) C:\Windows\twain_32\Samsung\CLX6260\SCNSearch\USDAgent.exe FirewallRules: [{1EB8E5DF-0075-464F-9539-2F69C1CDD992}] => (Allow) C:\Windows\twain_32\Samsung\CLX6260\SCNSearch\USDAgent.exe FirewallRules: [{F10DC833-625C-440B-9F09-2930A4AA109A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{1CD84411-3A76-47E0-947E-24C3A2C69CC5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{D9B4E54E-C03B-4320-B28C-4FA623990D03}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\TranscriptionModule.exe FirewallRules: [{5F6448B5-6846-4E2E-ADE1-195C796437C6}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\TranscriptionModule.exe FirewallRules: [{428428B6-B4E0-4C8A-9B10-D2EE25F4E755}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\TranscriptionModule.exe FirewallRules: [{B58E18C5-0882-4F07-A160-31B18ED0C5F2}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\TranscriptionModule.exe FirewallRules: [{7BB1CAF4-E49B-48B4-9AC9-4A405E0BE2CA}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\UpdateManager.exe FirewallRules: [{8D129AFC-EFD9-4A79-9B35-C903CD2DB54D}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerStandard\UpdateManager.exe FirewallRules: [{84D39C11-74D2-4E0F-9A7A-C088F7448E81}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{27A9F4A3-B778-4FEA-84C1-1E4686B8A73B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{29EFD480-8307-41E6-BC63-680FBC8C96A9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{C74C296B-9AB0-41FA-818F-9771E5300BD0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{8BC456B7-C94E-47F2-88EA-CD8A9A5EC424}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{00689724-76F6-43A8-AA40-8DBA536213ED}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{8BAE0708-7C80-4693-9606-36CA1FB12A9C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{0B65D7BF-6ABD-4A2A-AE4E-DE17C71A449C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{998AA831-39E7-426A-921D-D3E0C61E8FC2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{CC388AFF-2ACD-4C17-B320-F5893AFB7A23}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{B33B1C65-46E2-4F44-BBFD-962E181815E0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{E976CC59-2C66-4FB3-9A51-1539DF6E428D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [TCP Query User{0F9FB39F-E9B9-411F-AB4B-AF937FF2C46B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{D3C2E146-BD7A-47D5-BBAF-CB3AE24AA53D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{33851204-C1CB-4F36-B7D6-FD36492AD1A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wiederherstellungspunkte ========================= 28-09-2016 15:46:53 Geplanter Prüfpunkt 06-10-2016 10:50:35 Geplanter Prüfpunkt 12-10-2016 11:13:35 Windows Update 17-10-2016 08:39:26 Revo Uninstaller's restore point - SecurityUtility ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Serieller PCI-Anschluss Description: Serieller PCI-Anschluss Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (10/17/2016 08:39:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (10/17/2016 08:39:25 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {6ff29723-6a53-4783-b418-ea9b25be398e} Error: (10/17/2016 08:35:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BETTINA-PC) Description: Bei der Aktivierung der App „Microsoft.Reader_6.4.9926.18471_x64__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (10/13/2016 08:56:21 AM) (Source: MsiInstaller) (EventID: 1023) (User: BETTINA-PC) Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "Adobe Acrobat Reader DC (15.020.20039)" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Users\ADMINI~1\AppData\Local\Temp\MSI5b0ad.LOG enthalten. Error: (10/13/2016 08:56:21 AM) (Source: MsiInstaller) (EventID: 11719) (User: BETTINA-PC) Description: Produkt: Adobe Acrobat Reader DC - Deutsch -- Fehler 1719. Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled. Error: (10/12/2016 11:14:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (10/12/2016 11:13:37 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2205359317-3694346121-2510905243-500.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {f4025367-433a-41a5-ba53-f8f689a63179} Error: (10/10/2016 09:25:56 AM) (Source: Avira Service Host) (EventID: 0) (User: ) Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ArgumentException: userSid bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(String userSid, String serviceIdentifier) bei Avira.OE.BrowserExtensionConnector.BrowserExtensionConnector.InitializeMonitors(Session userSession) bei Avira.OE.BrowserExtensionConnector.BrowserExtensionConnector.OnApplicationDictionaryChanged(Object sender, DesktopApplicationDictionaryChangedEventArgs e) bei System.EventHandler`1.Invoke(Object sender, TEventArgs e) bei Avira.OE.WinCore.EventHandlerExtensions.SafeInvoke[T](EventHandler`1 eventHandler, Object sender, T eventArgs) bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid) bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason) bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(Object sender, SessionChangeEventArgs args) bei Avira.OE.WinCore.EventHandlerExtensions.SafeInvoke[T](EventHandler`1 eventHandler, Object sender, T eventArgs) b... Error: (10/07/2016 10:37:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.2.1.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: libqt4_plugin.dll, Version: 2.2.1.0, Zeitstempel: 0xa2d0a2c0 Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000076310b ID des fehlerhaften Prozesses: 0x1050 Startzeit der fehlerhaften Anwendung: 0x01d22075e2bb3b9b Pfad der fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls: C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll Berichtskennung: 50764091-8c69-11e6-82af-001fd04626b9 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (10/06/2016 10:50:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Systemfehler: ============= Error: (10/17/2016 08:51:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst konnte wegen einer fehlerhaften Anmeldung nicht gestartet werden. Error: (10/17/2016 08:51:47 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "TrustedInstaller" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: Die Anforderung wird nicht unterstützt. Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (10/17/2016 08:50:16 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: Es wird bereits eine Instanz des Dienstes ausgeführt. Error: (10/17/2016 08:49:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (10/17/2016 08:49:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (10/17/2016 08:49:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Lexware Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (10/17/2016 08:49:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Dragon Logger service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (10/17/2016 08:49:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Samsung Network Fax Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (10/17/2016 08:49:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (10/17/2016 08:49:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Dragon Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. CodeIntegrity: =================================== Date: 2016-08-18 05:09:04.059 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:03.793 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:03.528 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:03.262 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:03.012 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:02.747 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:02.481 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:02.224 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:01.943 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-18 05:09:01.117 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Prozentuale Nutzung des RAM: 44% Installierter physikalischer RAM: 3327.23 MB Verfügbarer physikalischer RAM: 1852.16 MB Summe virtueller Speicher: 5503.23 MB Verfügbarer virtueller Speicher: 3693.91 MB ==================== Laufwerke ================================ Drive c: (Disk-C) (Fixed) (Total:297.75 GB) (Free:172.63 GB) NTFS Drive p: () (Network) (Total:923.76 GB) (Free:368.61 GB) Drive s: () (Network) (Total:923.76 GB) (Free:368.61 GB) ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: EF5F568E) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================
__________________ Mit freundlichen Grüßen Ralf Pappers |
17.10.2016, 18:30 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Photo.scr mit Trojaner Jetzt bitte Suchscan durchführen: Schritt 1 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
18.10.2016, 09:24 | #13 |
| Photo.scr mit Trojaner Und hier das Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=de8d2fb7462c9146b351d30a6d5613f6 # end=init # utc_time=2016-10-18 06:26:22 # local_time=2016-10-18 08:26:22 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=de8d2fb7462c9146b351d30a6d5613f6 # end=init # utc_time=2016-10-18 06:26:45 # local_time=2016-10-18 08:26:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 31093 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=de8d2fb7462c9146b351d30a6d5613f6 # end=updated # utc_time=2016-10-18 06:30:50 # local_time=2016-10-18 08:30:50 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=de8d2fb7462c9146b351d30a6d5613f6 # engine=31093 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2016-10-18 08:14:46 # local_time=2016-10-18 10:14:46 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Avira Antivirus' # compatibility_mode=1815 16777213 100 96 34814 7926703 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 5312889 40568056 0 0 # scanned=360391 # found=0 # cleaned=0 # scan_time=6234
__________________ Mit freundlichen Grüßen Ralf Pappers |
18.10.2016, 16:58 | #14 |
/// TB-Ausbilder /// Anleitungs-Guru | Photo.scr mit Trojaner Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
19.10.2016, 07:27 | #15 |
| Photo.scr mit Trojaner Hallo deeprybka, der Trojaner auf unserer NAS ist immer wieder mal da. Und eben immer, sobald die Kollegin von diesem Rechner aus darauf zugreift. Kann man die NAS auch irgendwie scannen, außer mit einem normalen Virenscanner?
__________________ Mit freundlichen Grüßen Ralf Pappers |
Themen zu Photo.scr mit Trojaner |
andere, arbeitet, avira, dateien, einiger, erscheine, hallo zusammen, laufen, melde, meldet, namen, netzwerk, nichts, rechner, sauber, scan, scannen, scanner, troja, trojaner, verschiedene, virenscan, virenscanner, weiterhelfen, zusammen |